feat(credentials): Refactor credential purposes

[louisruch]

• Application credentials have been refactored to Brokered credentials
• Egress credentials have been refactored to Injected Application
  credentials

Validated that bats runs successfully:

bats -p boundary/
 ✓ boundary/token: can login as unpriv user
 ✓ boundary/token: can read own token with no id given
 ✓ boundary/token: can read own token with self given
 ✓ boundary/token: can read own token id given
 ✓ boundary/token: can delete own token with no id given
 ✓ boundary/token: can delete own token with self given
 ✓ boundary/token: can delete own token with id given
 ✓ boundary/token/logout: can logout
 ✓ boundary/login: can login as default user
 ✓ boundary/credential-stores: can create test static store in default project
 ✓ boundary/credential-stores: can not create already created test static store
 ✓ boundary/credential-stores: can read test static store
 ✓ boundary/credential-stores: can delete test static store
 ✓ boundary/credential-stores: can not read deleted test static store
 ✓ boundary/login: can login as default user
 ✓ boundary/credential-stores: can create credentials-test-store static store in default project
 ✓ boundary/credentials: can create test credential in credentials-test-store store
 ✓ boundary/credentials: can not create already created test credential
 ✓ boundary/credentials: can read test credential
 ✓ boundary/credentials: can delete test credential
 ✓ boundary/credential-stores: can not read deleted test credential
 ✓ boundary/login: can login as default user
 ✓ boundary/groups: can add test group
 ✓ boundary/groups: can not add already created test group
 ✓ boundary/groups: can read test group
 ✓ boundary/groups: the test group contains default authorized-actions
 ✓ boundary/group/add-members: can associate test group with default user
 ✓ boundary/group/add-members: test group contains default user
 ✓ boundary/group: can delete test group
 ✓ boundary/groups: can not read deleted test group
 ✓ boundary/login: can login as default user
 ✓ boundary/host-catalogs: can create test host catalog in default project scope
 ✓ boundary/host-catalogs: can not create already created test host catalog in default project scope
 ✓ boundary/host-catalogs: can read test host catalog in default project scope
 ✓ boundary/host-catalogs: the test host catalog contains default authorized-actions
 ✓ boundary/host-catalogs: can delete test host in default project scope
 ✓ boundary/host-catalogs: can not read deleted test host in default project scope
 ✓ boundary/login: can login as default user
 ✓ boundary/host-sets: can add test host set to default host catalog
 ✓ boundary/host-sets: can not add already created test host set
 ✓ boundary/host-sets: can read test host set
 ✓ boundary/host-sets: the test host set contains default authorized-actions
 ✓ boundary/host-set/add-host: can associate test host set with default host
 ✓ boundary/host-set/add-host: test host set contains default host
 ✓ boundary/host-set: can delete test host set
 ✓ boundary/host-set: can not delete already deleted test host set
 ✓ boundary/host-sets: can not read deleted test host set
 ✓ boundary/login: can login as default user
 ✓ boundary/hosts: can create test host in default host catalog
 ✓ boundary/hosts: can not add already created test host in default host catalog
 ✓ boundary/hosts: can read test host
 ✓ boundary/hosts: the test host contains default authorized-actions
 ✓ boundary/host: can delete test host
 ✓ boundary/hosts: can not read deleted test host
 ✓ boundary/login: can login as default principal
 ✓ boundary/roles: can add test role to global scope granting rights in default org scope
 ✓ boundary/roles: can not add already created test role
 ✓ boundary/roles: can read test role
 ✓ boundary/roles: the test role contains default authorized-actions
 ✓ boundary/role/add-principals: can associate test role with default principal
 ✓ boundary/role/add-principals: test role contains default principal
 ✓ boundary/role/remove-principals: can remove default principal from test role
 ✓ boundary/role/remove-principals: test role no longer contains default principal
 ✓ boundary/role/add-grants: can associate test role with id=*;type=*;actions=create,read,update,delete,list grant
 ✓ boundary/role/add-grantss: test role contains id=*;type=*;actions=create,read,update,delete,list grant
 ✓ boundary/role/remove-grants: can remove id=*;type=*;actions=create,read,update,delete,list grant from test role
