feat: [UIE-10284] - IAM: session token refresh

[aaleksee-akamai]

Description 📝

This PR fixes an issue with the session token during refresh.

• For account_admin / account_viewer, we only need to send a request using the parent token
• For not account_admin / account_viewer users, we don’t know the euuid because it is retrieved from the account endpoint, which returns 403 Unauthorized. So we need to take an euuid from child test account, store it and then use it to refresh a session

Delegate users without account_admin / account_viewer roles are not able to switch back to parent account because they have 403 Unauthorized from /account endpoint, so we do not have the euuid.

Changes 🔄

List any change(s) relevant to the reviewer.

• Send a payload with a parent token
• Fix a routing issue for delegate users
• Add logic for getting a euuid

Scope 🚢

Upon production release, changes in this PR will be visible to:

• All customers
• Some customers (e.g. in Beta or Limited Availability)
• No customers / Not applicable

How to test 🧪

Prerequisites

(How to setup test environment)

• use legacy parent account
• use account_admin parent account
• use not account_admin parent account

Reproduction steps

(How to reproduce the issue, if applicable)

• Login to CM as parent user and switch account to be delegate user.
• Wait for some time (around 10 mins). (You can modify timeRemaining.minutes to 13 in the SessionExpirationDialog component so you don’t have to wait)
• "Your session is about to expire" popup will appear.
• Click "Continue Working" button.

Verification steps

(How to verify changes)

• Session refresh works for all accounts

Author Checklists

As an Author, to speed up the review process, I considered 🤔

👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support

• I have read and considered all applicable items listed above.

As an Author, before moving this PR from Draft to Open, I confirmed ✅

• All tests and CI checks are passing
• TypeScript compilation succeeded without errors
• Code passes all linting rules

[abailly-akamai]

@aaleksee-akamai based on our recent discussions I think we can close this one

[aaleksee-akamai]

@aaleksee-akamai based on our recent discussions I think we can close this one

@abailly-akamai , i can remove the logic for users without permissions, cause that PR fixes an issue with token

[abailly-akamai]

Sounds good!

[linode-gh-bot]

Cloud Manager UI test results

🔺 8 failing tests on test run #1 ↗︎

❌ Failing	✅ Passing	↪️ Skipped	🕐 Duration
8 Failing	861 Passing	11 Skipped	45m 46s

Details

Failing Tests
	Spec	Test
❌	alerting-notification-channel-permission-tests.spec.ts	Cloud Manager Cypress Tests→Notification Channel Listing Page — Access Control » allows access when notificationChannels is enabled
❌	alerting-notification-channel-permission-tests.spec.ts	Cloud Manager Cypress Tests→Notification Channel Listing Page — Access Control » hides the Notification Channels tab when notificationChannels is disabled
❌	smoke-linode-landing-table.spec.ts	Cloud Manager Cypress Tests→linode landing checks » checks the landing page side menu items
❌	smoke-linode-landing-table.spec.ts	Cloud Manager Cypress Tests→linode landing checks » checks the create menu dropdown items
❌	vpc-linodes-update.spec.ts	Cloud Manager Cypress Tests→VPC assign/unassign flows » can assign Linode(s) to a VPC
❌	vpc-linodes-update.spec.ts	Cloud Manager Cypress Tests→VPC assign/unassign flows » can assign a Linode without auto-assigning an IPv4 to a VPC
❌	account-switching.spec.ts	Cloud Manager Cypress Tests→Parent/Child account switching→From Child to Parent » can switch from Proxy user back to Parent account user from Billing page
❌	account-switching.spec.ts	Cloud Manager Cypress Tests→Parent/Child account switching→From Child to Child » can switch to another Child account as a Proxy user

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/cloudpulse/alerting-notification-channel-permission-tests.spec.ts,cypress/e2e/core/linodes/smoke-linode-landing-table.spec.ts,cypress/e2e/core/vpc/vpc-linodes-update.spec.ts,cypress/e2e/core/parentChild/account-switching.spec.ts"

[abailly-akamai]

Thank you! I wish we could get some end to end testing for this but I am not even sure it is possible