Stop using root in testing containers

It now creates and leverages xtesting as main user.

Change-Id: I5b871ac2729a875674514aab75ae079e1bf125f5
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit b1e22e37cc436451b3519a0ef7f9704b5a86f9cc)

4 files changed, 9 insertions, 0 deletions

diff --git a/docker/benchmarking/Dockerfile b/docker/benchmarking/Dockerfile
index a1ec9cc4..6c092426 100644
--- a/docker/benchmarking/Dockerfile
+++ b/docker/benchmarking/Dockerfile
@@ -3,6 +3,7 @@ FROM opnfv/functest-kubernetes-smoke:v1.24
 ARG NETPERF_TAG=1104ce23f6c1758796e88f3c23b050099074cf81
 ARG PLOTPERF_TAG=2455313f4b9581795a8f642243acaad472d91804
 
+USER root
 COPY plotperf.py.patch /tmp/plotperf.py.patch
 RUN apk --no-cache add --update py3-matplotlib && \
     apk --no-cache add --virtual .build-deps --update patch go && \
@@ -16,5 +17,6 @@ RUN apk --no-cache add --update py3-matplotlib && \
         mv plotperf.py plotperf && chmod a+x plotperf) && \
     rm -rf perf-tests /tmp/plotperf.py.patch && \
     apk del .build-deps
+USER xtesting
 COPY testcases.yaml /etc/xtesting/testcases.yaml
 CMD ["run_tests", "-t", "all"]
diff --git a/docker/cnf/Dockerfile b/docker/cnf/Dockerfile
index 46a8fb4b..205e1f9b 100644
--- a/docker/cnf/Dockerfile
+++ b/docker/cnf/Dockerfile
@@ -4,6 +4,7 @@ ARG K8S_TAG=1.24
 ARG CNF_TESTSUITE_TAG=v0.34.0
 ARG HELM_TAG=v3.3.1
 
+USER root
 RUN apk --no-cache add --update wget curl libc6-compat ncurses && \
     tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable-$K8S_TAG.txt)  && \
     case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \
@@ -29,5 +30,6 @@ RUN apk --no-cache add --update wget curl libc6-compat ncurses && \
         ln -s /src/cnf-testsuite/points-all.yml /src/cnf-testsuite/points.yml && \
         ln -s /usr/local/bin/cnf-testsuite /src/cnf-testsuite/cnf-testsuite && \
         rm -rf /src/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz /src/cnf-testsuite/.git ;; esac
+USER xtesting
 COPY testcases.yaml /etc/xtesting/testcases.yaml
 CMD ["run_tests", "-t", "all"]
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile
index 03b88b41..5bd57dcb 100644
--- a/docker/core/Dockerfile
+++ b/docker/core/Dockerfile
@@ -40,7 +40,10 @@ RUN apk -U upgrade && \
     printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \
     mkdir -p /var/lib/rally/database && rally db create && \
     rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \
+    addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \
+    mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting && \
     apk del .build-deps
+USER xtesting
 COPY logging.ini /etc/xtesting/logging.ini
 COPY logging.debug.ini /etc/xtesting/logging.debug.ini
 CMD ["run_tests", "-t", "all"]
diff --git a/docker/healthcheck/Dockerfile b/docker/healthcheck/Dockerfile
index de8381dd..736322ba 100644
--- a/docker/healthcheck/Dockerfile
+++ b/docker/healthcheck/Dockerfile
@@ -1,6 +1,7 @@
 FROM opnfv/functest-kubernetes-core:v1.24
 
 ARG K8S_TAG=1.24
+USER root
 RUN apk --no-cache add --update curl libc6-compat && \
     tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable-$K8S_TAG.txt)  && \
     case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \
@@ -12,5 +13,6 @@ RUN apk --no-cache add --update curl libc6-compat && \
     mv /src/kubernetes/test/bin/e2e.test /src/kubernetes/test/bin/ginkgo /usr/local/bin/ && \
     chmod +x /usr/local/bin/kubectl /usr/local/bin/e2e.test /usr/local/bin/ginkgo && \
     rm -r /src/kubernetes /src/kubernetes-test-linux-$arch.tar.gz
+USER xtesting
 COPY testcases.yaml /etc/xtesting/testcases.yaml
 CMD ["run_tests", "-t", "all"]