 ✓ boundary/role/remove-grants: test role no longer contains id=*;type=*;actions=create,read,update,delete,list grant
 ✓ boundary/role: can delete test role
 ✓ boundary/roles: can not read deleted test role
 ✓ boundary/login: can login as default user
 ✓ boundary/scopes: can create test_org organization level scope
 ✓ boundary/scopes: can read test_org organization level scope
 ✓ boundary/scopes: the test_org scope contains default org authorized-actions
 ✓ boundary/scopes: can create test_project project level scope
 ✓ boundary/scopes: can read test_project project level scope
 ✓ boundary/scopes: the test_project scope contains default project authorized-actions
 ✓ boundary/scopes: can delete test_project project level scope
 ✓ boundary/scopes: can not read deleted test_project project level scope
 ✓ boundary/scopes: can delete test_org organization level scope
 ✓ boundary/scopes: can not read deleted test_org organization level scope
 ✓ boundary/session: admin user can connect to default target
 ✓ boundary/session/connect: unpriv user can connect to default target
 ✓ boundary/session: verify admin and unpriv user see different counts
 ✓ boundary/session: verify read and cancellation permissions on admin session
 ✓ boundary/session: verify read and cancellation permissions on unpriv session
 ✓ boundary/login: can login as admin user
 ✓ boundary/target/connect: admin user can connect to default target
 ✓ boundary/target: admin user can read default target
 ✓ boundary/login: can login as unpriv user
 ✓ boundary/target/connect: unpriv user can connect to default target
 ✓ boundary/target: unpriv user can not read default target
 ✓ boundary/login: login back in as admin user
 ✓ boundary/target: admin user can create target
 ✓ boundary/target: admin user can not create already created target
 ✓ boundary/target: admin user can read created target
 ✓ boundary/target: the test target contains default authorized-actions
 ✓ boundary/target: admin user can add default host set to created target
 ✓ boundary/target: created target has default host set
 ✓ boundary/target/connect: default user can connect to created target
 ✓ boundary/target: default user can delete target
 ✓ boundary/target: default user can not read deleted target
 ✓ boundary/login: can login as admin user
 ✓ boundary/credential-stores: can create test-for-add-credential-sources static store in default project
 ✓ boundary/credentials: can create first-credential credential in test-for-add-credential-sources store
 ✓ boundary/target: can add first-credential credential source
 ✓ boundary/target: validate only first-credential credential source present
 ✓ boundary/target: cannot add duplicate credential source
 ✓ boundary/target: can delete first-credential credential source
 ✓ boundary/target: validate first-credential credential source removed
 ✓ boundary/credentials: can create additional credentials in test-for-add-credential-sources store
 ✓ boundary/target: can add multiple credential sources
 ✓ boundary/target: validate added credential sources present
 ✓ boundary/target: can delete multiple credential sources
 ✓ boundary/target: validate third-credential credential source present
 ✓ boundary/target: validate deleted credential sources not present
 ✓ boundary/target: can set multiple credential sources
 ✓ boundary/target: validate set credential sources present
 ✓ boundary/target: can set just first-credential credential source
 ✓ boundary/target: validate first-credential credential source present
 ✓ boundary/target: validate not set credential sources not present
 ✓ boundary/login: can login as default user
 ✓ boundary/users: can add test user
 ✓ boundary/users: can not add already created test user
 ✓ boundary/users: can read test user
 ✓ boundary/users: the test user contains default authorized-actions
 ✓ boundary/account/password: can add test account
 ✓ boundary/account/password: can not add already created test account
 ✓ boundary/account/password: can read created test account
 ✓ boundary/user/account-add: can associate test account with test user
 ✓ boundary/login: can login as test user
 ✓ boundary/user: can delete test user
 ✓ boundary/users: can not read deleted test user
 ✓ boundary/account/password: can delete test account
 ✓ boundary/version: can run version command
 ✓ boundary/version: version output is valid
✓ boundary/version: revision output is valid                                                                   136/136

