Update C# template to use non-root user

[ivanayov]

This updates the function templates to use a non-root user.

This PR changes the C#, python, python-armhf, python3-armhf template and python3 templates for the moment.
Will be updated after all the templates are tested.

Signed-off-by: Ivana Yovcheva (VMware) iyovcheva@vmware.com

Description

Motivation and Context

• I have raised an issue to propose this change (required)

Which issue(s) this PR fixes

Fixes #23

How Has This Been Tested?

Manually tested by building a function from the updated templates:

• faas-cli template pull
• Update template/<lang>/Dockerfile with the changes
• faas new --lang <lang> test
• faas build -f test.yml
• Exits with

[0] < Building test2 done.
[0] worker done.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have signed-off my commits with git commit -s
• I have added tests to cover my changes
• All new and existing tests passed.

[alexellis]

Hi @iyovcheva,

Thank you for picking this up. The work is high visibility and high risk, so everything needs to be tested thoroughly. The drawback of putting all changes in one PR is that they have to be verified and tested before any of the changes can be merged.

The title of the PR is "Update C# template to use non-root user" so this should contain the C# changes. Could you split out into separate PRs?

In your testing instructions you said you did a build, but this does not test your changes - it just proves that Docker could still build. For the C# changes please ensure that:

• the function with a modified handler can still run and be deployed
• is detected as health by Kubernetes
• it should also reference a third-party dependency via nuget and be able to access it

Alex

[alexellis]

FYI some changes were made in the past but never finished in openfaas/faas-cli#224 and openfaas/faas-cli#91

[alexellis]

For C# use this library for testing - it adds JSON parsing capabilities - https://www.newtonsoft.com/json

If you install dotnet SDK 2.0 on your computer you can use the instructions on nuget.com to update the project file.

[alexellis]

Derek close: please raise PRs for each template separately. I'll handle the C# template myself as I have experience with the language. I've used some of your changes and added some more for healthcheck and recursive chown.