From 5dabe9c0996e62d8bf4b493dcea7d4bc161dead4 Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@elastic.co>
Date: Wed, 9 Oct 2024 15:37:05 +0400
Subject: [PATCH] Allow reading Elasticsearch certs in Wolfi image (#732)

The config/certs directory of Elasticsearch is not readable by other
users and groups. This work in the public image, which uses the root
user, but the Wolfi image does not. Using the same user id fixes the
problem.
---
 Dockerfile.wolfi | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile.wolfi b/Dockerfile.wolfi
index 3d94ffd..2eeeea7 100644
--- a/Dockerfile.wolfi
+++ b/Dockerfile.wolfi
@@ -26,6 +26,10 @@ WORKDIR /eland
 ENV VIRTUAL_ENV=/eland/venv
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
+# Use the same `USER` instruction as Elasticsearch to make sure Eland can read
+# a volume with Elasticsearch data in it. This is useful for --ca-cert.
+USER 1000:0
+
 COPY --from=builder /eland /eland
 
 # The eland_import_hub_model script is intended to be executed by a shell,