cloud-setup: require to explicitly opt-in for providers via environment variable

"nm-cloud-setup" is supposed to work without configuration.

However, it (obviously) fetches data from the network you are connected to (which
might be untrusted or controlled by somebody malicious). The tool cannot
protect you against that, also because the meta data services uses HTTP and not
HTTPS. It means, you should run the tool only when it's suitable for your
environment, that is: in the right cloud.

Usually, the user/admin/distributor would know for which cloud the enable the tool.
It's also wasteful to repeatedly probe for the unavailable cloud.

So, instead disable all providers by default and require to opt-in by setting an
environment variable.

This can be conveniently done via `systemctl edit nm-cloud-provider.service` to
set Environment=. Of course, a image can also pre-deploy such am override file.

clients/cloud-setup/nm-cloud-setup.service.in

@@ -8,6 +8,11 @@ ExecStart=@libexecdir@/nm-cloud-setup
 
 #Environment=NM_CLOUD_SETUP_LOG=TRACE
 
+# Cloud providers are disabled by default. You need to
+# Opt-in by setting the right environment variable for
+# the provider.
+#Environment=NM_CLOUD_SETUP_EC2=yes
+
 CapabilityBoundingSet=
 LockPersonality=yes
 MemoryDenyWriteExecute=yes

clients/cloud-setup/nmcs-provider-ec2.c

@@ -545,7 +545,8 @@ nmcs_provider_ec2_class_init (NMCSProviderEC2Class *klass)
 {
 	NMCSProviderClass *provider_class = NMCS_PROVIDER_CLASS (klass);
 
-	provider_class->_name      = "ec2";
-	provider_class->detect     = detect;
-	provider_class->get_config = get_config;
+	provider_class->_name                 = "ec2";
+	provider_class->_env_provider_enabled = "NM_CLOUD_SETUP_EC2";
+	provider_class->detect                = detect;
+	provider_class->get_config            = get_config;
 }

clients/cloud-setup/nmcs-provider.c

@@ -61,6 +61,7 @@ nmcs_provider_detect (NMCSProvider *self,
                       gpointer user_data)
 {
 	gs_unref_object GTask *task = NULL;
+	const char *env;
 
 	g_return_if_fail (NMCS_IS_PROVIDER (self));
 	g_return_if_fail (!cancellable || G_IS_CANCELLABLE (cancellable));
@@ -69,6 +70,14 @@ nmcs_provider_detect (NMCSProvider *self,
 
 	nmcs_wait_for_objects_register (task);
 
+	env = g_getenv (NMCS_PROVIDER_GET_CLASS (self)->_env_provider_enabled);
+	if (!_nm_utils_ascii_str_to_bool (env, FALSE)) {
+		g_task_return_error (task,
+		                     nm_utils_error_new (NM_UTILS_ERROR_UNKNOWN,
+		                                         "provider is disabled"));
+		return;
+	}
+
 	NMCS_PROVIDER_GET_CLASS (self)->detect (self,
 	                                        g_steal_pointer (&task));
 }

clients/cloud-setup/nmcs-provider.h

@@ -62,6 +62,7 @@ typedef struct {
 typedef struct {
 	GObjectClass parent;
 	const char *_name;
+	const char *_env_provider_enabled;
 
 	void (*detect) (NMCSProvider *self,
 	                GTask *task);