If you’re new to Juju, it can be confusing to see several variants of seemingly similar functionality. The commands juju agree, juju trust, juju grant and juju grant-cloud all have something to do with permissions and access. Which do you choose?
Background
There’s an underlying philosophy within Juju to use a larger number of smaller commands, rather than fewer, broader commands.
Why? Using multiple commands dramatically decreases the likelihood of accidentally issuing the wrong one. It also simplifies each command’s the implementation.
Explaining the commands
Each command is used in a different context and as a different purpose:
juju accept
Charm authors can add licence agreements to their charms. For example, the ssl-termination-proxy charm requires you to accept the terms provided by Let’s Encypt before it will install.
juju grant
Accessing a Juju model requires permission. The juju grant command allows operators, such as the model’s creator, to granting access to others in their team.
juju grant-cloud
The grant-cloud command, like the grant command, is also related to user permissions. Whereas the grant command allows other users to interact with a single model, juju grant-cloud can allow users to create new models into and become administrators of a cloud.
juju trust
Sometimes a charm may wish to communicate with the cloud provider’s API directly. juju trust enables you to delegate the credentials that you’ve provided to the controller to the charm.
juju trust is often required with “integrator charms”. They need to access cloud providers’ APIs directly to do things like provision storage.