From 1d60f8a7aa87ff4fdc5a7ecd1d8c343f24ee4924 Mon Sep 17 00:00:00 2001 From: AydarZaynutdinov Date: Sun, 13 Feb 2022 19:11:20 +0300 Subject: [PATCH 1/3] [BEAM-13932][Playground] Change Dockerfiles --- playground/backend/containers/go/Dockerfile | 8 +++++--- playground/backend/containers/java/Dockerfile | 7 +++++-- playground/backend/containers/python/Dockerfile | 7 +++++-- playground/backend/containers/scio/Dockerfile | 7 +++++-- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/playground/backend/containers/go/Dockerfile b/playground/backend/containers/go/Dockerfile index 8d71737b4df7..1a541b61bee2 100644 --- a/playground/backend/containers/go/Dockerfile +++ b/playground/backend/containers/go/Dockerfile @@ -76,9 +76,11 @@ RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ && useradd --uid 20000 --gid appgroup --shell /bin/bash --create-home appuser -# Chown all the files to the app user. -RUN chown -R appuser:appgroup /opt/playground/backend/ && chown -R appuser:appgroup /opt/playground/prepared_folder/ \ - && chmod +x /entrypoint.sh + +RUN mkdir -p /opt/playground/backend/executable_files/ + +# Chown all the files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod +x /entrypoint.sh # Switch to appuser USER appuser diff --git a/playground/backend/containers/java/Dockerfile b/playground/backend/containers/java/Dockerfile index 334fdb28eccd..e749c7b3108d 100644 --- a/playground/backend/containers/java/Dockerfile +++ b/playground/backend/containers/java/Dockerfile @@ -94,8 +94,11 @@ RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ && useradd --uid 20000 --gid appgroup --shell /bin/bash --create-home appuser -# Chown all the files to the app user. -RUN chown -R appuser:appgroup /opt/playground/backend/ && chown -R appuser:appgroup /opt/apache/beam/jars/ \ + +RUN mkdir -p /opt/playground/backend/executable_files/ + +# Chown all the files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod -R 775 /opt/apache/beam/jars/ \ && chmod +x /entrypoint.sh # Switch to appuser diff --git a/playground/backend/containers/python/Dockerfile b/playground/backend/containers/python/Dockerfile index aac53bb5de67..a301ff2bca71 100644 --- a/playground/backend/containers/python/Dockerfile +++ b/playground/backend/containers/python/Dockerfile @@ -70,8 +70,11 @@ RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ && useradd --uid 20000 --gid appgroup --shell /bin/bash --create-home appuser -# Chown all the files to the app user. -RUN chown -R appuser:appgroup /opt/playground/backend/ && chmod +x /entrypoint.sh + +RUN mkdir -p /opt/playground/backend/executable_files/ + +# Chown all the files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod +x /entrypoint.sh # Switch to appuser USER appuser diff --git a/playground/backend/containers/scio/Dockerfile b/playground/backend/containers/scio/Dockerfile index fb54f1899ede..a64b4bcb9f4b 100644 --- a/playground/backend/containers/scio/Dockerfile +++ b/playground/backend/containers/scio/Dockerfile @@ -73,8 +73,11 @@ RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ && useradd --uid 20000 --gid appgroup --shell /bin/bash --create-home appuser -# Chown all the files to the app user. -RUN chown -R appuser:appgroup /opt/playground/backend/ && chmod +x /entrypoint.sh + +RUN mkdir -p /opt/playground/backend/executable_files/ + +# Chown all the files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod +x /entrypoint.sh # Switch to appuser USER appuser From bc53c0ceec586974e28f231b1df0dea6de4f06d2 Mon Sep 17 00:00:00 2001 From: AydarZaynutdinov Date: Wed, 16 Feb 2022 09:36:47 +0300 Subject: [PATCH 2/3] [BEAM-13932][Playground] Update proxy and permissions for the