upcoming: [M3-8020] – Add "Disk Encryption" section to Linode Rebuild modal

[dwiley-akamai]

Description 📝

Add "Disk Encryption" section to Linode Rebuild modal.

Note

I came across an existing edge case where it is possible that a field absent from the Rebuild dialog can still cause the Rebuild request to fail silently. See M3-8237.

Changes 🔄

• Add isLKELinode, linodeIsInDistributedRegion, and isInRebuildFlow props to AccessPanel.tsx
• Several props added to RebuildFromImage & RebuildFromStackScript

Target release date 🗓️

6/24

Preview 📷

Screenshots

Standard Linode in a region that supports LDE:

Linode in Distributed region:

LKE Linode:

How to test 🧪

Prerequisites

1. Have the linode_disk_encryption tag on your account
2. Point at the alpha/dev environment
3. Have the Linode Disk Encryption (LDE) flag in our dev tool toggled on

Verification steps

Without the tag and/or with the LDE flag in our dev tool toggled off, you should not see any LDE-related things in the UI. Otherwise,

• for a non-LKE linode in Newark, the "Encrypt Disk" checkbox in the Rebuild modal should be enabled and you should be able to successfully rebuild it
• for an LKE linode, the "Encrypt Disk" checkbox in the Rebuild modal should be disabled with:
  • section description copy reading: Secure this Linode using data at rest encryption. The disk encryption setting for Linodes added to a node pool will not be changed after rebuild.
  • tooltip text reading: The Encrypt Disk setting cannot be changed for a Linode attached to a node pool.
• for a linode in a Distributed region, the "Encrypt Disk" checkbox in the Rebuild modal should be disabled with:
  • section description copy reading: Distributed Compute Instances are secured using disk encryption.
  • tooltip text reading: The Encrypt Disk setting cannot be changed for distributed instances.

The last two cases can be easily tested by adjusting this code block as needed and turning the MSW on:

manager/packages/manager/src/mocks/serverHandlers.ts

Lines 768 to 778 in 0e2d367

	http.get('*/linode/instances/:id', async ({ params }) => {
	const id = Number(params.id);
	return HttpResponse.json(
	linodeFactory.build({
	backups: { enabled: false },
	id,
	label: 'Gecko Edge Test',
	region: 'us-edge-1',
	})
	);
	}),

      linodeFactory.build({
        backups: { enabled: false },
        id,
        label: 'Gecko Edge Test',
        lke_cluster_id: null, // change to a number to see the LKE Linode state
      })

Things should work when rebuilding from an image, a Community StackScript, and an Account StackScript.

Rebuilding an encrypted linode --> the "Encrypt Disk" checkbox should be checked already in the modal to reflect the current configuration

There should be no adverse effects observed if you switch to the prod environment and turn the feature flag off.

As an Author I have considered 🤔

• 👀 Doing a self review
• ❔ Our contribution guidelines
• 🤏 Splitting feature into small PRs
• ➕ Adding a changeset
• 🧪 Providing/Improving test coverage
• 🔐 Removing all sensitive information from the code and PR description
• 🚩 Using a feature flag to protect the release
• 👣 Providing comprehensive reproduction steps
• 📑 Providing or updating our documentation
• 🕛 Scheduling a pair reviewing session
• 📱 Providing mobile support
• ♿ Providing accessibility support

[dwiley-akamai]

Diff generated by linter

[dwiley-akamai]

I preferred this over the initial commit's nested ternaries

const encryptDiskDisabledReason = isLKELinode
    ? ENCRYPT_DISK_DISABLED_REBUILD_LKE_REASON
    : linodeIsInDistributedRegion
    ? ENCRYPT_DISK_DISABLED_REBUILD_DISTRIBUTED_REGION_REASON
    : !regionSupportsDiskEncryption
    ? DISK_ENCRYPTION_UNAVAILABLE_IN_REGION_COPY
    : '';

[abailly-akamai]

much nicer indeed :D - switch statement is also a good option for readability

[abailly-akamai]

Nice PR! well tested and documented

Was able to confirm:

• for a non-LKE linode in Newark, the "Encrypt Disk" checkbox in the Rebuild modal should be enabled and you should be able to successfully rebuild it ✅
• for an LKE linode, the "Encrypt Disk" checkbox in the Rebuild modal should be disabled with tooltip text reading: The Encrypt Disk setting cannot be changed for a Linode attached to a node pool. ✅
• for a linode in a Distributed region, the "Encrypt Disk" checkbox in the Rebuild modal should be disabled with tooltip text reading: The Encrypt Disk setting cannot be changed for distributed instances. ✅

and confirmed it is also still disabled in unsupported regions (ex: London)

[abailly-akamai]

much nicer indeed :D - switch statement is also a good option for readability

[abailly-akamai]

Suggested change

	const isEncrypted = linode?.disk_encryption === 'enabled' ? true : false;
	const isEncrypted = Boolean(linode?.disk_encryption === 'enabled' );

[dwiley-akamai]

Thanks for bringing this to my attention, upon second look we should be fine with just the equality check

[github-actions]

Coverage Report: ✅
Base Coverage: 82.76%
Current Coverage: 82.81%

[carrillo-erik]

Good job catching this edge case. I was able to follow the Verification Steps and did not notice find any issues with functionality or the UI. Approved ✅.