From 8358eb0c22b5f3c97a68edc16de0191ba78a7632 Mon Sep 17 00:00:00 2001
From: WingKwan Lau <wingkwan.lau1@navy.mil>
Date: Mon, 23 Aug 2021 20:50:13 +0000
Subject: [PATCH] Update Dockerfile, scripts/createuser.sh,
 hardening_manifest.yaml files

---
 Dockerfile              | 11 +++++++----
 hardening_manifest.yaml |  4 ++--
 scripts/createuser.sh   | 15 +++++++++++++++
 3 files changed, 24 insertions(+), 6 deletions(-)
 create mode 100644 scripts/createuser.sh

diff --git a/Dockerfile b/Dockerfile
index 06b00f6..de3d9a3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,9 @@ RUN mkdir -p $WORKING_DIR
 # copy over the script to make permissions compatible with OpenShift
 COPY scripts/fix-permissions.sh /usr/local/bin
 
+# copy create user script
+COPY scripts/createuser.sh /docker-entrypoint-initdb.d/
+
 # ensure the script is executable
 RUN chmod a+x /usr/local/bin/fix-permissions.sh
 
@@ -26,12 +29,12 @@ RUN fix-permissions.sh ${DATA_DIR} -P && \
     fix-permissions.sh ${CONFIG_DIR} -P && \
     fix-permissions.sh ${WORKING_DIR} -P 
 
-RUN ls -ltrh ${DATA_DIR}
-RUN ls -ltrh ${CONFIG_DIR}
-RUN ls -ltrh ${WORKING_DIR}
-
 # set home directory to persistent volume directory
 ENV HOME=/var/lib/mongodb/data
 
+# ensure folder is writable
+RUN chown -R mongodb:mongodb /usr/local/bin 
+
 # switch back to mongodb (for non-containerized environments)
 USER mongodb:mongodb
+
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 28bbecd..e5bf029 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -7,7 +7,7 @@ name: "diat/aap-mongo"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-- "14.1"
+- "15.1"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -29,7 +29,7 @@ labels:
   # Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "aap-mongo"
   # Authoritative version of the software
-  org.opencontainers.image.version: "14.1"
+  org.opencontainers.image.version: "15.1"
   # Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "aap,mongo,aap-mongo,aapmongo,mongodb,aap-mongodb,atlas,diat"
   # This value can be "opensource" or "commercial"
diff --git a/scripts/createuser.sh b/scripts/createuser.sh
new file mode 100644
index 0000000..fd8aee2
--- /dev/null
+++ b/scripts/createuser.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+echo "Initializing database $MONGO_INITDB_DATABASE and creating database user $MONGODB_USER" 
+
+mongo=( mongo --host 127.0.0.1 --port 27017 --quiet )
+
+"${mongo[@]}" "$MONGO_INITDB_DATABASE" <<-EOJS
+    db.createUser({
+        user: $(_js_escape "$MONGODB_USER"),
+        pwd: $(_js_escape "$MONGODB_PASSWORD"),
+        roles: [ { role: 'readWrite', db: $(_js_escape "$MONGO_INITDB_DATABASE") } ]
+    })
+
+EOJS
+
-- 
GitLab