Extending Datadog integration with REST API access

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

The current Datadog integration supports configuring webhooks for CI pipelines visibility.

We would like to extend the integration's capabilities, to add the following features:

  • Link Datadog telemetry to GitLab repositories, and display in-line code snippets in Datadog
  • Track commits and Merge Requests tied to an application release
  • Create GitLab issues directly from Datadog's products (e.g. error tracking)
  • Add GitLab actions to the Datadog Workflows actions catalog
  • ... probably more in the future !

To implement these features, Datadog would need, for each group or project where the user wishes to configure the integration:

  1. access to the REST API endpoints, and git-over-http repositories on behalf of Datadog's backend (not tied to a particular GitLab user)
  2. access to the REST API on behalf of a GitLab user (through an OAuth2 application), e.g. to display code snippets only if the user has access to it on GitLab

Our current approach for this would be the following:

  1. Ask users to generate group / project access tokens, and paste them into a config page in their Datadog account
  2. Ask users to create an OAuth2 application, and paste the client ID / client secret in their Datadog account

This requires the user to go through a lot of manual steps, which can be error-prone, and exposes sensitive tokens to the user. We're also concerned about the expiration of access tokens, which could break the integration unexpectedly and require a manual intervention from a GitLab Group/project admin to be fixed.

To make the integration as seamless as possible for the end user, we would like to evaluate the possibility of having the native Datadog integration (on the GitLab side) perform the following when it's configured:

  • Create a pre-configured OAuth2 application, and transfer the credentials to Datadog
  • Create an access token for the project / group, and transfer it to Datadog. And possibly, have the token be regularly renewed to get around expiration concerns ?

Are these things supported by GitLab, or do any existing integrations have similar requirements and configuration workflows ?

Thank you in advance for any feedback you might have!

Edited by 🤖 GitLab Bot 🤖