support dmake to do docker-makes

cloudy_mozdef/Makefile

@@ -1,49 +1,39 @@
 ROOT_DIR	:= $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 PARENTDIR       := $(realpath ../)
-IMAGE_NAME	:= mozdef-deployment
 STACK_NAME	:= mozdef-aws-nested
 # MozDef uses a nested CF stack, the mozdef-parent.yml will tie all child stacks together and load them from S3
 S3_BUCKET_NAME  := cf
 S3_BUCKET_URI	:= s3://mozdef.infosec.mozilla.org/$(S3_BUCKET_NAME)
 S3_STACK_URI	:= https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-parent.yml
-DOCKER_BASH_RUN	:= docker run -v ~/.aws:/root/.aws -v `pwd`:/opt/mozdef $(IMAGE_NAME):latest /bin/bash -c
 
 all:
 	@echo 'Available make targets:'
 	@grep '^[^#[:space:]\.PHONY.*].*:' Makefile
-
-.PHONY: build docker-build
-build: docker-build packer-build
-docker-build: ## Build the docker image that is used for deployment of CloudFormation templates
-	docker build -t $(IMAGE_NAME):latest .
-
-.PHONY: docker-shell
-deploy-shell: ## Spawn a shell for hacking into the docker image
-	docker run -ti -v ~/.aws:/root/.aws -v `pwd`:/opt/mozdef -v $(PARENTDIR):/opt/gitrepo $(IMAGE_NAME):latest /bin/bash
+	@echo 'Run ./dmake <target> in order to run the Makefile targets in Docker'
 
 # Note: This requires AWS access
 .PHONY: packer-build
-packer-build: docker-build ## Build the base AMI with packer
-	$(DOCKER_BASH_RUN) "cd packer && packer build packer.json"
+packer-build: ## Build the base AMI with packer
+	cd packer && packer build packer.json
 
 .PHONY: create-nested-stack create-s3-bucket
 create-nested-stack: test ## Create everything you need for a fresh new stack!
-	$(DOCKER_BASH_RUN) "aws cloudformation create-stack --stack-name $(STACK_NAME) --template-url $(S3_STACK_URI)"
+	aws cloudformation create-stack --stack-name $(STACK_NAME) --template-url $(S3_STACK_URI)
 create-s3-bucket:
-	$(DOCKER_BASH_RUN) "aws s3api create-bucket --bucket $(S3_BUCKET_NAME) --acl public-read"
+	aws s3api create-bucket --bucket $(S3_BUCKET_NAME) --acl public-read
 
 .PHONY: updated-nested-stack
 update-nested-stack: test ## Updates the nested stack on AWS
-	$(DOCKER_BASH_RUN) "aws cloudformation update-stack --stack-name $(STACK_NAME) --template-url $(S3_STACK_URI)"
+	aws cloudformation update-stack --stack-name $(STACK_NAME) --template-url $(S3_STACK_URI)
 
 .PHONY: cflint test
 test: cflint
 cflint: ## Verify the CloudFormation template pass linting tests
-	-$(DOCKER_BASH_RUN) "cfn-lint /opt/mozdef/cloudformation/*.yml"
+	-cfn-lint /opt/mozdef/cloudformation/*.yml
 
 .PHONY: stack-status
 stack-status: ## Output current CloudFormation stack status
-	$(DOCKER_BASH_RUN) "aws cloudformation describe-stacks --stack-name $(STACK_NAME)"
+	aws cloudformation describe-stacks --stack-name $(STACK_NAME)
 
 .PHONY: upload-templates
 upload-templates:

cloudy_mozdef/dmake

@@ -0,0 +1,40 @@
+#!/bin/bash
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# @gdestuynder
+
+# Use this script to run the makefile within a docker container
+
+AWS_CREDS_DIR="$HOME/.aws"
+DOCKER_PROJECT_DIR="/opt/mozdef"
+IMG_NAME="mozdef_builder"
+HUB="mozdef"
+CONTAINER_NAME="$IMG_NAME-container"
+
+function usage() {
+  echo "Build make targets in a container (${IMG_NAME})"
+  echo "$0 make <make target>"
+  exit 127
+}
+
+function check_img() {
+  docker image ls ${IMG_NAME} 2>&1 > /dev/null && return 0
+  echo "Cannot find docker image ${IMG_NAME}."
+  echo "Please run \`make dkrbuild\` to build it, or \`docker pull ${HUB}/${IMG_NAME}\`".
+  return 1
+}
+
+[[ $# -eq 0 ]] && usage
+
+check_img || exit 127
+
+exec docker run --rm --name ${CONTAINER_NAME} \
+  -u $(id -u) \
+  -v ${AWS_CREDS_DIR}:/root/.aws \
+  -v $(pwd):${DOCKER_PROJECT_DIR} \
+  -e "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" \
+  -e "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" \
+  -e "AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}" \
+  -e "AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}" \
+  ${HUB}/${IMG_NAME}:latest make $@

cloudy_mozdef/requirements.txt

@@ -1,6 +0,0 @@
-ansible
-credstash
-faker
-awscli
-awsudo
-cfn-lint

docker/builder/Dockerfile

@@ -0,0 +1,22 @@
+FROM amazonlinux:2
+
+# Base dependencies
+RUN yum update -y
+RUN yum install @development wget -y
+RUN yum install python python-dev python-pip -y
+ADD requirements.txt /tmp/
+RUN pip install -r /tmp/requirements.txt
+
+# Add packer from hashicorp binary to pin version
+RUN wget https://releases.hashicorp.com/packer/1.3.1/packer_1.3.1_linux_amd64.zip
+RUN unzip packer_1.3.1_linux_amd64.zip
+RUN mv packer /usr/local/bin/packer
+RUN chmod u+x /usr/local/bin/packer
+
+RUN echo -n "PS1=\"[deploy-shell][\u@\h \W]\$ \"" >> /root/.bashrc
+
+# Setup a home for deployment
+RUN mkdir -p /opt/mozdef
+
+# Force this as the entrypoint
+WORKDIR /opt/mozdef

docker/builder/Makefile

@@ -0,0 +1,5 @@
+all:
+	docker build -t mozdef_builder:latest .
+	docker tag mozdef_builder mozdef/mozdef_builder:latest
+	docker login
+	docker push mozdef/mozdef_builder:latest

docker/builder/requirements.txt

@@ -0,0 +1,4 @@
+awscli
+awsudo
+cfn-lint
+docker-compose