[feature] Invalidate VPN cache when organization config variables change

[Srinath0916]

When organization configuration variables are updated, VPN cache wasn't being invalidated automatically. This caused VPNs to use stale config data leading to connectivity issues.

Added signal handler to detect context changes in OrganizationConfigSettings and trigger cache invalidation for all VPNs in that organization. Also added comprehensive tests to ensure the functionality works correctly.

Fixes #1098

Checklist

• I have read the OpenWISP Contributing Guidelines.
• I have manually tested the changes proposed in this pull request.
• I have written new test cases for new code and/or updated existing tests for changes to existing code.
• I have updated the documentation.

Reference to Existing Issue

Closes #1098.

Description of Changes

• Added organization_config_settings_change_handler in handlers.py to detect when OrganizationConfigSettings context field changes
• Added invalidate_organization_vpn_cache Celery task in tasks.py to invalidate VPN cache for all VPNs in the affected organization
• Connected the signal handler to OrganizationConfigSettings post_save signal in apps.py
• Added comprehensive test suite in test_organization_vpn_cache.py covering signal handling, task execution, and edge cases

The implementation ensures VPN cache is automatically invalidated whenever organization configuration variables change, preventing stale configuration issues.

Screenshot

Not applicable - this is a backend functionality change with no UI components.

Summary by CodeRabbit

• Improvements
  • VPN configuration caching now automatically invalidates when an organization’s configuration context changes, ensuring updated VPN settings propagate promptly.
• New Features
  • Background job added to invalidate VPN caches for all VPNs in an organization.
• Bug Fixes
  • Invalidation only runs when the configuration context actually changes, avoiding unnecessary cache clears.
• Tests
  • Tests narrowed to focus on active-organization deactivation behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coveralls]

coverage: 98.452% (-0.2%) from 98.612%
when pulling cf5582b on Srinath0916:feature/vpn-cache-invalidation-1098
into 828dfb3 on openwisp:master.

[Srinath0916]

Hi @pandafy,

I've been working on implementing the VPN cache invalidation for issue #1098 and spent most of the night trying to get it working, but I'm running into a really strange CI problem.

I have the implementation ready - signal handler to detect OrganizationConfigSettings context changes, Celery task to invalidate VPN cache, and proper signal connections. The logic is straightforward and follows the same patterns as existing handlers in the codebase.

But I keep hitting this geckodriver error (visible in the checks above) that seems completely unrelated to my changes. The weird thing is that it happens with ANY modification I make - even just adding TODO comments or copying the exact pattern from working handlers like vpn_server_change_handler.

I tried many different approaches throughout the night to get past this CI error. You can see all my attempts in the issue page - I know it looks messy with all those commits, but I was just trying everything I could think of. Every single approach fails with the same geckodriver error, even when the code changes are minimal.

My other PR (#1173) passes all CI checks fine, so I don't think it's an account or general setup issue. This seems specific to this particular feature.

Could you help me understand what might be causing this? Is there something about VPN-related code that triggers different test suites? Or maybe there's a specific approach you'd recommend for this type of cache invalidation?

I really want to get this working and contribute to OpenWISP properly. The implementation is ready, just need to figure out this CI puzzle.

Sorry for all the iteration - I was just determined to get past this error!

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds model wiring, two signal handlers, and a Celery task so changes to OrganizationConfigSettings.context detect the original value and, if changed, schedule invalidation of VPN caches for that organization.

Changes

Cohort / File(s)	Summary
App wiring / Signal registration openwisp_controller/config/apps.py	Adds organization_config_settings_model via load_model("config", "OrganizationConfigSettings") in __setmodels__ and connects pre_save/post_save handlers (organization_config_settings_pre_save_handler, organization_config_settings_post_save_handler) with dispatch_uids in enable_cache_invalidation.
Signal handlers openwisp_controller/config/handlers.py	Adds organization_config_settings_pre_save_handler (loads original context when instance exists and attaches _original_context) and organization_config_settings_post_save_handler (compares original vs current context and schedules invalidate_organization_vpn_cache via on_commit when changed).
Cache invalidation task openwisp_controller/config/tasks.py	Adds Celery task invalidate_organization_vpn_cache(organization_id) (soft time limit 7200s) that loads Vpn model, iterates VPNs for the organization, calls GetVpnView.invalidate_get_vpn_cache(vpn) and vpn.invalidate_checksum_cache(), and logs SoftTimeLimitExceeded.
Tests openwisp_controller/config/tests/test_handlers.py	Removes subtests asserting no task execution for inactive-organization scenarios; retains test verifying task runs when an active org is deactivated.

