If you’re new to Juju, it can be confusing to see several variants of seemingly similar functionality. The commands
juju grant and
juju grant-cloud all have something to do with permissions and access. Which do you choose?
There’s an underlying philosophy within Juju to use a larger number of smaller commands, rather than fewer, broader commands.
Why? Using multiple commands dramatically decreases the likelihood of accidentally issuing the wrong one. It also simplifies each command’s the implementation.
Explaining the commands
Each command is used in a different context and as a different purpose:
Charm authors can add licence agreements to their charms. For example, the
ssl-termination-proxy charm requires you to accept the terms provided by Let’s Encypt before it will install.
Accessing a Juju model requires permission. The
juju grant command allows operators, such as the model’s creator, to granting access to others in their team.
The grant-cloud command, like the grant command, is also related to user permissions. Whereas the grant command allows other users to interact with a single model,
juju grant-cloud can allow users to create new models into and become administrators of a cloud.
Sometimes a charm may wish to communicate with the cloud provider’s API directly.
juju trust enables you to delegate the credentials that you’ve provided to the controller to the charm.
juju trust is often required with “integrator charms”. They need to access cloud providers’ APIs directly to do things like provision storage.