When an active charm that was deployed without --trust is upgraded with a version that needs it, the install hook may fail with something like:
unit-avalanche-k8s-0: 19:30:36 ERROR unit.avalanche-k8s/0.juju-log Unable to patch the Kubernetes service: Failed to patch k8s service: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Audit-Id': 'f8971ccf-9123-463a-8325-dfaef46f8901', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '1e8617f5-5d7a-481e-ab58-31ff4cb18118', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'e85c10bd-62ac-44b0-8a25-ec27d00ad734', 'Date': 'Wed, 01 Feb 2023 19:30:36 GMT', 'Content-Length': '375'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"services \"avalanche-k8s\" is forbidden: User \"system:serviceaccount:test-upgrade-charm-u8xq:avalanche-k8s\" cannot delete resource \"services\" in API group \"\" in the namespace \"test-upgrade-charm-u8xq\"","reason":"Forbidden","details":{"name":"avalanche-k8s","kind":"services"},"code":403}
Currently, `refresh` does not support it:
ERROR option provided but not defined: --trust
This seems reasonable. We'd also want to look at adding a --trust=false or --revoke-trust option.