Sequence Diagram

sequenceDiagram
    autonumber
    participant User
    participant ORM as Django ORM
    participant Pre as Pre-save Handler
    participant Post as Post-save Handler
    participant Txn as Transaction / on_commit
    participant Queue as Celery Worker
    participant DB as Database
    participant VPN as VPN services

    User->>ORM: save OrganizationConfigSettings
    ORM->>Pre: pre_save signal
    Pre->>DB: fetch original.context (if exists)
    Pre-->>ORM: attach _original_context to instance
    ORM->>Post: post_save signal
    Post->>Post: compare instance.context vs _original_context
    alt context changed
        Post->>Txn: register on_commit -> enqueue task(organization_id)
        Txn->>Queue: enqueue invalidate_organization_vpn_cache(organization_id)
        Queue->>DB: query VPNs for organization
        loop per VPN
            Queue->>VPN: GetVpnView.invalidate_get_vpn_cache(vpn)
            Queue->>VPN: vpn.invalidate_checksum_cache()
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I twitched my whiskers at a context swap,
I cached a memory, then gave it a tap.
Signals hopped in, Celery raced the night,
Clearing old trails so VPNs take flight.
A tiny hop — fresh configs, snug and right.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main feature: invalidating VPN cache when organization config variables change, which aligns perfectly with the changeset.
Description check	✅ Passed	The description is comprehensive, covering problem statement, changes made to multiple files, testing, and issue reference. All checklist items are properly filled.
Linked Issues check	✅ Passed	Changes implement the core requirement from #1098: automatically invalidating VPN cache when organization configuration variables change through signal handlers and Celery tasks.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to implementing the VPN cache invalidation feature: signal handlers, tasks, app configuration, and related tests. No extraneous modifications detected.

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nemesifier]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

openwisp_controller/config/tasks.py (1)

111-115: Move import outside the loop for efficiency.

The import statement is executed on every iteration, which is unnecessary overhead.

🔎 Proposed fix

     Vpn = load_model("config", "Vpn")
+    from .controller.views import GetVpnView

     for vpn in Vpn.objects.filter(organization_id=organization_id).iterator():
-        from .controller.views import GetVpnView
-
         GetVpnView.invalidate_get_vpn_cache(vpn)
         vpn.invalidate_checksum_cache()

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 828dfb3 and 30475e5.

📒 Files selected for processing (4)

• openwisp_controller/config/apps.py
• openwisp_controller/config/handlers.py
• openwisp_controller/config/tasks.py
• openwisp_controller/config/tests/test_handlers.py

💤 Files with no reviewable changes (1)

• openwisp_controller/config/tests/test_handlers.py

🧰 Additional context used

🧬 Code graph analysis (3)

openwisp_controller/config/apps.py (2)

openwisp_controller/config/handlers.py (1)

• organization_config_settings_change_handler (157-171)

openwisp_controller/config/base/vpn.py (1)

• post_save (905-916)

openwisp_controller/config/handlers.py (2)

openwisp_controller/config/tasks.py (1)

• invalidate_organization_vpn_cache (104-115)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/tasks.py (3)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/controller/views.py (2)

• GetVpnView (485-516)
• invalidate_get_vpn_cache (508-516)

openwisp_controller/config/base/base.py (2)

• invalidate_checksum_cache (57-64)
• invalidate_checksum_cache (92-94)

🪛 GitHub Actions: OpenWISP Controller CI Build

openwisp_controller/config/apps.py

[error] 342-342: AttributeError: 'ConfigConfig' object has no attribute 'organization_config_settings_model' during Django app ready initialization.

openwisp_controller/config/handlers.py

[error] 168-168: Black check failed. E501 line too long (100 > 88 characters).