container's user --- playground/backend/containers/go/Dockerfile | 8 +++--- playground/backend/containers/go/build.gradle | 4 --- .../backend/containers/go/entrypoint.sh | 9 +++++++ playground/backend/containers/go/proxy.sh | 24 ------------------ playground/backend/containers/java/Dockerfile | 8 +++--- .../backend/containers/java/build.gradle | 4 --- .../backend/containers/java/entrypoint.sh | 9 +++++++ playground/backend/containers/java/proxy.sh | 24 ------------------ .../backend/containers/python/Dockerfile | 9 +++---- .../backend/containers/python/build.gradle | 4 --- .../backend/containers/python/entrypoint.sh | 10 ++++++++ playground/backend/containers/python/proxy.sh | 25 ------------------- playground/backend/containers/scio/Dockerfile | 8 +++--- .../backend/containers/scio/build.gradle | 4 --- .../backend/containers/scio/entrypoint.sh | 9 +++++++ playground/backend/containers/scio/proxy.sh | 24 ------------------ playground/infrastructure/proxy/allow_list.py | 1 + .../infrastructure/proxy/allow_list_proxy.py | 6 +++-- 18 files changed, 55 insertions(+), 135 deletions(-) delete mode 100644 playground/backend/containers/go/proxy.sh delete mode 100644 playground/backend/containers/java/proxy.sh delete mode 100644 playground/backend/containers/python/proxy.sh delete mode 100644 playground/backend/containers/scio/proxy.sh diff --git a/playground/backend/containers/go/Dockerfile b/playground/backend/containers/go/Dockerfile index 1a541b61bee2..b370abd1eb36 100644 --- a/playground/backend/containers/go/Dockerfile +++ b/playground/backend/containers/go/Dockerfile @@ -69,9 +69,6 @@ ENV HTTP_PROXY="http://127.0.0.1:8081" ENV HTTPS_PROXY="http://127.0.0.1:8081" COPY entrypoint.sh / -COPY proxy.sh / -# Run proxy -RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ @@ -79,8 +76,9 @@ RUN groupadd --gid 20000 appgroup \ RUN mkdir -p /opt/playground/backend/executable_files/ -# Chown all the files to the `appuser`. -RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod +x /entrypoint.sh +# Chown all required files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ \ + && chmod -R 777 /usr/local/share/ca-certificates/extra/ && chmod -R 777 /etc/ssl/certs && chmod +x /entrypoint.sh # Switch to appuser USER appuser diff --git a/playground/backend/containers/go/build.gradle b/playground/backend/containers/go/build.gradle index c175fd7e4ee6..0fc3a6bf40e3 100644 --- a/playground/backend/containers/go/build.gradle +++ b/playground/backend/containers/go/build.gradle @@ -43,10 +43,6 @@ task copyDockerfileDependencies(type: Copy) { from 'entrypoint.sh' into 'build/' } - copy { - from 'proxy.sh' - into 'build/' - } copy { from '../../../infrastructure/proxy/allow_list.py' into 'build/' diff --git a/playground/backend/containers/go/entrypoint.sh b/playground/backend/containers/go/entrypoint.sh index 988302c2a714..63d77a6fef04 100755 --- a/playground/backend/containers/go/entrypoint.sh +++ b/playground/backend/containers/go/entrypoint.sh @@ -14,4 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & +while [ ! -f /home/appuser/.mitmproxy/mitmproxy-ca.pem ] ; +do + sleep 2 +done +openssl x509 -in /home/appuser/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /home/appuser/.mitmproxy/mitmproxy-ca.crt +cp /home/appuser/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ +update-ca-certificates + /opt/playground/backend/server_go_backend diff --git a/playground/backend/containers/go/proxy.sh b/playground/backend/containers/go/proxy.sh deleted file mode 100644 index 73a0bfb33ffd..000000000000 --- a/playground/backend/containers/go/proxy.