From 2a491b9896ac68314429387517d737f426f2d042 Mon Sep 17 00:00:00 2001
From: "Swapnil Kulkarni (coolsvap)" <me@coolsvap.net>
Date: Mon, 30 Nov 2015 11:35:18 +0530
Subject: [PATCH] Drop root for murano

Updates to ensure commands run in the murano containers
are done as the 'murano' user rather than root.

Change-Id: I558c46b032f11b83a9dc6b5abc158aa6d24ec0eb
Partially-Implements: blueprint drop-root
---
 docker/murano/murano-api/Dockerfile.j2    | 2 ++
 docker/murano/murano-api/extend_start.sh  | 2 +-
 docker/murano/murano-base/Dockerfile.j2   | 2 ++
 docker/murano/murano-engine/Dockerfile.j2 | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/docker/murano/murano-api/Dockerfile.j2 b/docker/murano/murano-api/Dockerfile.j2
index a64fec6b14..1074ecce8a 100644
--- a/docker/murano/murano-api/Dockerfile.j2
+++ b/docker/murano/murano-api/Dockerfile.j2
@@ -5,3 +5,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER murano
diff --git a/docker/murano/murano-api/extend_start.sh b/docker/murano/murano-api/extend_start.sh
index 4ca50b6c92..d46b2b0afb 100644
--- a/docker/murano/murano-api/extend_start.sh
+++ b/docker/murano/murano-api/extend_start.sh
@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u murano murano-db-manage --config-file /etc/murano/murano.conf upgrade
+    murano-db-manage --config-file /etc/murano/murano.conf upgrade
     exit 0
 fi
diff --git a/docker/murano/murano-base/Dockerfile.j2 b/docker/murano/murano-base/Dockerfile.j2
index 344c16ad8d..67eb6266ca 100644
--- a/docker/murano/murano-base/Dockerfile.j2
+++ b/docker/murano/murano-base/Dockerfile.j2
@@ -12,3 +12,5 @@ RUN ln -s murano-base-source/* murano \
     && chown -R murano: /etc/murano /var/log/murano /home/murano
 
 {% endif %}
+
+RUN usermod -a -G kolla murano
diff --git a/docker/murano/murano-engine/Dockerfile.j2 b/docker/murano/murano-engine/Dockerfile.j2
index 36d714e79f..4c0d9da66a 100644
--- a/docker/murano/murano-engine/Dockerfile.j2
+++ b/docker/murano/murano-engine/Dockerfile.j2
@@ -2,3 +2,5 @@ FROM {{ namespace }}/{{ image_prefix }}murano-base:{{ tag }}
 MAINTAINER {{ maintainer }}
 
 {{ include_footer }}
+
+USER murano