Validated brokered works for all ASD:

$ boundary targets set-credential-sources -id ttcp_1234567890 -brokered-credential-sourc
e $CRED_ID

Target information:
  Created Time:               Fri, 15 Jul 2022 16:02:37 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   -1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Fri, 15 Jul 2022 16:13:45 PDT
  Version:                    5

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Authorized Actions:
    no-op
    read
    update
    delete
    add-host-sets
    set-host-sets
    remove-host-sets
    add-host-sources
    set-host-sources
    remove-host-sources
    add-credential-sources
    set-credential-sources
    remove-credential-sources
    authorize-session

  Host Sources:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Brokered Credential Sources:
    Credential Store ID:      csst_cujbDB2bUk
    ID:                       credup_HA2cPRjNmR

  Attributes:
    Default Port:             22

$ boundary targets remove-credential-sources -id ttcp_1234567890 -brokered-credential-so
urce $CRED_ID

Target information:
  Created Time:               Fri, 15 Jul 2022 16:02:37 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   -1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Fri, 15 Jul 2022 16:14:33 PDT
  Version:                    6

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Authorized Actions:
    no-op
    read
    update
    delete
    add-host-sets
    set-host-sets
    remove-host-sets
    add-host-sources
    set-host-sources
    remove-host-sources
    add-credential-sources
    set-credential-sources
    remove-credential-sources
    authorize-session

  Host Sources:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Attributes:
    Default Port:             22

$boundary targets set-credential-sources -id ttcp_1234567890 -brokered-credential-sourc
e $CRED_ID

Target information:
  Created Time:               Fri, 15 Jul 2022 16:02:37 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   -1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Fri, 15 Jul 2022 16:14:51 PDT
  Version:                    7

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Authorized Actions:
    no-op
    read
    update
    delete
    add-host-sets
    set-host-sets
    remove-host-sets
    add-host-sources
    set-host-sources
    remove-host-sources
    add-credential-sources
    set-credential-sources
    remove-credential-sources
    authorize-session

  Host Sources:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Brokered Credential Sources:
    Credential Store ID:      csst_cujbDB2bUk
    ID:                       credup_HA2cPRjNmR

  Attributes:
    Default Port:             22

Validated application still works for all ASD:

$ boundary targets set-credential-sources -id ttcp_1234567890 -application-credential-so
urce $CRED_ID

Target information:
  Created Time:               Fri, 15 Jul 2022 16:02:37 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   -1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Fri, 15 Jul 2022 16:14:51 PDT
  Version:                    7

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Authorized Actions:
    no-op
    read
    update
    delete
    add-host-sets
    set-host-sets
    remove-host-sets
    add-host-sources
    set-host-sources
    remove-host-sources
    add-credential-sources
    set-credential-sources
    remove-credential-sources
    authorize-session

  Host Sources:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Brokered Credential Sources:
    Credential Store ID:      csst_cujbDB2bUk
    ID:                       credup_HA2cPRjNmR

  Attributes:
    Default Port:             22

$  boundary targets remove-credential-sources -id ttcp_1234567890 -application-credential
-source $CRED_ID

Target information:
  Created Time:               Fri, 15 Jul 2022 16:02:37 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   -1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Fri, 15 Jul 2022 16:15:29 PDT
  Version:                    8

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Authorized Actions:
    no-op
    read
    update
    delete
    add-host-sets
    set-host-sets
    remove-host-sets
    add-host-sources
    set-host-sources
    remove-host-sources
    add-credential-sources
    set-credential-sources
    remove-credential-sources
    authorize-session

  Host Sources:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Attributes:
    Default Port:             22

$ boundary targets add-credential-sources -id ttcp_1234567890 -application-credential-so
urce $CRED_ID

Target information:
  Created Time:               Fri, 15 Jul 2022 16:02:37 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   -1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Fri, 15 Jul 2022 16:15:35 PDT
  Version:                    9

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Authorized Actions:
    no-op
    read
    update
    delete
    add-host-sets
    set-host-sets
    remove-host-sets
    add-host-sources
    set-host-sources
    remove-host-sources
    add-credential-sources
    set-credential-sources
    remove-credential-sources
    authorize-session

  Host Sources:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Brokered Credential Sources:
    Credential Store ID:      csst_cujbDB2bUk
    ID:                       credup_HA2cPRjNmR

  Attributes:
    Default Port:             22

[ddebko]

LGTM