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & -while [ ! -f /root/.mitmproxy/mitmproxy-ca.pem ] ; -do - sleep 2 -done -openssl x509 -in /root/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /root/.mitmproxy/mitmproxy-ca.crt -cp /root/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ -update-ca-certificates diff --git a/playground/backend/containers/java/Dockerfile b/playground/backend/containers/java/Dockerfile index e749c7b3108d..c22f242b5b2d 100644 --- a/playground/backend/containers/java/Dockerfile +++ b/playground/backend/containers/java/Dockerfile @@ -87,9 +87,6 @@ ENV HTTP_PROXY="http://127.0.0.1:8081" ENV HTTPS_PROXY="http://127.0.0.1:8081" COPY entrypoint.sh / -COPY proxy.sh / -# Run proxy -RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ @@ -97,9 +94,10 @@ RUN groupadd --gid 20000 appgroup \ RUN mkdir -p /opt/playground/backend/executable_files/ -# Chown all the files to the `appuser`. +# Chown all required files to the `appuser`. RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod -R 775 /opt/apache/beam/jars/ \ - && chmod +x /entrypoint.sh + && chmod -R 777 /usr/local/share/ca-certificates/extra/ && chmod -R 777 /usr/local/openjdk-8/jre/lib/security/ \ + && chmod -R 777 /etc/ssl/certs && chmod +x /entrypoint.sh # Switch to appuser USER appuser diff --git a/playground/backend/containers/java/build.gradle b/playground/backend/containers/java/build.gradle index 5d449a000e98..9d1e22c56f0e 100644 --- a/playground/backend/containers/java/build.gradle +++ b/playground/backend/containers/java/build.gradle @@ -43,10 +43,6 @@ task copyDockerfileDependencies(type: Copy) { from 'entrypoint.sh' into 'build/' } - copy { - from 'proxy.sh' - into 'build/' - } copy { from '../../../infrastructure/proxy/allow_list.py' into 'build/' diff --git a/playground/backend/containers/java/entrypoint.sh b/playground/backend/containers/java/entrypoint.sh index 146281d06400..87305f61055a 100755 --- a/playground/backend/containers/java/entrypoint.sh +++ b/playground/backend/containers/java/entrypoint.sh @@ -14,4 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & +while [ ! -f /home/appuser/.mitmproxy/mitmproxy-ca.pem ] ; +do + sleep 2 +done +openssl x509 -in /home/appuser/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /home/appuser/.mitmproxy/mitmproxy-ca.crt +cp /home/appuser/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ +update-ca-certificates + /opt/playground/backend/server_java_backend diff --git a/playground/backend/containers/java/proxy.sh b/playground/backend/containers/java/proxy.sh deleted file mode 100644 index 73a0bfb33ffd..000000000000 --- a/playground/backend/containers/java/proxy.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & -while [ ! -f /root/.mitmproxy/mitmproxy-ca.pem ] ; -do - sleep 2 -done -openssl x509 -in /root/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /root/.mitmproxy/mitmproxy-ca.crt -cp /root/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ -update-ca-certificates diff --git a/playground/backend/containers/python/Dockerfile b/playground/backend/containers/python/Dockerfile index a301ff2bca71..e428d6a9dca3 100644 --- a/playground/backend/containers/python/Dockerfile +++ b/playground/backend/containers/python/Dockerfile @@ -63,9 +63,6 @@ ENV HTTP_PROXY="http://127.0.0.1:8081" ENV HTTPS_PROXY="http://127.0.0.1:8081" COPY entrypoint.sh / -COPY proxy.sh / -# Run proxy -RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ @@ -73,8 +70,10 @@ RUN groupadd --gid 20000 appgroup \ RUN mkdir -p /opt/playground/backend/executable_files/ -# Chown all the files to the `appuser`. -RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod +x /entrypoint.sh +# Chown all required files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ \ + && chmod 777 /usr/local/lib/python3.7/site-packages/certifi/cacert.pem \ + && chmod -R 777 /usr/local/share/ca-certificates/extra/ && chmod -R 777 /etc/ssl/certs && chmod +x /entrypoint.sh # Switch to appuser USER appuser diff --git a/playground/backend/containers/python/build.gradle b/playground/backend/containers/python/build.gradle index 9378eabdcce2..6fa49a311624 100644 --- a/playground/backend/containers/python/build.gradle +++ b/playground/backend/containers/python/build.gradle @@ -43,10 +43,6 @@ task copyDockerfileDependencies(type: Copy) { from 'entrypoint.sh' into 'build/' } - copy { - from 'proxy.sh' - into 'build/' - } copy { from '../../../infrastructure/proxy/allow_list.py' into 'build/' diff --git a/playground/backend/containers/python/entrypoint.sh b/playground/backend/containers/python/entrypoint.sh index b8cfeb467cbf..56768c356295 100755 --- a/playground/backend/containers/python/entrypoint.sh +++ b/playground/backend/containers/python/entrypoint.sh @@ -14,4 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & +while [ ! -f /home/appuser/.mitmproxy/mitmproxy-ca.pem ] ; +do + sleep 2 +done +openssl x509 -in /home/appuser/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /home/appuser/.mitmproxy/mitmproxy-ca.crt +cp /home/appuser/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ +update-ca-certificates +cat /home/appuser/.mitmproxy/mitmproxy-ca.pem >> /usr/local/lib/python3.7/site-packages/certifi/cacert.pem + /opt/playground/backend/server_python_backend diff --git a/playground/backend/containers/python/proxy.sh b/playground/backend/containers/python/proxy.sh deleted file mode 100644 index 36ba22848242..000000000000 --- a/playground/backend/containers/python/proxy.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & -while [ ! -f /root/.mitmproxy/mitmproxy-ca.pem ] ; -do - sleep 2 -done -openssl x509 -in /root/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /root/.mitmproxy/mitmproxy-ca.crt -cp /root/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ -update-ca-certificates -cat /root/.mitmproxy/mitmproxy-ca.pem >> /usr/local/lib/python3.7/site-packages/certifi/cacert.pem diff --git a/playground/backend/containers/scio/Dockerfile b/playground/backend/containers/scio/Dockerfile index a64b4bcb9f4b..c21a97854d6c 100644 --- a/playground/backend/containers/scio/Dockerfile +++ b/playground/backend/containers/scio/Dockerfile @@ -66,9 +66,6 @@ ENV HTTP_PROXY="http://127.0.0.1:8081" ENV HTTPS_PROXY="http://127.0.0.1:8081" COPY entrypoint.sh / -COPY proxy.sh / -# Run proxy -RUN sh /proxy.sh # Create a user group `appgroup` and a user `appuser` RUN groupadd --gid 20000 appgroup \ @@ -76,8 +73,9 @@ RUN groupadd --gid 20000 appgroup \ RUN mkdir -p /opt/playground/backend/executable_files/ -# Chown all the files to the `appuser`. -RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ && chmod +x /entrypoint.sh +# Chown all required files to the `appuser`. +RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ \ + && chmod -R 777 /usr/local/share/ca-certificates/extra/ && chmod -R 777 /etc/ssl/certs && chmod +x /entrypoint.sh # Switch to appuser USER appuser diff --git a/playground/backend/containers/scio/build.gradle b/playground/backend/containers/scio/build.gradle index 011705990bd6..8b96f045ac99 100644 --- a/playground/backend/containers/scio/build.gradle +++ b/playground/backend/containers/scio/build.gradle @@ -43,10 +43,6 @@ task copyDockerfileDependencies(type: Copy) { from 'entrypoint.sh' into 'build/' } - copy { - from 'proxy.sh' - into 'build/' - } copy { from '../../../infrastructure/proxy/allow_list.py' into 'build/' diff --git a/playground/backend/containers/scio/entrypoint.sh