Creating and enabling IONOS Cloud LaaS users

In this blog post, I highlighted how we use the IONOS Cloud LaaS solution to collect the Logs from our Nomad cluster. But how to give users access to the logs?

Recently, I encountered an issue that caught me off guard. After creating a new user in the IONOS Cloud DCD (Data Center Designer) and granting them access to use the LaaS, I was surprised to find that they couldn't log in.

Following a discussion with IONOS support and a thorough review of the documentation, I discovered that the user needs to be explicitly enabled for LaaS access.

It turns out there are two options to achieve this:

1. The user needs to create a Logging pipeline

According to IONOS Support, when a user creates a new Logging pipeline, the user gets enabled automatically for LaaS access. See the docs how to create a new Logging pipeline via the IONOS Cloud API.

Given that the user didn't require the ability to create new Logging pipelines, I opted for the second method outlined below to enable their access, avoiding the unnecessary step of creating and immediately deleting a pipeline.

2. Manually enable the user for LaaS access

This process consists of two simple steps:

1. First, we need to retrieve an access token by authenticating the user against the https://api.ionos.com/auth/v1/tokens/generate API endpoint and sending the user's email address and password in a GET request. In return, we get a Bearer token that we need to pass in the next request.

2. Second, we need to enable the user for LaaS access by sending a PUT request to the https://logging.de-txl.ionos.com/central API endpoint. For the sake of simplicity, let's use the curl command to send the request:

curl -H "Authorization: Bearer ${AUTH_TOKEN_FROM_STEP_1}" \
-H "Content-Type: application/json" \
-d '{"properties":{"enabled": true}}' \
-X PUT https://logging.de-txl.ionos.com/central

Once these steps are completed, the user is able to log in to the LaaS instance without any issues.