# Copyright (C) 2009-2010 Canonical Ltd.
# Copyright (C) 2012 Hewlett-Packard Development Company, L.P.
#
# Author: Scott Moser <scott.moser@canonical.com>
# Author: Juerg Haefliger <juerg.haefliger@hp.com>
#
# This file is part of cloud-init. See LICENSE file for license information.
"""Disable EC2 Metadata: Disable AWS EC2 metadata."""
from logging import Logger
from textwrap import dedent
from cloudinit import subp, util
from cloudinit.cloud import Cloud
from cloudinit.config import Config
from cloudinit.config.schema import MetaSchema, get_meta_doc
from cloudinit.distros import ALL_DISTROS
from cloudinit.settings import PER_ALWAYS
REJECT_CMD_IF = ["route", "add", "-host", "169.254.169.254", "reject"]
REJECT_CMD_IP = ["ip", "route", "add", "prohibit", "169.254.169.254"]
meta: MetaSchema = {
"id": "cc_disable_ec2_metadata",
"name": "Disable EC2 Metadata",
"title": "Disable AWS EC2 Metadata",
"description": dedent(
"""\
This module can disable the ec2 datasource by rejecting the route to
``169.254.169.254``, the usual route to the datasource. This module
is disabled by default."""
),
"distros": [ALL_DISTROS],
"frequency": PER_ALWAYS,
"examples": ["disable_ec2_metadata: true"],
"activate_by_schema_keys": ["disable_ec2_metadata"],
}
__doc__ = get_meta_doc(meta)
def handle(
name: str, cfg: Config, cloud: Cloud, log: Logger, args: list
) -> None:
disabled = util.get_cfg_option_bool(cfg, "disable_ec2_metadata", False)
if disabled:
reject_cmd = None
if subp.which("ip"):
reject_cmd = REJECT_CMD_IP
elif subp.which("ifconfig"):
reject_cmd = REJECT_CMD_IF
else:
log.error(
'Neither "route" nor "ip" command found, unable to '
"manipulate routing table"
)
return
subp.subp(reject_cmd, capture=False)
else:
log.debug(
"Skipping module named %s, disabling the ec2 route not enabled",
name,
)
# vi: ts=4 expandtab
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| schemas | Folder | 0755 |
|
|
| __init__.py | File | 14 B | 0644 |
|
| cc_ansible.py | File | 8.37 KB | 0644 |
|
| cc_apk_configure.py | File | 5.75 KB | 0644 |
|
| cc_apt_configure.py | File | 32.46 KB | 0644 |
|
| cc_apt_pipelining.py | File | 2.82 KB | 0644 |
|
| cc_bootcmd.py | File | 2.87 KB | 0644 |
|
| cc_byobu.py | File | 3.67 KB | 0644 |
|
| cc_ca_certs.py | File | 8.06 KB | 0644 |
|
| cc_chef.py | File | 13.79 KB | 0644 |
|
| cc_disable_ec2_metadata.py | File | 2.04 KB | 0644 |
|
| cc_disk_setup.py | File | 32.34 KB | 0644 |
|
| cc_fan.py | File | 3.11 KB | 0644 |
|
| cc_final_message.py | File | 3.41 KB | 0644 |
|
| cc_growpart.py | File | 19.42 KB | 0644 |
|
| cc_grub_dpkg.py | File | 5.49 KB | 0644 |
|
| cc_install_hotplug.py | File | 3.81 KB | 0644 |
|
| cc_keyboard.py | File | 2.08 KB | 0644 |
|
| cc_keys_to_console.py | File | 3.63 KB | 0644 |
|
| cc_landscape.py | File | 4.86 KB | 0644 |
|
| cc_locale.py | File | 1.88 KB | 0644 |
|
| cc_lxd.py | File | 17.96 KB | 0644 |
|
| cc_mcollective.py | File | 6.2 KB | 0644 |
|
| cc_migrator.py | File | 3.51 KB | 0644 |
|
| cc_mounts.py | File | 19.03 KB | 0644 |
|
| cc_ntp.py | File | 19.7 KB | 0644 |
|
| cc_package_update_upgrade_install.py | File | 4.42 KB | 0644 |
|
| cc_phone_home.py | File | 5.5 KB | 0644 |
|
| cc_power_state_change.py | File | 7.65 KB | 0644 |
|
| cc_puppet.py | File | 13.74 KB | 0644 |
|
| cc_refresh_rmc_and_interface.py | File | 5.48 KB | 0644 |
|
| cc_reset_rmc.py | File | 4.53 KB | 0644 |
|
| cc_resizefs.py | File | 10.56 KB | 0644 |
|
| cc_resolv_conf.py | File | 5.01 KB | 0644 |
|
| cc_rh_subscription.py | File | 17.05 KB | 0644 |
|
| cc_rightscale_userdata.py | File | 4.3 KB | 0644 |
|
| cc_rsyslog.py | File | 9.77 KB | 0644 |
|
| cc_runcmd.py | File | 2.92 KB | 0644 |
|
| cc_salt_minion.py | File | 5.54 KB | 0644 |
|
| cc_scripts_per_boot.py | File | 1.68 KB | 0644 |
|
| cc_scripts_per_instance.py | File | 1.83 KB | 0644 |
|
| cc_scripts_per_once.py | File | 1.78 KB | 0644 |
|
| cc_scripts_user.py | File | 1.87 KB | 0644 |
|
| cc_scripts_vendor.py | File | 2.31 KB | 0644 |
|
| cc_seed_random.py | File | 4.81 KB | 0644 |
|
| cc_set_hostname.py | File | 4.89 KB | 0644 |
|
| cc_set_passwords.py | File | 11.05 KB | 0644 |
|
| cc_snap.py | File | 6.39 KB | 0644 |
|
| cc_spacewalk.py | File | 3.52 KB | 0644 |
|
| cc_ssh.py | File | 14.03 KB | 0644 |
|
| cc_ssh_authkey_fingerprints.py | File | 4.24 KB | 0644 |
|
| cc_ssh_import_id.py | File | 5.82 KB | 0644 |
|
| cc_timezone.py | File | 1.44 KB | 0644 |
|
| cc_ubuntu_advantage.py | File | 16.88 KB | 0644 |
|
| cc_ubuntu_autoinstall.py | File | 4.56 KB | 0644 |
|
| cc_ubuntu_drivers.py | File | 4.63 KB | 0644 |
|
| cc_update_etc_hosts.py | File | 5.11 KB | 0644 |
|
| cc_update_hostname.py | File | 3.63 KB | 0644 |
|
| cc_users_groups.py | File | 7.6 KB | 0644 |
|
| cc_wireguard.py | File | 9.28 KB | 0644 |
|
| cc_write_files.py | File | 6.75 KB | 0644 |
|
| cc_write_files_deferred.py | File | 1.68 KB | 0644 |
|
| cc_yum_add_repo.py | File | 7.47 KB | 0644 |
|
| cc_zypper_add_repo.py | File | 6.68 KB | 0644 |
|
| modules.py | File | 11.43 KB | 0644 |
|
| schema.py | File | 43.14 KB | 0644 |
|