ibmresilient · neetinkandhare · Mar 12, 2019 · Apr 19, 2019 · Jun 7, 2021 · Jun 22, 2021
diff --git a/fn_guardium_insights_integration/Dockerfile b/fn_guardium_insights_integration/Dockerfile
@@ -0,0 +1,68 @@
+# docker build -t resilient/fn_outbound_email:1.0.0 -t resilient/fn_outbound_email:latest .
+
+# Base image using Red Hat's universal base image (rhel 8) for python
+FROM registry.access.redhat.com/ubi8/python-36:latest
+
+ARG APPLICATION=fn_guardium_insights_integration
+ARG RESILIENT_CIRCUITS_VERSION=41.0.1976
+ARG PATH_RESILIENT_CIRCUITS=rescircuits
+
+# Update to latest packages, user 0 for root privilege
+USER 0
+
+# Update to latest pip
+RUN pip install --upgrade pip
+
+# install resilient-circuits
+RUN pip install resilient-circuits>=${RESILIENT_CIRCUITS_VERSION}
+
+
+## ---- section for changes ----
+# uncomment and replicate if additional os libraries are needed
+#RUN yum -y update && yum clean all
+#RUN yum -y install <package>
+
+# install the base package
+COPY ./dist /tmp/packages
+RUN pip install /tmp/packages/${APPLICATION}-*.tar.gz
+
+# uncomment and replicate if additional pypi packages are needed
+RUN pip install "resilient_lib>=37.0.0"
+RUN pip install "resilient>=37.0.0"
+RUN pip install "circuits>=3.2"
+RUN pip install "six>=1.15.0"
+RUN pip install "requests>=2.25.0"
+RUN pip install "pytz>=2020.5"
+
+# uncomment and replicate if additional local packages are needed
+#COPY /path/to/extra_package /tmp/packages/.
+#RUN pip install /tmp/packages/<extra_package>*.tar.gz
+
+# uncomment to expose port only if a custom threat feed
+#EXPOSE 9000
+## ---- end section for changes ----
+
+# set up configuration and log locations using /etc and /var/log, the conventional locations for config and logs
+RUN mkdir /etc/${PATH_RESILIENT_CIRCUITS}
+ENV APP_CONFIG_FILE /etc/${PATH_RESILIENT_CIRCUITS}/app.config
+
+# create arbitrary group for user 1001
+RUN groupadd -g 1001 default && usermod -g 1001 default
+
+# create directory for logs and set to be root group to allow access by non root processes
+# See https://docs.openshift.com/container-platform/4.2/openshift_images/create-images.html#images-create-guide-openshift_create-images
+RUN mkdir /var/log/${PATH_RESILIENT_CIRCUITS} && \
+    chgrp -R 1001 /var/log/${PATH_RESILIENT_CIRCUITS} && \
+    chmod -R g=u /var/log/${PATH_RESILIENT_CIRCUITS}
+ENV APP_LOG_DIR /var/log/${PATH_RESILIENT_CIRCUITS}
+
+# setup entrypoint for read-only enterprise data used by integration, if needed
+RUN mkdir /var/${PATH_RESILIENT_CIRCUITS}
+
+# entrypoint for resilient-circuits.  Use /opt, the conventional location for optional software on Linux
+RUN mkdir /opt/${PATH_RESILIENT_CIRCUITS}
+COPY entrypoint.sh /opt/${PATH_RESILIENT_CIRCUITS}/entrypoint.sh
+
+# arbitrary user, support running as non-root. Required on OpenShift. Generally a good practice.
+USER 1001
+ENTRYPOINT [ "sh", "/opt/rescircuits/entrypoint.sh" ]
diff --git a/fn_guardium_insights_integration/MANIFEST.in b/fn_guardium_insights_integration/MANIFEST.in
@@ -0,0 +1,14 @@
+include README.md
+include Dockerfile
+include entrypoint.sh
+recursive-include fn_guardium_insights_integration/util *
+include fn_guardium_insights_integration/LICENSE
+include doc/*.md
+include doc/*.pdf
+include doc/screenshots/*
+include apikey_permissions.txt
+include icons/*
+include tox.ini
+recursive-include payload_samples/*/ *.json
+
+exclude *.bak