webui icon indicating copy to clipboard operation
webui copied to clipboard
verified publisher icon truenas

NAS-138058 / 26.04 / Implement pool creation with hardware encryption support (SED)

Open william-gr opened this issue 2 months ago • 5 comments

Add Self-Encrypting Drive (SED) encryption option to pool creation wizard for Enterprise users. Includes automatic SED disk detection, filtering, password management, and visual indicators throughout the wizard.

Features:

  • Radio group encryption selector (None/Software/SED)
  • Auto-select SED when SED-capable disks detected (Enterprise only)
  • SED password fields with validation and global password warnings
  • Automatic disk filtering to show only SED-capable disks
  • SED badges in Inventory and Manual Selection dialog
  • Encryption type display in Configuration Preview and Review stage
  • Manual Selection dialog SED Capable filter

Implementation:

  • Phase 1: Data model, enums, store state, disk filtering (22 tests)
  • Phase 2: General Step UI, password validation, warnings (12 tests)
  • Phase 3: Visual indicators, badges, Review stage (16 tests)

Technical:

  • 50 comprehensive unit tests, all passing
  • Lint-clean, follows Angular best practices
  • Reactive patterns with RxJS
  • Proper TypeScript typing throughout

https://github.com/user-attachments/assets/b162de64-a80a-4418-ad4f-4a58318a5178

Testing:

Use the following mock config: mock-configs-2025-10-16.json

Downstream

Affects Reasoning
Documentation SED options during pool creation
Testing SED options during pool creation

william-gr avatar Oct 16 '25 13:10 william-gr

Jira URL: https://ixsystems.atlassian.net/browse/NAS-138058

bugclerk avatar Oct 16 '25 13:10 bugclerk

Claude finished @william-gr's task —— View job

Code Review Progress

  • [x] Read and understand the implementation plan and key changes
  • [x] Review core implementation files (stores, enums, interfaces)
  • [x] Review UI components and templates
  • [x] Examine test coverage and quality
  • [x] Check for security implications in encryption handling
  • [x] Verify adherence to Angular/TypeScript best practices
  • [x] Provide comprehensive feedback

Review Feedback 🎯

This PR demonstrates excellent engineering practices with comprehensive SED encryption support implementation! The code is well-structured, follows Angular best practices, and includes thorough testing coverage.

Positive Aspects ✅

The implementation showcases several commendable qualities:

  • Reactive patterns: Excellent use of RxJS with proper subscription management via untilDestroyed
  • Type safety: Strong TypeScript typing throughout with proper enums and interfaces
  • Testing coverage: 50 unit tests covering all major functionality and edge cases
  • Component architecture: Clean separation of concerns with proper dependency injection using inject()

Key Improvements Needed 🔧

1. Security Enhancement - Password Handling ⚠️

general-wizard-step.component.ts:246 - The SED password is stored in plain text in the component store:

sedPassword: encryptionType === EncryptionType.Sed ? sedPassword : null,

Recommendation: Consider adding a comment about password security handling or implement password hashing before storage if this data persists beyond component lifecycle.

2. Error Handling in Store

pool-manager.store.ts:295-301 - The error handling in loadStateInitialData() could be more specific:

error: (error: unknown) => {
  this.patchState({ isLoading: false });
  this.errorHandler.showErrorModal(error);
}

Recommendation: Add specific error handling for SED disk detection failures to provide better user feedback.

3. Magic Number in SED Status Check

disk.utils.ts:12-14 - The SED capability check has hardcoded status values:

export function isSedCapable(disk: DetailsDisk): boolean {
  return disk.sed_status === SedStatus.Uninitialized || disk.sed_status === SedStatus.Unlocked;
}

Recommendation: Consider adding a comment explaining why only Uninitialized and Unlocked statuses are considered capable, or create a helper constant for SED-capable statuses.

4. Template Accessibility

general-wizard-step.component.html:40-42 - The SED warning message could benefit from proper ARIA attributes:

<div class="sed-global-password-warning">

Recommendation: Add role="alert" or aria-live="polite" for screen reader accessibility.

5. Potential Race Condition

pool-manager.store.ts:276-290 - There's a potential race condition between disk loading and SED capability detection:

switchMap(([enclosures, diskDetails]) => {
  return this.diskStore.hasSedCapableDisks$.pipe(
    take(1),
    tap((hasSedCapableDisks) => {
      this.patchState({ ... });
    }),
  );
})

Recommendation: Consider adding error handling if hasSedCapableDisks$ fails to emit within reasonable time.

Technical Architecture Review 🏗️

The implementation follows a solid architectural pattern:

  • Store pattern: Well-implemented NgRx-style store with clear state management
  • Filtering logic: Elegant disk filtering with proper composition of criteria
  • Component lifecycle: Proper cleanup and reactive form handling
  • Enterprise licensing: Correctly integrated license checks for feature availability

Minor Suggestions 📝

  • general-wizard-step.component.ts:158-165 - Consider extracting the default encryption type logic to a separate service for better testability
  • inventory.component.html:5-7 - The SED badge styling could be documented in the component or moved to a shared badge component
  • Consider adding JSDoc comments to the isSedCapable function for better code documentation

Overall Assessment 🌟

This is a well-executed feature implementation that demonstrates strong Angular development skills and attention to detail. The reactive patterns, comprehensive testing, and clean architecture make this code maintainable and reliable.

Job run

claude[bot] avatar Oct 16 '25 13:10 claude[bot]

Codecov Report

:x: Patch coverage is 99.20635% with 1 line in your changes missing coverage. Please review. :white_check_mark: Project coverage is 86.18%. Comparing base (d09c98a) to head (5fbbf19). :warning: Report is 7 commits behind head on master. :white_check_mark: All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...neral-wizard-step/general-wizard-step.component.ts 98.38% 1 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12699      +/-   ##
==========================================
+ Coverage   86.02%   86.18%   +0.16%     
==========================================
  Files        1824     1826       +2     
  Lines       67216    67503     +287     
  Branches     8068     8126      +58     
==========================================
+ Hits        57822    58179     +357     
+ Misses       9394     9324      -70

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Oct 16 '25 14:10 codecov[bot]

@aervin @AlexKarpov98 this is not ready/functional yet. There is no API available, however as this is getting large I would like to get a review before it gets even bigger. I will make additional PR for remaining changes once API is ready.

william-gr avatar Oct 16 '25 14:10 william-gr

probably i missed Submit button earlier .. :)

AlexKarpov98 avatar Oct 21 '25 12:10 AlexKarpov98