🪛 Ruff (0.14.10)

openwisp_controller/config/handlers.py

157-157: Unused function argument: kwargs

(ARG001)

🔇 Additional comments (3)

openwisp_controller/config/handlers.py (1)

157-171: LGTM on the handler logic.

The implementation correctly:

• Skips newly-added instances via _state.adding
• Fetches only the context field from the DB for comparison
• Uses transaction.on_commit to ensure the task runs after the transaction commits
• Handles DoesNotExist gracefully

The **kwargs parameter is correctly included for signal handler forward compatibility (the Ruff warning is a false positive for signal handlers).

openwisp_controller/config/tasks.py (1)

103-116: LGTM on the task implementation.

The task correctly:

• Uses soft_time_limit=7200 consistent with other cache invalidation tasks
• Filters VPNs by organization using .iterator() for memory efficiency
• Calls both invalidate_get_vpn_cache and invalidate_checksum_cache to fully refresh VPN caches

This aligns with the pattern used in invalidate_controller_views_cache (lines 197-215), with the additional invalidate_checksum_cache() call needed when organization config variables change.

openwisp_controller/config/apps.py (1)

269-275: LGTM on the import addition.

The handler import is correctly placed alongside the other cache invalidation handlers.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

openwisp_controller/config/tasks.py (1)

103-115: Consider adding .only("id") and SoftTimeLimitExceeded handling for consistency.

The task works correctly but could be improved for consistency with similar tasks in this file:

1. The existing invalidate_controller_views_cache (line 212) uses .only("id").iterator() to reduce memory overhead.
2. Other tasks with soft_time_limit=7200 (e.g., update_template_related_config_status) handle SoftTimeLimitExceeded to log meaningful errors.

🔎 Proposed improvements

 @shared_task(soft_time_limit=7200)
 def invalidate_organization_vpn_cache(organization_id):
     """
     Invalidates VPN cache for all VPNs in an organization when
     organization configuration variables change.
     """
     Vpn = load_model("config", "Vpn")
     from .controller.views import GetVpnView
-    
-    for vpn in Vpn.objects.filter(organization_id=organization_id).iterator():
-        GetVpnView.invalidate_get_vpn_cache(vpn)
-        vpn.invalidate_checksum_cache()
+
+    try:
+        for vpn in (
+            Vpn.objects.filter(organization_id=organization_id).only("id").iterator()
+        ):
+            GetVpnView.invalidate_get_vpn_cache(vpn)
+            vpn.invalidate_checksum_cache()
+    except SoftTimeLimitExceeded:
+        logger.error(
+            "soft time limit hit while executing "
+            f"invalidate_organization_vpn_cache for organization {organization_id}"
+        )

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 30475e5 and e77e6d3.

📒 Files selected for processing (3)

• openwisp_controller/config/apps.py
• openwisp_controller/config/handlers.py
• openwisp_controller/config/tasks.py

🧰 Additional context used

🧬 Code graph analysis (3)

openwisp_controller/config/tasks.py (3)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/controller/views.py (2)

• GetVpnView (485-516)
• invalidate_get_vpn_cache (508-516)

openwisp_controller/config/base/base.py (2)

• invalidate_checksum_cache (57-64)
• invalidate_checksum_cache (92-94)

openwisp_controller/config/apps.py (2)

openwisp_controller/config/handlers.py (1)

• organization_config_settings_change_handler (157-174)

openwisp_controller/config/base/vpn.py (1)

• post_save (905-916)

openwisp_controller/config/handlers.py (2)

openwisp_controller/config/tasks.py (1)

• invalidate_organization_vpn_cache (104-114)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

🪛 Ruff (0.14.10)

openwisp_controller/config/handlers.py

157-157: Unused function argument: kwargs

(ARG001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=5.1.0

🔇 Additional comments (3)

openwisp_controller/config/apps.py (3)

64-66: LGTM!

The model loading is correctly added in __setmodels__, following the existing pattern.

---

276-277: LGTM!

The handler import is properly added alongside related handlers.

---

343-347: Signal connection looks correct, but depends on handler fix.

