dockerfile: ensure user directive gets set for vault alpine and ubi containers (#12920) (#13080)

* update user directive for dockerfile

run as vault user by default

* add changelog

* also set the user to vault in ent dockerfile

* update changelog

* add the user directive in the Dockerfile of the repo root

it is the one used for production builds

* remove user directive from build stage, add user directive to alpine stage

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Ryan Cragun <me@ryan.ec>

Dockerfile

@@ -73,6 +73,8 @@ EXPOSE 8200
 COPY .release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 ENTRYPOINT ["docker-entrypoint.sh"]
 
+# Use the Vault user as the default user for starting this container.
+USER ${NAME}
 
 # # By default you'll get a single-node development server that stores everything
 # # in RAM and bootstraps itself. Don't use this configuration for production.
@@ -166,7 +168,7 @@ COPY .release/docker/ubi-docker-entrypoint.sh /usr/local/bin/docker-entrypoint.s
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 # Use the Vault user as the default user for starting this container.
-USER vault
+USER ${NAME}
 
 # # By default you'll get a single-node development server that stores everything
 # # in RAM and bootstraps itself. Don't use this configuration for production.

changelog/_12920.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+dockerfile: container will now run as vault user by default
+```

scripts/docker/Dockerfile

@@ -61,6 +61,9 @@ EXPOSE 8200
 COPY ./scripts/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 ENTRYPOINT ["docker-entrypoint.sh"]
 
+# Use the Vault user as the default user for starting this container.
+USER vault
+
 # By default you'll get a single-node development server that stores everything
 # in RAM and bootstraps itself. Don't use this configuration for production.
 CMD ["server", "-dev"]