b/playground/backend/containers/scio/entrypoint.sh index fd2ef3d618e6..b3e6d55ae507 100755 --- a/playground/backend/containers/scio/entrypoint.sh +++ b/playground/backend/containers/scio/entrypoint.sh @@ -14,4 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. +nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & +while [ ! -f /home/appuser/.mitmproxy/mitmproxy-ca.pem ] ; +do + sleep 2 +done +openssl x509 -in /home/appuser/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /home/appuser/.mitmproxy/mitmproxy-ca.crt +cp /home/appuser/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ +update-ca-certificates + /opt/playground/backend/server_scio_backend diff --git a/playground/backend/containers/scio/proxy.sh b/playground/backend/containers/scio/proxy.sh deleted file mode 100644 index 73a0bfb33ffd..000000000000 --- a/playground/backend/containers/scio/proxy.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -nohup /opt/mitmproxy/mitmdump -s /opt/mitmproxy/allow_list_proxy.py -p 8081 & -while [ ! -f /root/.mitmproxy/mitmproxy-ca.pem ] ; -do - sleep 2 -done -openssl x509 -in /root/.mitmproxy/mitmproxy-ca.pem -inform PEM -out /root/.mitmproxy/mitmproxy-ca.crt -cp /root/.mitmproxy/mitmproxy-ca.crt /usr/local/share/ca-certificates/extra/ -update-ca-certificates diff --git a/playground/infrastructure/proxy/allow_list.py b/playground/infrastructure/proxy/allow_list.py index 002dc41b1468..d5261a2e60cf 100644 --- a/playground/infrastructure/proxy/allow_list.py +++ b/playground/infrastructure/proxy/allow_list.py @@ -27,4 +27,5 @@ "dataflow-samples", "beam-samples", "apache-beam-samples", + "playground-precompiled-objects", ] diff --git a/playground/infrastructure/proxy/allow_list_proxy.py b/playground/infrastructure/proxy/allow_list_proxy.py index ee04bc35014b..5e71fea54d5c 100644 --- a/playground/infrastructure/proxy/allow_list_proxy.py +++ b/playground/infrastructure/proxy/allow_list_proxy.py @@ -21,10 +21,12 @@ def request(flow: http.HTTPFlow) -> None: allowed_bucket = flow.request.pretty_host == GCS_HOST and \ - flow.request.path.split("/")[1] in ALLOWED_BUCKET_LIST + (flow.request.path.split("/")[1] in ALLOWED_BUCKET_LIST or \ + flow.request.path.split("/")[4] in ALLOWED_BUCKET_LIST) allowed_host = flow.request.pretty_host in ALLOWED_LIST if not (allowed_bucket or allowed_host): flow.response = http.Response.make( status_code=403, content="Making requests to the hosts that are not listed " - "in the allowed list is forbidden.") + "in the allowed list is forbidden. " + "host:" + flow.request.pretty_host + ", path: " + flow.request.path) From 07b65b8037d506abe2a305c785b822917844514f Mon Sep 17 00:00:00 2001 From: AydarZaynutdinov Date: Wed, 16 Feb 2022 11:46:54 +0300 Subject: [PATCH 3/3] [BEAM-13932][Playground] Update permissions for the container's user for scio --- playground/backend/containers/scio/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/playground/backend/containers/scio/Dockerfile b/playground/backend/containers/scio/Dockerfile index c21a97854d6c..c1461583bc57 100644 --- a/playground/backend/containers/scio/Dockerfile +++ b/playground/backend/containers/scio/Dockerfile @@ -75,7 +75,8 @@ RUN mkdir -p /opt/playground/backend/executable_files/ # Chown all required files to the `appuser`. RUN chown -R appuser:appgroup /opt/playground/backend/executable_files/ \ - && chmod -R 777 /usr/local/share/ca-certificates/extra/ && chmod -R 777 /etc/ssl/certs && chmod +x /entrypoint.sh + && chmod -R 777 /usr/local/share/ca-certificates/extra/ && chmod -R 777 /usr/local/openjdk-8/jre/lib/security/ \ + && chmod -R 777 /etc/ssl/certs && chmod +x /entrypoint.sh # Switch to appuser USER appuser