refactor: Rework entry point scripts to run 'listenTcp' command as no…

…n-root (#3292) * refactor: Rework entry point scripts to run 'listenTcp' command as non-root closes #3221 Signed-off-by: lenny <[email protected]>
edgexfoundry · Mar 24, 2021 · 5dc7e56 · 5dc7e56
1 parent 18e95d4
commit 5dc7e56
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh
@@ -111,7 +111,7 @@ else
 fi
 
 # Signal that Consul is ready for services blocked waiting on Consul
-/edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
+exec su-exec consul /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
   --port="${STAGEGATE_REGISTRY_READYPORT}" --host="${STAGEGATE_REGISTRY_HOST}"
 if [ $? -ne 0 ]; then
     echo "$(date) failed to gating the consul ready port, exits"

diff --git a/cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh
@@ -93,7 +93,7 @@ done
 echo "$(date) ${STAGEGATE_KONGDB_HOST} is initialized"
 
 # Signal that Postgres is ready for services blocked waiting on Postgres
-/edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
+exec su-exec postgres /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
   --port="${STAGEGATE_KONGDB_READYPORT}" --host="${STAGEGATE_KONGDB_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the postgres ready port, exits"

diff --git a/cmd/security-secretstore-setup/Dockerfile b/cmd/security-secretstore-setup/Dockerfile
@@ -36,7 +36,7 @@ RUN make cmd/security-file-token-provider/security-file-token-provider \
 
 FROM alpine:3.12
 
-RUN apk add --update --no-cache ca-certificates dumb-init curl
+RUN apk add --update --no-cache ca-certificates dumb-init curl su-exec
 
 LABEL license='SPDX-License-Identifier: Apache-2.0' \
       copyright='Copyright (c) 2019: Dell Technologies, Inc.'

diff --git a/cmd/security-secretstore-setup/entrypoint.sh b/cmd/security-secretstore-setup/entrypoint.sh
@@ -36,7 +36,7 @@ echo "$(date) Changing ownership of secrets to ${EDGEX_USER}:${EDGEX_GROUP}"
 chown -Rh ${EDGEX_USER}:${EDGEX_GROUP} /tmp/edgex/secrets
 
 # Signal tokens ready port for other services waiting on
-/edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
+exec su-exec ${EDGEX_USER} /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
   --port="${STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT}" --host="${STAGEGATE_SECRETSTORESETUP_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the tokens ready port"