[fix] Ensure VpnClient.post_delete fires on template removal #1221 [backport 1.2]

[mn-ram]

Backport of #1277 to the 1.2.x branch

This is a backport of the fix for issue #1221 targeting the 1.2 maintenance branch.

Problem

QuerySet.delete() performs a bulk delete bypassing per-instance post_delete signals. When VPN clients are deleted in bulk, the VpnClient.post_delete handler does not fire, leaving:

• Peer cache not invalidated
• Client certificates not revoked
• IP addresses not released (Wireguard)

Solution

Replaced all three bulk .delete() calls with per-instance deletion loops using .select_related("vpn", "cert", "ip").iterator() and transaction.atomic().

Also fixed the serializers.py vpn cleanup logic: vpn_list was built from the old templates so .exclude(vpn__in=vpn_list) never matched the client being removed. Now uses new_vpn_ids from config_templates (the incoming new set).

Files changed

• config/base/config.py — two bulk deletes replaced (deactivation + template sync)
• config/api/serializers.py — bulk delete replaced + vpn_list logic fixed
• config/tests/test_vpn.py — three regression tests added
• CHANGES.rst — changelog entry under 1.2.3 [unreleased]

Fixes #1221

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: cab95c77-f33a-454f-8b20-1052e1420fb5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mn-ram]

Closing this manual backport. The automated backport workflow will create the 1.2 backport PR automatically once #1277 is merged, provided the commit includes [backport 1.2] in the message.