User Guide: detangling three related commands - "juju agree", "juju trust", "juju grant"

If you’re new to Juju, it can be confusing to see several variants of seemingly similar functionality. The commands juju agree, juju trust, juju grant and juju grant-cloud all have something to do with permissions and access. Which do you choose?


There’s an underlying philosophy within Juju to use a larger number of smaller commands, rather than fewer, broader commands.

Why? Using multiple commands dramatically decreases the likelihood of accidentally issuing the wrong one. It also simplifies each command’s the implementation.

Explaining the commands

Each command is used in a different context and as a different purpose:

juju accept

Charm authors can add licence agreements to their charms. For example, the ssl-termination-proxy charm requires you to accept the terms provided by Let’s Encypt before it will install.

juju grant

Accessing a Juju model requires permission. The juju grant command allows operators, such as the model’s creator, to granting access to others in their team.

juju grant-cloud

The grant-cloud command, like the grant command, is also related to user permissions. Whereas the grant command allows other users to interact with a single model, juju grant-cloud can allow users to create new models into and become administrators of a cloud.

juju trust

Sometimes a charm may wish to communicate with the cloud provider’s API directly. juju trust enables you to delegate the credentials that you’ve provided to the controller to the charm.

juju trust is often required with “integrator charms”. They need to access cloud providers’ APIs directly to do things like provision storage.