change: [UIE-9888] - Make firewall selection mandatory while creating linode and its interfaces#13410
Conversation
grevanak-akamai
force-pushed
the
feature/UIE-10132-block-interface-creation-without-firewall
branch
from
c096c03 to
4844424
Compare
|
|
||
| export const CreateLinodeInterfaceSchema = object({ | ||
| firewall_id: number().nullable(), | ||
| firewall_id: number() |
There was a problem hiding this comment.
API accepts both -1 and null(will be deprecated soon and will be utilized only to assign default firewall if any) to not to assign a firewall to a linode and hence firewall field has been made mandatory in UI.
grevanak-akamai
force-pushed
the
feature/UIE-10132-block-interface-creation-without-firewall
branch
from
3926c9e to
262df83
Compare
| label="Linode Interfaces - Public Interface Firewall" | ||
| onChange={(e, firewall) => field.onChange(firewall.id)} | ||
| placeholder={DEFAULT_FIREWALL_PLACEHOLDER} | ||
| showNoFirewallOption={false} |
There was a problem hiding this comment.
In future, default firewalls will also support "No Firewalls" option.
grevanak-akamai
requested review from
bnussman-akamai,
coliu-akamai and
jdamore-linode
and removed request for
a team
grevanak-akamai
added
Ready for Review
Linodes
Failure in |
packages/manager/src/features/Linodes/LinodeCreate/Networking/utilities.ts
Outdated
Show resolved
Hide resolved
packages/manager/src/features/Linodes/LinodeCreate/Networking/utilities.ts
Outdated
Show resolved
Hide resolved
packages/manager/src/features/Linodes/LinodeCreate/Networking/utilities.ts
Outdated
Show resolved
Hide resolved
packages/manager/src/features/Linodes/LinodeCreate/Networking/utilities.ts
Outdated
Show resolved
Hide resolved
grevanak-akamai
force-pushed
the
feature/UIE-10132-block-interface-creation-without-firewall
branch
from
5724cc4 to
b700773
Compare
grevanak-akamai
force-pushed
the
feature/UIE-10132-block-interface-creation-without-firewall
branch
from
b700773 to
b5ffc6d
Compare
There was a problem hiding this comment.
Thanks @grevanak-akamai! Had a couple of questions/comments below.
Also, this PR is missing a changeset - do we still need changesets for the release process? looked at some other open PRs and they had changesets - could we add one to this PR?
| firewall_id: number().required( | ||
| 'Select an option or create a new Firewall.' | ||
| ), |
There was a problem hiding this comment.
Should we just have this part say 'Select an option.' only? There's no option to create a firewall on the Add Interface drawer:
There was a problem hiding this comment.
Agree but user can create a firewall from firewalls page if no option is available. So suggesting this message. I can check with our techwriter too.
...inodesDetail/LinodeNetworking/LinodeInterfaces/EditInterfaceDrawer/EditInterfaceFirewall.tsx
Show resolved
Hide resolved
| values.linodeInterfaces = values.linodeInterfaces.map( | ||
| getCleanedLinodeInterfaceValues | ||
| ); | ||
| if (tab === 'Clone Linode' && !values.firewall_id) { |
There was a problem hiding this comment.
lines 41-43 look the same as lines 72-75 - do we need this check here underneath if (context?.isLinodeInterfacesEnabled) if we're running it anyway at lines 72-75?
Also, regarding this comment:
The Clone Linode flow does not have the firewall_id field under interfaces object, so we set firewall_id to -1 to bypass the firewall requirement in the validation schema.
just to double check - since we're keeping the original firewall schema which lets us have undefined values, do we still need this condition & the ones below?
There was a problem hiding this comment.
I agree lines 41-43 is redundant so removed it. However we still need conditions to override firewall_id as we are making it mandatory in CreateLinodeInterfaceSchema. Let me know if I'm missing something here.
There was a problem hiding this comment.
Pull request overview
This PR enforces an explicit firewall choice during Linode creation and when adding Linode interfaces by introducing a “No firewall” selectable option (represented by firewall_id = -1) and showing a warning notice when that option is chosen.
Changes:
- Make firewall selection required in Linode Create (legacy config) and Add Interface flows, while still allowing an explicit “No firewall” selection.
- Extend
FirewallSelectto include a “No firewall (not recommended)” option and an optional warning notice message. - Update unit tests and a broad set of Cypress E2E flows to select a firewall (or “No firewall”) to satisfy the new requirement.
