From 1a536124ada8645d2fa1abb3c8c898afb531847e Mon Sep 17 00:00:00 2001
From: Paul Bourke <paul.bourke@oracle.com>
Date: Tue, 17 Nov 2015 17:54:21 +0000
Subject: [PATCH] Drop root for Magnum

This change ensures commands run in the magnum containers are done as the
'magnum' user rather than root.

Change-Id: I18e2febae98aae6d6fc6c61cc2817442f408cb75
Partially-Implements: blueprint drop-root
---
 docker/magnum/magnum-api/Dockerfile.j2       | 2 ++
 docker/magnum/magnum-api/extend_start.sh     | 2 +-
 docker/magnum/magnum-conductor/Dockerfile.j2 | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docker/magnum/magnum-api/Dockerfile.j2 b/docker/magnum/magnum-api/Dockerfile.j2
index 3a613ab34c..f1264f5dfc 100644
--- a/docker/magnum/magnum-api/Dockerfile.j2
+++ b/docker/magnum/magnum-api/Dockerfile.j2
@@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER magnum
diff --git a/docker/magnum/magnum-api/extend_start.sh b/docker/magnum/magnum-api/extend_start.sh
index f6db675568..0f92f6e7bf 100644
--- a/docker/magnum/magnum-api/extend_start.sh
+++ b/docker/magnum/magnum-api/extend_start.sh
@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u magnum magnum-db-manage upgrade
+    magnum-db-manage upgrade
     exit 0
 fi
diff --git a/docker/magnum/magnum-conductor/Dockerfile.j2 b/docker/magnum/magnum-conductor/Dockerfile.j2
index 4e9eaef437..e31e46f994 100644
--- a/docker/magnum/magnum-conductor/Dockerfile.j2
+++ b/docker/magnum/magnum-conductor/Dockerfile.j2
@@ -16,3 +16,5 @@ RUN cd /tmp && curl -L https://github.com/GoogleCloudPlatform/kubernetes/release
 {% endif %}
 
 {{ include_footer }}
+
+USER magnum