The signal connection follows the established pattern in this file. However, this will need to be updated if the handler is split into pre_save and post_save handlers as suggested in the handlers.py review.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

openwisp_controller/config/tasks.py (1)

118-122: Consider using logging.exception for better debugging.

When catching exceptions, logging.exception automatically includes the traceback, which provides more context for diagnosing soft time limit issues.

🔎 Proposed improvement

     except SoftTimeLimitExceeded:
-        logger.error(
+        logger.exception(
             "soft time limit hit while executing "
             f"invalidate_organization_vpn_cache for organization {organization_id}"
         )

Based on static analysis hints.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e77e6d3 and b48cac9.

📒 Files selected for processing (3)

• openwisp_controller/config/apps.py
• openwisp_controller/config/handlers.py
• openwisp_controller/config/tasks.py

🧰 Additional context used

🧬 Code graph analysis (3)

openwisp_controller/config/handlers.py (2)

openwisp_controller/config/tasks.py (1)

• invalidate_organization_vpn_cache (104-122)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/apps.py (2)

openwisp_controller/config/handlers.py (2)

• organization_config_settings_pre_save_handler (157-167)
• organization_config_settings_post_save_handler (170-180)

openwisp_controller/config/base/vpn.py (1)

• post_save (905-916)

openwisp_controller/config/tasks.py (3)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/controller/views.py (2)

• GetVpnView (485-516)
• invalidate_get_vpn_cache (508-516)

openwisp_controller/config/base/base.py (2)

• invalidate_checksum_cache (57-64)
• invalidate_checksum_cache (92-94)

🪛 Ruff (0.14.10)

openwisp_controller/config/handlers.py

157-157: Unused function argument: kwargs

(ARG001)

---

170-170: Unused function argument: kwargs

(ARG001)

openwisp_controller/config/tasks.py

119-122: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=4.2.0

🔇 Additional comments (4)

openwisp_controller/config/tasks.py (1)

103-117: LGTM! Efficient implementation following codebase patterns.

The task correctly:

• Uses .only("id").iterator() for memory-efficient iteration
• Calls both GetVpnView.invalidate_get_vpn_cache() and vpn.invalidate_checksum_cache() to ensure complete cache invalidation
• Follows the same patterns as other tasks in this file

openwisp_controller/config/handlers.py (2)

157-167: Excellent implementation of the pre-save pattern.

The handler correctly:

• Returns early for new objects (no original context to compare)
• Uses .only("context") to efficiently load just the needed field
• Stores the original context on the instance for comparison in post-save
• Handles the edge case where the DB record doesn't exist

---

170-180: Correct post-save implementation with proper change detection.

The handler correctly:

• Retrieves the original context stored by the pre-save handler
• Only triggers invalidation when context actually changed (not None and differs)
• Uses transaction.on_commit to ensure the task is only scheduled after a successful database commit
• Converts organization_id to string for Celery serialization

This addresses the previous critical issue where the comparison logic was inverted.

openwisp_controller/config/apps.py (1)

64-66: Proper model loading and signal wiring.

The changes correctly:

• Load OrganizationConfigSettings model in __setmodels__() (lines 64-66), addressing the previous AttributeError
• Import both handlers in the appropriate location (lines 276-278)
• Wire pre_save and post_save signals with descriptive dispatch_uid values (lines 344-353)

The signal connections follow the established patterns in this file and correctly link the handlers to the model.

Also applies to: 276-278, 344-353

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

openwisp_controller/config/tasks.py (1)

118-122: Consider using logging.exception for better debugging context.

The static analysis tool suggests using logging.exception instead of logging.error when logging from an exception handler. This automatically includes the stack trace, which aids debugging.

🔎 Proposed fix

     except SoftTimeLimitExceeded:
-        logger.error(
+        logger.exception(
             "soft time limit hit while executing "
             f"invalidate_organization_vpn_cache for organization {organization_id}"
         )

Based on static analysis hints.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b48cac9 and f6a46c7.