Reviewed changes
Copilot reviewed 45 out of 45 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/validation/src/linodes.schema.ts | Adjusts Create Linode schema firewall field definition (nullable). |
| packages/manager/src/features/VPCs/VPCDetail/SubnetAssignLinodesDrawer.tsx | Passes “No firewall” warning message into firewall selection for VPC interface assignment. |
| packages/manager/src/features/Linodes/constants.ts | Adds shared warning message string for “No firewall” selections. |
| packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/EditInterfaceDrawer/EditInterfaceFirewall.tsx | Disables “No firewall” option in edit-interface firewall selection. |
| packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/utilities.ts | Makes firewall_id required in Add Interface form schema. |
| packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/InterfaceType.tsx | Sets firewall_id to -1 for VLAN interfaces (no firewall support). |
| packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/InterfaceFirewall.tsx | Updates placeholder and passes warning message prop to FirewallSelect. |
| packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/AddInterfaceForm.tsx | Changes default firewall value handling and adjusts validation resolver inputs. |
| packages/manager/src/features/Linodes/LinodeCreate/utilities.test.tsx | Updates tests to include firewall_id in interface fixtures. |
| packages/manager/src/features/Linodes/LinodeCreate/schemas.ts | Adds conditional firewall requirement for legacy config create flow. |
| packages/manager/src/features/Linodes/LinodeCreate/resolvers.ts | Adds -1 sentinel assignments to satisfy validation (incl. Clone flow handling). |
| packages/manager/src/features/Linodes/LinodeCreate/Summary/Summary.tsx | Treats firewall_id = -1 as “no firewall” when computing “Firewall Assigned”. |
| packages/manager/src/features/Linodes/LinodeCreate/Networking/InterfaceType.tsx | Sets per-interface firewall_id to -1 for VLAN interface type. |
| packages/manager/src/features/Linodes/LinodeCreate/Networking/InterfaceFirewall.tsx | Updates placeholder and passes warning message prop to FirewallSelect. |
| packages/manager/src/features/Linodes/LinodeCreate/Networking/Firewall.tsx | Updates placeholder and passes warning message prop to FirewallSelect. |
| packages/manager/src/features/Linodes/LinodeCreate/Firewall.tsx | Updates placeholder and passes warning message prop to FirewallSelect. |
| packages/manager/src/features/Kubernetes/NodePoolFirewallSelect.tsx | Hides “No firewall” option in Kubernetes node pool firewall selection. |
| packages/manager/src/features/Firewalls/components/FirewallSelect.tsx | Adds “No firewall” option, warning notice rendering, and related props. |
| packages/manager/src/features/Firewalls/components/FirewallSelect.test.tsx | Adds unit tests for “No firewall” option and warning notice behavior. |
| packages/manager/src/features/Account/DefaultFirewalls.tsx | Hides “No firewall” option in account default firewall selection fields. |
| packages/manager/cypress/support/util/linodes.ts | Updates test Linode creation payload to use firewall_id = -1. |
| packages/manager/cypress/support/ui/pages/linode-create-page.ts | Adds a reusable Cypress helper to select a firewall from the dropdown. |
| packages/manager/cypress/e2e/core/stackscripts/smoke-community-stackscripts.spec.ts | Mocks firewalls and selects one during Linode creation flow. |
| packages/manager/cypress/e2e/core/stackscripts/create-stackscripts.spec.ts | Mocks firewalls and selects firewall / “No firewall” in create flows. |
| packages/manager/cypress/e2e/core/placementGroups/create-linode-with-placement-groups.spec.ts | Mocks and selects firewall as part of placement group creation scenarios. |
| packages/manager/cypress/e2e/core/oneClickApps/one-click-apps.spec.ts | Mocks and selects firewall in Marketplace/one-click app create flow. |
| packages/manager/cypress/e2e/core/linodes/create-linode.spec.ts | Mocks and selects firewall across multiple Linode create scenarios. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-vpc.spec.ts | Mocks and selects firewall in VPC-related Linode create flows. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-vlan.spec.ts | Mocks and selects firewall in VLAN-related Linode create flows. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-user-data.spec.ts | Mocks and selects firewall for user-data Linode creation. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-ssh-key.spec.ts | Mocks and selects firewall for SSH-key Linode creation scenarios. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-firewall.spec.ts | Refactors firewall selection steps to use the shared page helper. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-disk-encryption.spec.ts | Mocks and selects firewall for disk encryption Linode creation. |
