cloud-setup: require to explicitly opt-in for providers via environment variable

"nm-cloud-setup" is supposed to work without configuration.

However, it (obviously) fetches data from the network you are connected to (which
might be untrusted or controlled by somebody malicious). The tool cannot
protect you against that, also because the meta data services uses HTTP and not
HTTPS. It means, you should run the tool only when it's suitable for your
environment, that is: in the right cloud.

Usually, the user/admin/distributor would know for which cloud the enable the tool.
It's also wasteful to repeatedly probe for the unavailable cloud.

So, instead disable all providers by default and require to opt-in by setting an
environment variable.

This can be conveniently done via `systemctl edit nm-cloud-provider.service` to
set Environment=. Of course, a image can also pre-deploy such am override file.

4 files changed, 19 insertions, 3 deletions

diff --git a/clients/cloud-setup/nm-cloud-setup.service.in b/clients/cloud-setup/nm-cloud-setup.service.in
index 6a6485b8cf..69a1a29ccb 100644
--- a/clients/cloud-setup/nm-cloud-setup.service.in
+++ b/clients/cloud-setup/nm-cloud-setup.service.in
@@ -8,6 +8,11 @@ ExecStart=@libexecdir@/nm-cloud-setup
 
 #Environment=NM_CLOUD_SETUP_LOG=TRACE
 
+# Cloud providers are disabled by default. You need to
+# Opt-in by setting the right environment variable for
+# the provider.
+#Environment=NM_CLOUD_SETUP_EC2=yes
+
 CapabilityBoundingSet=
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
diff --git a/clients/cloud-setup/nmcs-provider-ec2.c b/clients/cloud-setup/nmcs-provider-ec2.c
index 0bdab8106f..54686fdf6e 100644
--- a/clients/cloud-setup/nmcs-provider-ec2.c
+++ b/clients/cloud-setup/nmcs-provider-ec2.c
@@ -545,7 +545,8 @@ nmcs_provider_ec2_class_init (NMCSProviderEC2Class *klass)
 {
 	NMCSProviderClass *provider_class = NMCS_PROVIDER_CLASS (klass);
 
-	provider_class->_name      = "ec2";
-	provider_class->detect     = detect;
-	provider_class->get_config = get_config;
+	provider_class->_name                 = "ec2";
+	provider_class->_env_provider_enabled = "NM_CLOUD_SETUP_EC2";
+	provider_class->detect                = detect;
+	provider_class->get_config            = get_config;
 }
diff --git a/clients/cloud-setup/nmcs-provider.c b/clients/cloud-setup/nmcs-provider.c
index ab1f12a4c6..1f1b6e600d 100644
--- a/clients/cloud-setup/nmcs-provider.c
+++ b/clients/cloud-setup/nmcs-provider.c
@@ -61,6 +61,7 @@ nmcs_provider_detect (NMCSProvider *self,
                       gpointer user_data)
 {
 	gs_unref_object GTask *task = NULL;
+	const char *env;
 
 	g_return_if_fail (NMCS_IS_PROVIDER (self));
 	g_return_if_fail (!cancellable || G_IS_CANCELLABLE (cancellable));
@@ -69,6 +70,14 @@ nmcs_provider_detect (NMCSProvider *self,
 
 	nmcs_wait_for_objects_register (task);
 
+	env = g_getenv (NMCS_PROVIDER_GET_CLASS (self)->_env_provider_enabled);
+	if (!_nm_utils_ascii_str_to_bool (env, FALSE)) {
+		g_task_return_error (task,
+		                     nm_utils_error_new (NM_UTILS_ERROR_UNKNOWN,
+		                                         "provider is disabled"));
+		return;
+	}
+
 	NMCS_PROVIDER_GET_CLASS (self)->detect (self,
 	                                        g_steal_pointer (&task));
 }
diff --git a/clients/cloud-setup/nmcs-provider.h b/clients/cloud-setup/nmcs-provider.h
index 930b6bd80f..e5a44da19f 100644
--- a/clients/cloud-setup/nmcs-provider.h
+++ b/clients/cloud-setup/nmcs-provider.h
@@ -62,6 +62,7 @@ typedef struct {
 typedef struct {
 	GObjectClass parent;
 	const char *_name;
+	const char *_env_provider_enabled;
 
 	void (*detect) (NMCSProvider *self,
 	                GTask *task);