[Security Fix] Update Etcdctl Image

1) This updates etcd Download links as parameterized.
2) Updated python to 3.6 as recommended by CSO Clair Scan.
3) Removed the dependencies of oslo-rootwrap config in charts
   so as to reduce dependency failures.

Change-Id: Ic3f86f6f07d9ef76b21167a57ded8f86b2ce314b
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>

charts/etcdctl-utility/templates/bin/_start.sh.tpl

@@ -15,8 +15,3 @@ limitations under the License.
 set -ex
 sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
 /etc/init.d/rsyslog start
-
-sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py

images/etcdctl-utility/Dockerfile.ubuntu_bionic

@@ -10,32 +10,41 @@ LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc
 
 ARG ETCDCTL_VERSION=3.4.2
 
-RUN set -xe && \
+ENV GOOGLE_URL=https://storage.googleapis.com/etcd
-    export DEBIAN_FRONTEND=noninteractive && \
+ENV GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
-    sed -i '/nobody/d' /etc/passwd && \
+ENV DOWNLOAD_URL=${GITHUB_URL}
-    echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd && \
+
-    apt-get update && \
+RUN set -xe \
-    apt-get install -y \
+    && export DEBIAN_FRONTEND=noninteractive  \
-      wget curl \
+    && sed -i '/nobody/d' /etc/passwd  \
-      apt-transport-https \
+    && echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
-      ca-certificates \
+    && apt-get update \
-      gnupg && \
+    && apt-get install -y \
-    apt-get install -y \
+       wget curl \
-      bash \
+       locales \
-      moreutils \
+       apt-transport-https \
-      python3 \
+       ca-certificates \
-      python3-pip \
+       gnupg \
-      python3-oslo.rootwrap \
+       bash \
-      sudo \
+       moreutils \
-      rsyslog && \
+       sudo \
-    TMP_DIR=$(mktemp --directory) && \
+       rsyslog \
-    cd ${TMP_DIR} && \
+       python3.6 \
-    curl -sSL https://github.com/coreos/etcd/releases/download/v${ETCDCTL_VERSION}/etcd-v${ETCDCTL_VERSION}-linux-amd64.tar.gz \
+       python3-pip \
-    | tar xfz - && \
+    && pip3 install \
-    mv ${TMP_DIR}/etcd-v${ETCDCTL_VERSION}-linux-amd64/etcdctl /usr/local/bin/etcdctl && \
+         oslo.rootwrap==5.8.0 \
-    chmod +xr /usr/local/bin/etcdctl && \
+    && TMP_DIR=$(mktemp --directory) && cd ${TMP_DIR} \
-    apt-get clean -y && \
+    && curl -sSLO "${DOWNLOAD_URL}/v${ETCDCTL_VERSION}/etcd-v${ETCDCTL_VERSION}-linux-amd64.tar.gz" \
-    rm -rf \
+    && tar -xvf ${TMP_DIR}/etcd-v${ETCDCTL_VERSION}-linux-amd64.tar.gz --strip-components=1 \
-     /var/lib/apt/lists/* \
+        -C /usr/local/bin etcd-v${ETCDCTL_VERSION}-linux-amd64/etcdctl \
-     ${TMP_DIR}
+    && apt-get clean -y \
-CMD ["/bin/bash"]
+    && rm -rf \
+       /var/lib/apt/lists/* \
+       {TMP_DIR}
+
+RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/handler.setFormatter/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/os.path.basename/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
+
+CMD ["/bin/bash"]