| packages/manager/cypress/e2e/core/linodes/create-linode-with-add-ons.spec.ts | Mocks and selects firewall in add-ons creation flows (incl. legacy selection). |
| packages/manager/cypress/e2e/core/linodes/create-linode-vm-host-maintenance.spec.ts | Mocks and selects firewall in VM host maintenance create flow. |
| packages/manager/cypress/e2e/core/linodes/create-linode-view-code-snippet.spec.ts | Mocks and selects firewall before opening code snippet modal. |
| packages/manager/cypress/e2e/core/linodes/create-linode-mobile.spec.ts | Mocks and selects firewall in mobile viewport create flow. |
| packages/manager/cypress/e2e/core/linodes/create-linode-in-distributed-region.spec.ts | Mocks and selects firewall in distributed region create flow. |
| packages/manager/cypress/e2e/core/linodes/create-linode-in-core-region.spec.ts | Mocks and selects firewall in core region create flow. |
| packages/manager/cypress/e2e/core/linodes/create-linode-blackwell.spec.ts | Mocks and selects firewall in Blackwell GPU create smoke test. |
| packages/manager/cypress/e2e/core/linodes/clone-linode.spec.ts | Mocks and selects firewall during clone-related test flow. |
| packages/manager/cypress/e2e/core/linodes/alerts-create.spec.ts | Mocks and selects firewall in alerts-create related flows. |
| packages/manager/cypress/e2e/core/images/create-linode-from-image.spec.ts | Mocks and selects firewall in “create from image” flow. |
| packages/manager/cypress/e2e/core/helpAndSupport/open-support-ticket.spec.ts | Mocks and selects firewall to satisfy create form in support-ticket scenario. |
| packages/manager/cypress/e2e/core/general/gdpr-agreement.spec.ts | Mocks and selects firewall in GDPR agreement gating flow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/manager/src/features/Linodes/LinodeCreate/resolvers.ts
Outdated
Show resolved
Hide resolved
...ures/Linodes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/utilities.ts
Show resolved
Hide resolved
...odes/LinodesDetail/LinodeNetworking/LinodeInterfaces/AddInterfaceDrawer/AddInterfaceForm.tsx
Show resolved
Hide resolved
grevanak-akamai
force-pushed
the
feature/UIE-10132-block-interface-creation-without-firewall
branch
from
b5ffc6d to
261781e
Compare
coliu-akamai
left a comment
coliu-akamai
left a comment
There was a problem hiding this comment.
thanks @grevanak-akamai, have a few more comments
regarding the e2e tests - not sure why later commits haven't generated an overview of the failing tests. I looked into the smoke-stackscripts one since you mentioned earlier it's related to your changes tho
packages/manager/cypress/e2e/core/stackscripts/smoke-community-stackscripts.spec.ts
Show resolved
Hide resolved
|
|
||
| // Select a firewall | ||
| linodeCreatePage.selectFirewall( | ||
| mockFirewall.label, |
There was a problem hiding this comment.
re: fixing this test, I tried selecting the no firewall option, and it seems to work, at least on my end
| mockFirewall.label, | |
| 'No firewall - traffic is unprotected (not recommended)', |
There was a problem hiding this comment.
Yeah. With actual firewall, it is breaking not sure why.
packages/manager/src/features/Firewalls/components/FirewallSelect.tsx
Outdated
Show resolved
Hide resolved
… linode and its interfaces
grevanak-akamai
force-pushed
the
feature/UIE-10132-block-interface-creation-without-firewall
branch
from
261781e to
cadb44e
Compare
|
@jdamore-linode - can you test the changes in this PR and also take a look at e2e test cases that are failing in this PR? I'm guessing failing ones are not related to changes in this PR. Test report is somehow not generating after pushing commits. |
grevanak-akamai
requested review from
harsh-akamai,
pmakode-akamai,
tanushree-akamai and
tvijay-akamai
| linodeCreatePage.selectRegionById(linodeRegion.id); | ||
| linodeCreatePage.selectPlan('Shared CPU', 'Nanode 1 GB'); | ||
| linodeCreatePage.setRootPassword(randomString(32)); | ||
| // Select a firewall |
There was a problem hiding this comment.
We are selecting firewall twice in one flow.
There was a problem hiding this comment.
