From 9434649e782a0b5c64ae92788678080338c1b7c3 Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Wed, 14 Sep 2022 09:57:04 -0600
Subject: [PATCH] init

---
 Dockerfile              | 107 +++++++++++-----------------------------
 hardening_manifest.yaml |  24 +--------
 2 files changed, 30 insertions(+), 101 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cf869ef..d87a336 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,109 +1,58 @@
 ARG BASE_REGISTRY=registry1.dso.mil
-ARG BASE_IMAGE=redhat/openjdk/openjdk11
-ARG BASE_TAG=1.11
+ARG BASE_IMAGE=confluentinc/cp-base-new
+ARG BASE_TAG=latest
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
+ENV CONFLUENT_VERSION=7.2.1
+
 # This affects how strings in Java class files are interpreted.  
 # We want UTF-8 and this is the only locale in the base image that supports it
 ENV LANG="C.UTF-8"
 
-# IB custom ENV vars
-ENV RPM_VERSION=7.2.1-1
-ENV IMG_TAR_VERSION =7.2.1-1
-
 USER root
 
-########################################
-## Install Python
-RUN dnf update -y --nodocs && dnf install -y --nodocs python3 openssl tar procps iputils hostname \
-    && ln -s /usr/bin/python3 /usr/bin/python \
-    && ln -s /usr/bin/pip3 /usr/bin/pip \
-    && alias python=python3 \
-    && alias pip=pip3 \
-    && alternatives --set python /usr/bin/python3
-    
-## Python Installed
-########################################
-
-########################################
-## Add the Confluent Docker Utility Belt which helps with starting the proper applications
-## https://github.com/confluentinc/common-docker/tree/master/utility-belt
-
-COPY cp-base-new_*_UsrLocalLib64.tar.gz /usr/local
-COPY cp-base-new_*_UsrLocalLib.tar.gz /usr/local
-COPY cp-base-new_*_UsrShareJavaCp-base-new.tar.gz /usr/share/java
-
-COPY confluent_docker_utils-0.0.52-py3-none-any.whl /tmp/confluent_docker_utils-0.0.52-py3-none-any.whl
-COPY *.whl /tmp/python-dependencies/
-
-## copy in the python libs and then 
-RUN cd /usr/local && tar -xvf *_UsrLocalLib64.tar.gz && rm *_UsrLocalLib64.tar.gz \
-    && tar -xvf *_UsrLocalLib.tar.gz && rm *_UsrLocalLib.tar.gz \
-    && cd /usr/share/java && tar -xvf *_UsrShareJavaCp-base-new.tar.gz && rm *_UsrShareJavaCp-base-new.tar.gz \
-    && pip3 install --no-index --prefix=/usr/local --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.52-py3-none-any.whl
-
-## dub installed
-########################################
-
-RUN mkdir -p /usr/logs /licenses \
-    && useradd --no-log-init --create-home --shell /bin/bash appuser
-
-COPY LICENSE /licenses
-
-RUN chown appuser:appuser -R /usr/logs 
-
-############ ^^^^^ Base Container Details ^^^^^ ############
-############################################################
-############ vvvvv  This Container Below  vvvvv ############
-
 # Copy required RPMs
 COPY *.rpm /tmp/
 COPY archive.key /tmp/
+COPY LICENSE /licenses
 
-########################################
-# confluentinc/kafka-replicator-images
-
+ENV COMPONENT=kafka-connect
 # allow arg override of required env params
 ARG KAFKA_ZOOKEEPER_CONNECT
 ENV KAFKA_ZOOKEEPER_CONNECT=${KAFKA_ZOOKEEPER_CONNECT}
 ARG KAFKA_ADVERTISED_LISTENERS
 ENV KAFKA_ADVERTISED_LISTENERS=${KAFKA_ADVERTISED_LISTENERS}
 
-## Operator stuff
-RUN mkdir -p /etc/confluent/ironbank
-
-## For auditing & debugging
-COPY Dockerfile /etc/confluent/ironbank/
-COPY hardening_manifest.yaml /etc/confluent/ironbank/
-
-ENV COMPONENT=kafka-connect
-ENV CONFLUENT_VERSION=7.2.1
-ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"'
-
 # primary
 EXPOSE 9092
 
 # rest
 EXPOSE 8083
 
-RUN echo "===> Installing ${COMPONENT}" \
+## For auditing & debugging
+COPY Dockerfile /etc/confluent/ironbank/
+COPY hardening_manifest.yaml /etc/confluent/ironbank/
+
+RUN echo "===> Dependency update" \
+    && dnf update -y --nodocs \
+    && echo "===> Installing ${COMPONENT}" \
     && rpm --import /tmp/archive.key \
-    && rpm -ivh --nodigest /tmp/confluent-common-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-rest-utils-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-metadata-service-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-server-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-rebalancer-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-security-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-ce-kafka-http-server-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-server-rest-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-telemetry-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-kafka-rest-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-schema-registry-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-control-center-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-control-center-fe-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-hub-client-${RPM_VERSION}.noarch.rpm \
-        /tmp/confluent-kafka-connect-replicator-${RPM_VERSION}.noarch.rpm \
+    && rpm -ivh --nodigest /tmp/confluent-common-*.noarch.rpm \
+        /tmp/confluent-rest-utils-*.noarch.rpm \
+        /tmp/confluent-metadata-service-*.noarch.rpm \
+        /tmp/confluent-server-*.noarch.rpm \
+        /tmp/confluent-rebalancer-*.noarch.rpm \
+        /tmp/confluent-security-*.noarch.rpm \
+        /tmp/confluent-ce-kafka-http-server-*.noarch.rpm \
+        /tmp/confluent-server-rest-*.noarch.rpm \
+        /tmp/confluent-telemetry-*.noarch.rpm \
+        /tmp/confluent-kafka-rest-*.noarch.rpm \
+        /tmp/confluent-schema-registry-*.noarch.rpm \
+        /tmp/confluent-control-center-*.noarch.rpm \
+        /tmp/confluent-control-center-fe-*.noarch.rpm \
+        /tmp/confluent-hub-client-*.noarch.rpm \
+        /tmp/confluent-kafka-connect-replicator-*.noarch.rpm \
     && echo "===> Clean up, Clean up" \
     && dnf clean all \
     && yum clean all \
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 3ac5682..0155895 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -12,8 +12,8 @@ tags:
   - "7.2"
 # Build args passed to Dockerfile ARGs
 args:
-  BASE_IMAGE: "redhat/openjdk/openjdk11"
-  BASE_TAG: "1.11"
+  BASE_IMAGE: "confluentinc/cp-base-new"
+  BASE_TAG: "Q2_2022"
 # Docker image labels
 labels:
   org.opencontainers.image.title: "cp-enterprise-replicator"
@@ -26,11 +26,6 @@ labels:
   mil.dso.ironbank.image.type: "commercial"
   mil.dso.ironbank.product.name: "Confluent Platform"
 resources:
-  - filename: confluent_docker_utils-0.0.52-py3-none-any.whl
-    url: https://ironbank-files.s3.amazonaws.com/confluent_docker_utils-0.0.52-py3-none-any.whl
-    validation:
-      type: sha256
-      value: 01d6a63a65311afde4dbf3da2c7d402cb1ab995cb6590dc5d43b346f6e1cdda2
   - filename: archive.key
     url: https://packages.confluent.io/rpm/7.2/archive.key
     validation:
@@ -111,21 +106,6 @@ resources:
     validation:
       type: sha256
       value: 290c4d3a827dc96cbf90d4fd4382609a5bb1862aa1055cdec425890e9ade6dd6
-  - filename: cp-base-new_7.2.1_UsrLocalLib.tar.gz
-    url: https://ironbank-files.s3.amazonaws.com/cp-base-new_7.2.1_UsrLocalLib.tar.gz
-    validation:
-      type: sha256
-      value: 6f512e71e8c75f4fb47ffdd15eaac57ad0748d237905c0e52db480baf31e657d
-  - filename: cp-base-new_7.2.1_UsrLocalLib64.tar.gz
-    url: https://ironbank-files.s3.amazonaws.com/cp-base-new_7.2.1_UsrLocalLib64.tar.gz
-    validation:
-      type: sha256
-      value: e2f3f75ce1b64e673e9edfc730d33c8aeae0cdee86f3c46c8e7df313e2e46e3f
-  - filename: cp-base-new_7.2.1_UsrShareJavaCp-base-new.tar.gz
-    url: https://ironbank-files.s3.amazonaws.com/cp-base-new_7.2.1_UsrShareJavaCp-base-new.tar.gz
-    validation:
-      type: sha256
-      value: 9c9283b39f19bfd80009ce43720b313fff4f2a9bb00a478a49b21bd0f310ce42
 # List of project maintainers
 maintainers:
   - name: "Scott Stroud"
-- 
GitLab