The cloud specification is really a controller property, and in Scenario the Model object is closest to the controller. This means that it is more logical to have the cloud_spec property on the Model object than on State.
The one charm (application) specific aspect of credential-get is trust - you don't trust an entire model at a time, you trust individual applications. However, trust is broader than cloud credentials (e.g. the extra access available with k8s). To facilitate this, a new app_trusted Boolean attribute is added to the Context, which controls whether the cloud specification can be accessed (and might do other things in the future).
The cloud specification is really a controller property, and in Scenario the
Model
object is closest to the controller. This means that it is more logical to have thecloud_spec
property on theModel
object than onState
.The one charm (application) specific aspect of
credential-get
is trust - you don't trust an entire model at a time, you trust individual applications. However, trust is broader than cloud credentials (e.g. the extra access available with k8s). To facilitate this, a new app_trusted
Boolean attribute is added to theContext
, which controls whether the cloud specification can be accessed (and might do other things in the future).