Synthetics settings API permission issue

Question

Synthetics settings API permission issue

benconda opened this issue 10 months ago · 4 comments

Bug description

Hello, just configured launching synthetic test from our ci. It works, but we get this strange error :

$ datadog-ci synthetics run-tests --datadogSite "datadoghq.eu" --apiKey "$DD_SYNTHETICS_API_KEY" --appKey "$DD_SYNTHETICS_APP_KEY" --public-id "my test public id"

[xxxx] Found test "xxxx" (1 config override)
View pending summary in Datadog: https://app.datadoghq.eu/synthetics/explorer/ci?batchResultId=xxxx
- Waiting for 1 test (xxxx)…
✓ [xxxxxx] xxxxxx - location: Paris (AWS) - device: chrome.laptop_large
  ⎋ Total duration: 58818 ms - View test run details: https://app.datadoghq.eu/synthetics/details/xxxxx/result/xxxxxx?from_ci=true 
Failed to get settings: query on https://api.datadoghq.eu/api/v1/synthetics/settings returned:
  - Forbidden
  - Failed permission authorization checks
=== REPORT ===
Took 88[40](<gitlab_url>#L40)0ms
View full summary in Datadog: https://app.datadoghq.eu/synthetics/explorer/ci?batchResultId=xxxxx
Continuous Testing Summary:
• Test Results: 1 passed, 0 failed
• Total Duration: 1m 28s

The test is well triggered, so API permission is good, but it fail on an API call api/v1/synthetics/settings can't find this API on API reference, and don't know which API key scope is missing here ? To what I understand in code, it retrieve synthetics organization settings to put in the report.

Describe what you expected

Expect to see no errors on the command result report.

Steps to reproduce the issue

Using the command datadog-ci synthetics run-tests --datadogSite "datadoghq.eu" --apiKey "$DD_SYNTHETICS_API_KEY" --appKey "$DD_SYNTHETICS_APP_KEY" --public-id "my test public id

Additional context

Using latest datadog-ci version : @datadog/datadog-ci@2.27.0

Command

synthetics

Answer 1 · 2024-02-23T18:00:11.000Z

Hi @benconda, we added a card to fix this error in our backlog.

For now, you can ignore it. Everything should work properly 👌

Answer 2 · 2024-04-26T19:01:10.000Z

Any update to this ticket?

Answer 3 · 2024-06-17T16:09:39.000Z

Any update to this ticket?

Answer 4 · 2024-07-30T14:30:59.000Z

Hey folks 👋
Thanks a lot for your patience, this took way longer than we wanted.
It turns out the scoped permission required to access synthetics settings wasn't available, so there wasn't any way for you to properly scope an APP key, and prevent this error message from popping.

But it's fixed now, and you can add the synthetics_default_settings_read scope to your app key to remove this message: