Stop using root in testing containers

It now creates and leverages xtesting as main user.

Change-Id: I5b871ac2729a875674514aab75ae079e1bf125f5
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>

diff --git a/docker/benchmarking/Dockerfile b/docker/benchmarking/Dockerfile
index 4bc06ef..d958b56 100644 (file)
--- a/docker/benchmarking/Dockerfile
+++ b/docker/benchmarking/Dockerfile
@@ -3,6 +3,7 @@ FROM opnfv/functest-kubernetes-smoke
 ARG NETPERF_TAG=master
 ARG PLOTPERF_TAG=master
 
+USER root
 COPY plotperf.py.patch /tmp/plotperf.py.patch
 RUN apk --no-cache add --update py3-matplotlib && \
     apk --no-cache add --virtual .build-deps --update patch go && \
@@ -16,5 +17,6 @@ RUN apk --no-cache add --update py3-matplotlib && \
         mv plotperf.py plotperf && chmod a+x plotperf) && \
     rm -rf perf-tests /tmp/plotperf.py.patch && \
     apk del .build-deps
+USER xtesting
 COPY testcases.yaml /etc/xtesting/testcases.yaml
 CMD ["run_tests", "-t", "all"]

diff --git a/docker/cnf/Dockerfile b/docker/cnf/Dockerfile
index 690313d..37cb469 100644 (file)
--- a/docker/cnf/Dockerfile
+++ b/docker/cnf/Dockerfile
@@ -3,6 +3,7 @@ FROM opnfv/functest-kubernetes-core
 ARG CNF_TESTSUITE_TAG=v0.34.0
 ARG HELM_TAG=v3.3.1
 
+USER root
 RUN apk --no-cache add --update wget curl libc6-compat ncurses && \
     tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest.txt)  && \
     case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \
@@ -28,5 +29,6 @@ RUN apk --no-cache add --update wget curl libc6-compat ncurses && \
         ln -s /src/cnf-testsuite/points-all.yml /src/cnf-testsuite/points.yml && \
         ln -s /usr/local/bin/cnf-testsuite /src/cnf-testsuite/cnf-testsuite && \
         rm -rf /src/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz /src/cnf-testsuite/.git ;; esac
+USER xtesting
 COPY testcases.yaml /etc/xtesting/testcases.yaml
 CMD ["run_tests", "-t", "all"]

diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile
index 9f1e489..eefc0da 100644 (file)
--- a/docker/core/Dockerfile
+++ b/docker/core/Dockerfile
@@ -40,7 +40,10 @@ RUN apk -U upgrade && \
     printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \
     mkdir -p /var/lib/rally/database && rally db create && \
     rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \
+    addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \
+    mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting && \
     apk del .build-deps
+USER xtesting
 COPY logging.ini /etc/xtesting/logging.ini
 COPY logging.debug.ini /etc/xtesting/logging.debug.ini
 CMD ["run_tests", "-t", "all"]

diff --git a/docker/healthcheck/Dockerfile b/docker/healthcheck/Dockerfile
index 0100d70..13ffe44 100644 (file)
--- a/docker/healthcheck/Dockerfile
+++ b/docker/healthcheck/Dockerfile
@@ -1,5 +1,6 @@
 FROM opnfv/functest-kubernetes-core
 
+USER root
 RUN apk --no-cache add --update curl libc6-compat && \
     tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest.txt)  && \
     case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \
@@ -11,5 +12,6 @@ RUN apk --no-cache add --update curl libc6-compat && \
     mv /src/kubernetes/test/bin/e2e.test /src/kubernetes/test/bin/ginkgo /usr/local/bin/ && \
     chmod +x /usr/local/bin/kubectl /usr/local/bin/e2e.test /usr/local/bin/ginkgo && \
     rm -r /src/kubernetes /src/kubernetes-test-linux-$arch.tar.gz
+USER xtesting
 COPY testcases.yaml /etc/xtesting/testcases.yaml
 CMD ["run_tests", "-t", "all"]