Datadog Synthetics Tests with client certificates

kapi-caz · February 3, 2022, 7:30am

Hi!

I’ve an understanding issue how to create a Datadog Synthetics Tests with client certificates. I used this (documentation)[Terraform Registry]
but I’m not sure in which format the certificate and key have to be.

My code looks like this here:

resource "datadog_synthetics_test" "my_health_check" {
  type    = "api"
  subtype = "http"
  request_definition {
    method = "GET"
    url    = "https://${var.custom_domain_name}/health/ready"
  }
  request_headers = {
    Content-Type = "application/json"
  }
  request_client_certificate {
    cert {
      content = var.client_cert
    }
    key {
      content = var.client_cert_key
    }
  }
[...]

variable "client_cert" {
  type = string
  sensitive = true
}

variable "client_cert_key" {
  type = string
  sensitive = true
}

The certificate & key are in PEM format and it works if I load them manually in the UI.
How should the content for ‘cert’ and ‘key’ look like?
I tried to base64 the content or insert the content directly but doesn’t work. I get the same error in Datadog:
‘# We couldn’t test any of the assertions.
SSL: The SSL connection couldn’t be performed (ERR_BAD_SSL_CLIENT_AUTH_CERT).’

kapi-caz · February 9, 2022, 12:56pm

After talking with the Datadog support and debugging the Terraform output, I found out:

Datadog API accepts the certificate and key in the following format: “-----BEGIN CERT-----\n[…]” → you have to make the line breaks literal.
Terraform but escapes the backslash → \n => \n, and sends this to Datadog which results in the SSL Error in the UI.