Removes bits for Salt Vault integration

Also removes SAF secrets engine that is no longer used.

base/vault-configuration/engines.tf

@@ -38,12 +38,6 @@ resource "vault_mount" "onboarding-gallery" {
   description = "onboarding-gallery"
 }
 
-resource "vault_mount" "onboarding-saf" {
-  path        = "onboarding-saf"
-  type        = "kv-v2"
-  description = "onboarding-saf"
-}
-
 resource "vault_mount" "portal" {
   path        = "portal"
   type        = "kv-v2"
@@ -61,22 +55,3 @@ resource "vault_mount" "soc" {
   type        = "kv-v2"
   description = "soc"
 }
-
-#salt supports kv
-resource "vault_mount" "salt" {
-  path        = "salt"
-  type        = "kv"
-  description = "salt"
-}
-
-#test secret
-resource "vault_generic_secret" "test" {
-  depends_on = [ vault_mount.salt ]
-  path = "salt/pillar_data"
-
-  data_json = <<EOT
-{
-  "my-pillar":   "my-secret"
-}
-EOT
-}

base/vault-configuration/policies.tf

@@ -82,85 +82,6 @@ resource "vault_policy" "portal" {
   policy = data.vault_policy_document.portal.hcl
 }
 
-#salt-master should be able to only create tokens
-data "vault_policy_document" "salt-master" {
-  rule {
-    path         = "auth/*"
-    capabilities = ["read", "list", "sudo", "create", "update", "delete"]
-    description  = "salt-master"
-  }
-}
-
-resource "vault_policy" "salt-master" {
-  name   = "salt-master"
-  policy = data.vault_policy_document.salt-master.hcl
-}
-
-
-#restrict salt-minions to only list secrets here - saltstack/minions
-#allow all minions access to this shared pillar data.
-data "vault_policy_document" "minions" {
-  rule {
-    path         = "salt/*"
-    capabilities = ["list"]
-    description  = "minions"
-  }
-  rule {
-    path         = "salt/pillar_data"
-    capabilities = ["read"]
-    description  = "minions"
-  }
-}
-
-resource "vault_policy" "minions" {
-  name   = "saltstack/minions"
-  policy = data.vault_policy_document.minions.hcl
-}
-
-
-#restrict sensu salt-minion to only list secrets here - saltstack/minions
-#Policy must be named: saltstack/minion/<minion-id>
-# e.g. saltstack/minion/sensu.pvt.xdrtest.accenturefederalcyber.com
-data "vault_policy_document" "sensu-minion" {
-  rule {
-    path         = "salt/*"
-    capabilities = ["list"]
-    description  = "sensu-minion"
-  }
-  rule {
-    path         = "salt/minions/sensu.${var.dns_info["private"]["zone"]}/*"
-    capabilities = ["read"]
-    description  = "sensu-minion"
-
-  }
-}
-
-resource "vault_policy" "sensu-minion" {
-  name   = "saltstack/minion/sensu.${var.dns_info["private"]["zone"]}"
-  policy = data.vault_policy_document.sensu-minion.hcl
-}
-
-#Temp for GC Transition. Remove when Legacy Sensu is termianted. 
-data "vault_policy_document" "sensu-minion-legacy" {
-  rule {
-    path         = "salt/*"
-    capabilities = ["list"]
-    description  = "sensu-minion-legacy"
-  }
-  rule {
-    path         = "salt/minions/sensu.msoc.defpoint.local"
-    capabilities = ["read"]
-    description  = "sensu-minion-legacy"
-
-  }
-}
-
-resource "vault_policy" "sensu-minion-legacy" {
-  name   = "saltstack/minion/sensu.msoc.defpoint.local"
-  policy = data.vault_policy_document.sensu-minion-legacy.hcl
-}
-
-
 data "vault_policy_document" "soc" {
   rule {
     path         = "soc*"