Put AutomationClients in the config
mcpherrinm opened this issue · 0 comments
I think it might be nicer operationally if we put AutomationClients in the configuration.
There's been a bunch of times in dev setups I've had to jump through an extra hoop for setup to mark a client as an automation enabled one, but it would have been straightforward in code.
Config changes are peer-reviewed and tracked in source control, but DB changes aren't. We don't have any tooling to mark a client as automation -- we just run a SQL query.
In my experience with Keywhiz, the number of needed automation clients is small (single digits). So this is fine.
It'll allow us to easily expand a more fine-grained ACL system easier in the future, since the yaml files can be extended without needing DB migrations, etc.
If nobody protests, I'll make a PR for this next week.