Comment 7 for bug 1949913

I've run into a new issue related to this. The vault charm authorizes a vault role to a certain IP CIDR based on its "unit-name" [1]. When multiple `kubernetes-control-plane/0` units from various models try to create a vault new role, the role cannot be created with a different CIDR range than the first one. I've included a stack-trace for this new issue -- but i believe each unit which is assigned a token will need its role and token scoped via model and unit [2].

[1] https://github.com/openstack/charm-vault/blob/stable/1.8/src/reactive/vault_handlers.py#L652-L666
[2] https://paste.ubuntu.com/p/xthqdJWmKw/