[Ruby] Deployment not recorded: Forbidden

Hi.

Maybe someone could help me here:
I’m trying to record deployments using newrelic ruby agent. I’m running it with arguments:

newrelic deployment --revision ${HEROKU_RELEASE_VERSION} --license-key=KEY ${NEW_RELIC_LICENSE_KEY} --appname ${NEW_RELIC_APP_NAME}

But the response I get from NewRelic is: Deployment not recorded: Forbidden

Full log here:

Deployment not recorded: Forbidden
** [NewRelic][2021-03-01 14:15:38 +0000 release.5557 (76)] WARN : No configuration file found. Working directory = /app
** [NewRelic][2021-03-01 14:15:38 +0000 release.5557 (76)] WARN : Looked in these locations (based on defaults): /app/config/newrelic.yml, /app/newrelic.yml, /app/config/newrelic.yml.erb, /app/newrelic.yml.erb, /app/config/newrelic.yml, /app/newrelic.yml, /app/config/newrelic.yml.erb, /app/newrelic.yml.erb, /app/.newrelic/newrelic.yml, /app/newrelic.yml, /app/.newrelic/newrelic.yml.erb, /app/newrelic.yml.erb
** [NewRelic][2021-03-01 14:15:38 +0000 release.5557 (76)] INFO : Running Capistrano from 'production' environment for application '***APPNAMEHERE****'
Makefile:73: recipe for target 'newrelic-deployment' failed
make: *** [newrelic-deployment] Error 1

The same error I get when I’m trying to run it with all arguments from dev’s env command line.

Hi @dev233 - I recall that, as a general rule of thumb, any API that posts data requires an Admin API key.

@nmcnamara - The Deployment API documentation is not explicit on the type of API key required. Please could this be updated?

What you mean by Admin API key - the one generated at https://one.eu.newrelic.com/launcher/api-keys-ui.launcher ?

I’ve tried that already. The same response.

Also the ruby agent seems to use licence key: https://github.com/newrelic/newrelic-ruby-agent/blob/dev/lib/new_relic/cli/commands/deployments.rb#L85

I have just looked at the documentation and discovered that Admin keys are now user keys. Apologies as I was not aware of this change.

Hopefully someone from support will be able to explain why this is not working and how the User API keys now work for POST methods.

1 Like

Thank you @stefan_garnham for troubleshooting with @dev233 :slight_smile: I have reached out to our ruby team to see if they can provide further help.

New Relic has been working on reducing complexity of all the different types of API keys, so it’s understandably confusing at the moment.

It looks like in the UI, the right key to generate and use is an INGEST-LICENSE key.

image

Hopefully, this helps!

2 Likes

Ok, so let’s debug it again. Now I’m using Ingest - Licence key, and the results are:

Using CURL:

❯ curl -X POST "https://api.newrelic.com/v2/applications/APP_ID_HERE/deployments.json" \
                                    -H "Api-Key: INGEST_KEY_HERE" \
                                    -i \
                                    -H "Content-Type: application/json" \
                                    -d \
                               '{
                                 "deployment": {
                                   "revision": "v1",
                                   "changelog": "Just testing, from CURL",
                                   "description": "Test deployment from CURL",
                                   "user": "dev@growthtribe.nl",
                                   "timestamp": "2021-03-04T10:00:00Z"
                                 }
                               }'

HTTP/1.1 401 Unauthorized
Proxied-By: Service Gateway
Content-Security-Policy: frame-ancestors *.newrelic.com
Cache-Control: no-cache
Content-Length: 42
Content-Type: application/json
Date: Fri, 05 Mar 2021 09:56:57 GMT
Server: nginx
Status: 401 Unauthorized
X-Rack-Cache: invalidate, pass
X-Request-Id: 325a7e23ccd746f7493863e6729eb598
X-Runtime: 0.008050
X-Ua-Compatible: IE=Edge,chrome=1

{"error":{"title":"No API key specified"}}

using the NewRelic’s ruby agent:

❯ newrelic deployments --revision meh --license-key INGEST_KEY_HERE --appname APP_NAME_HERE
Deployment not recorded: Forbidden
❯ newrelic deployments --revision meh --license-key INGEST_KEY_HERE --appname APP_ID_HERE
Deployment not recorded: Forbidden

Using this creator I was able to push deployment to NewRelic - but the API key INGEST was invalid - a USER created API key works.

This is good to know. I am curious what documentation you reviewed at the outset and if we can improve that to avoid the pain you experienced finding the right API keys to use.

Also, Just to be clear, the INGEST_KEY_HERE values I see your examples above were your redacting on copying and pasting here and not the actual values seen in transmission to our hosts, right?