Merge pull request #109 from cisagov/improvement/remove-tanium

Remove resources that support the Tanium CDM agent
cisagov · May 20, 2024 · 8c8cd88 · 8c8cd88
2 parents 944dd0b + b71f794
commit 8c8cd88
Show file tree

Hide file tree

Showing 5 changed files with 1 addition and 57 deletions.
diff --git a/src/cdm.yml b/src/cdm.yml
@@ -4,12 +4,6 @@
   become: true
   become_method: ansible.builtin.sudo
   tasks:
-    - name: Install CDM Tanium client
-      ansible.builtin.include_role:
-        name: cdm_tanium
-      vars:
-        cdm_tanium_server_name: "{{ lookup('aws_ssm', '/cdm/tanium_hostname') }}"
-        cdm_tanium_third_party_bucket_name: "{{ build_bucket }}"
     - name: Install CDM Nessus agent
       ansible.builtin.include_role:
         name: cdm_nessus_agent
@@ -42,20 +36,6 @@
           - direction: out
             port: 443
             proto: tcp
-          # Tanium
-          - direction: in
-            port: 17472
-            proto: tcp
-          - direction: out
-            port: 17472
-            proto: tcp
-          # Tanium threat response
-          - direction: in
-            port: 17475
-            proto: tcp
-          - direction: out
-            port: 17475
-            proto: tcp
           # Tenable
           - direction: in
             port: 8834

diff --git a/src/requirements.yml b/src/requirements.yml
@@ -10,8 +10,6 @@ roles:
     src: https://github.com/cisagov/ansible-role-banner
   - name: cdm_nessus_agent
     src: https://github.com/cisagov/ansible-role-cdm-nessus-agent
-  - name: cdm_tanium
-    src: https://github.com/cisagov/ansible-role-cdm-tanium-client
   - name: chrony_aws
     src: https://github.com/cisagov/ansible-role-chrony-aws
   - name: clamav

diff --git a/src/version.txt b/src/version.txt
@@ -1 +1 @@
-__version__ = "0.4.1"
+__version__ = "0.4.2"
diff --git a/terraform-build-user/main.tf b/terraform-build-user/main.tf
@@ -10,34 +10,13 @@ module "iam_user" {
   }
 
   ssm_parameters = [
-    "/cdm/tanium_hostname",
     "/cyhy/dev/users",
     "/openvpn/server/*",
     "/ssh/public_keys/*",
   ]
   user_name = "build-openvpn-packer"
 }
 
-# Attach 3rd party S3 bucket read-only policy from
-# cisagov/ansible-role-cdm-tanium-client to the production
-# EC2AMICreate role
-resource "aws_iam_role_policy_attachment" "thirdpartybucketread_tanium_production" {
-  provider = aws.images-production-ami
-
-  policy_arn = data.terraform_remote_state.ansible_role_cdm_tanium_client.outputs.production_bucket_policy.arn
-  role       = module.iam_user.ec2amicreate_role_production.name
-}
-
-# Attach 3rd party S3 bucket read-only policy from
-# cisagov/ansible-role-cdm-tanium-client to the staging EC2AMICreate
-# role
-resource "aws_iam_role_policy_attachment" "thirdpartybucketread_tanium_staging" {
-  provider = aws.images-staging-ami
-
-  policy_arn = data.terraform_remote_state.ansible_role_cdm_tanium_client.outputs.staging_bucket_policy.arn
-  role       = module.iam_user.ec2amicreate_role_staging.name
-}
-
 # Attach 3rd party S3 bucket read-only policy from
 # cisagov/ansible-role-cdm-nessus-agent to the production
 # EC2AMICreate role

diff --git a/terraform-build-user/remote_states.tf b/terraform-build-user/remote_states.tf
@@ -90,19 +90,6 @@ data "terraform_remote_state" "ansible_role_cdm_nessus_agent" {
   }
 }
 
-data "terraform_remote_state" "ansible_role_cdm_tanium_client" {
-  backend = "s3"
-
-  config = {
-    encrypt        = true
-    bucket         = "cisa-cool-terraform-state"
-    dynamodb_table = "terraform-state-lock"
-    profile        = "cool-terraform-backend"
-    region         = "us-east-1"
-    key            = "ansible-role-cdm-tanium-client/terraform.tfstate"
-  }
-}
-
 data "terraform_remote_state" "ansible_role_crowdstrike" {
   backend = "s3"