This is correct. We are testing both linode interfaces and legacy config profiles in one test case itself. So selecting firewall in both usecases to not break the test flow.
| import type { Firewall } from '@linode/api-v4'; | ||
| import type { EnhancedAutocompleteProps } from '@linode/ui'; | ||
|
|
||
| const NO_FIREWALL_ID = -1; |
There was a problem hiding this comment.
Can we add comments explaining why -1 is used and how it differs from null.
| @@ -137,6 +137,7 @@ export const NodePoolFirewallSelect = (props: NodePoolFirewallSelectProps) => { | |||
| } | |||
| }} | |||
| placeholder="Select firewall" | |||
There was a problem hiding this comment.
Can we standardize the placeholder with other files
There was a problem hiding this comment.
We have a default placeholder added in the parent component. So I think having another layer of standardization is not required.
|
I will re-review this today |
…n-without-firewall
bnussman-akamai
left a comment
bnussman-akamai
left a comment
There was a problem hiding this comment.
Required firewall seems to be working.
Will continue to test and monitor after this is merged.
| const firewallOptions = useMemo( | ||
| () => [ | ||
| ...(options ? options : (firewalls ?? [])), | ||
| ...(showNoFirewallOption ? [noFirewallOption] : []), |
There was a problem hiding this comment.
From a UX standpoint, I worry that it will be a frustrating experience having the "No Firewall" option last in the dropdown.
If a customer has just a few firewalls on their account, they may not even know that "No Firewall" is an option because it won't be in the viewport.
We're adding more friction for users to create Linodes but I guess that's the point of this change
| const valuesWithOnlySelectedInterface = getCleanedLinodeInterfaceValues( | ||
| structuredClone(rawValues) | ||
| ); |
There was a problem hiding this comment.
Rather than making this change, maybe we cast here?
const valuesWithOnlySelectedInterface = getCleanedLinodeInterfaceValues(
structuredClone(rawValues)
) as CreateInterfaceFormValues;
coliu-akamai
left a comment
coliu-akamai
left a comment
There was a problem hiding this comment.
thanks Ganesh - left a comment below. Also just double checking - is UIE-9888 the right ticket number for this PR? When I navigated to that ticket, I saw something related to nodebalancers
| mockGetUserPreferences({ desktop_sidebar_open: false }).as( | ||
| 'getPreferences' | ||
| ); | ||
| mockGetFirewalls([mockFirewall]).as('getFirewalls'); |
There was a problem hiding this comment.
we can remove this, lines 289-292, and the other unused imports if we're only selecting the No Firewalls option - don't need to mock an existing firewall
…n-without-firewall
Cloud Manager UI test results🔺 3 failing tests on test run #13 ↗︎
Details
TroubleshootingUse this command to re-run the failing tests: pnpm cy:run -s "cypress/e2e/core/parentChild/account-switching.spec.ts,cypress/e2e/core/objectStorage/object-storage.e2e.spec.ts" |
|||||||||||||||||||||||
|
just a heads up - I noticed a bug when creating a Linode from backups, where the interface selection is incorrectly disabled. The bug is unrelated to this PR (saw it while testing the firewalls stuff though) relevant works:
Steps to reproduce: For all account setting options except for Configuration Profile Interface only:
For an account setting with Configuration Profile Interface only:
I think I have a fix here, just testing a few more things See video to view behavior: linode-backups-behavior.mov |
jdamore-linode
left a comment
jdamore-linode
left a comment
There was a problem hiding this comment.
@jdamore-linode - can you test the changes in this PR and also take a look at e2e test cases that are failing in this PR? I'm guessing failing ones are not related to changes in this PR. Test report is somehow not generating after pushing commits.
Thanks Ganesh, test changes all look good and I confirmed that the other E2E failures are unrelated and can be ignored for the PR. I'll keep an eye on this and will test it once it's merged to develop 👍
Description 📝
Make firewall selection mandatory while creating linode and its interfaces. If there are no firewalls or user doesn't wants to assign a firewall to a linode, "No firewall" option can be selected but the firewall field cannot be left blank.
Changes 🔄
List any change(s) relevant to the reviewer.
Scope 🚢
Upon production release, changes in this PR will be visible to:
Target release date 🗓️
Mar 2026
Preview 📷
How to test 🧪
Prerequisites
Verification steps
Author Checklists
As an Author, to speed up the review process, I considered 🤔
👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support
As an Author, before moving this PR from Draft to Open, I confirmed ✅