📒 Files selected for processing (3)

• openwisp_controller/config/apps.py
• openwisp_controller/config/handlers.py
• openwisp_controller/config/tasks.py

🧰 Additional context used

🧬 Code graph analysis (2)

openwisp_controller/config/handlers.py (2)

openwisp_controller/config/tasks.py (1)

• invalidate_organization_vpn_cache (104-122)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/tasks.py (3)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/controller/views.py (2)

• GetVpnView (485-516)
• invalidate_get_vpn_cache (508-516)

openwisp_controller/config/base/base.py (2)

• invalidate_checksum_cache (57-64)
• invalidate_checksum_cache (92-94)

🪛 Ruff (0.14.10)

openwisp_controller/config/handlers.py

157-157: Unused function argument: kwargs

(ARG001)

---

170-170: Unused function argument: kwargs

(ARG001)

openwisp_controller/config/tasks.py

119-122: Use logging.exception instead of logging.error

Replace with exception

(TRY400)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.1.0

🔇 Additional comments (6)

openwisp_controller/config/handlers.py (2)

157-167: LGTM! Pre-save handler correctly captures original context.

The handler properly:

• Skips new instances using _state.adding
• Efficiently fetches only the context field from the database
• Stores the original value for comparison in post_save
• Handles the edge case where the instance might not exist in the database

The kwargs parameter flagged by static analysis is required for Django signal handlers and can be safely ignored.

---

170-180: LGTM! Post-save handler correctly detects changes and schedules invalidation.

The handler properly:

• Retrieves the original context stored by the pre_save handler
• Only triggers invalidation when context actually changes
• Uses transaction.on_commit to ensure the task runs after successful database commit
• Passes the organization ID as a string for Celery serialization

The logic correctly avoids false triggers on new instances and unchanged updates. The kwargs parameter flagged by static analysis is required for Django signal handlers.

openwisp_controller/config/apps.py (3)

64-66: LGTM! Model loading follows established patterns.

The organization_config_settings_model is loaded correctly using load_model and assigned to the app config instance, consistent with other models in __setmodels__. This resolves the AttributeError mentioned in past reviews.

---

276-277: LGTM! Handler imports are correct.

Both organization_config_settings_pre_save_handler and organization_config_settings_post_save_handler are imported in the appropriate location within enable_cache_invalidation, following the existing pattern for other cache invalidation handlers.

---

344-353: LGTM! Signal connections properly wired.

The pre_save and post_save signals are correctly connected to their respective handlers with:

• Proper sender model (self.organization_config_settings_model)
• Unique, descriptive dispatch_uid values following the naming convention
• Correct placement within enable_cache_invalidation alongside other cache invalidation signals

This completes the signal wiring required for VPN cache invalidation when organization config settings change.

openwisp_controller/config/tasks.py (1)

103-117: No changes needed. The .only("id") approach is correct and sufficient for cache invalidation.

The cache invalidation methods call get_cached_checksum.invalidate(instance) and get_cached_configuration.invalidate(instance), which only require the instance's pk to compute the cache key (via get_cached_args_rewrite(instance) that returns instance.pk.hex). No additional fields are accessed during invalidation. This pattern is already used elsewhere in the codebase—bulk_invalidate_get_cached_checksum() uses the same .only("id").iterator() approach, confirming it is the intended pattern.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

openwisp_controller/config/tasks.py (1)

103-123: Code duplication: Consider extracting VPN cache invalidation logic.

This task duplicates the VPN iteration and cache invalidation pattern from invalidate_controller_views_cache (lines 219-222). Both iterate over VPNs filtered by organization_id, use .only("id").iterator(), and call GetVpnView.invalidate_get_vpn_cache(vpn).

The duplication is minimal (~4 lines), but extracting a helper function would improve maintainability if these patterns are used elsewhere in the future.

Note: The checksum cache invalidation in this task is intentional and appropriate. This task is called when organization config settings change (actual data modification), whereas invalidate_controller_views_cache is called when an organization is disabled (only cache visibility concerns), so they have different invalidation requirements.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f6a46c7 and cf5582b.

📒 Files selected for processing (3)

• openwisp_controller/config/apps.py
• openwisp_controller/config/handlers.py
• openwisp_controller/config/tasks.py

🚧 Files skipped from review as they are similar to previous changes (1)

• openwisp_controller/config/apps.py

🧰 Additional context used

🧬 Code graph analysis (2)

openwisp_controller/config/tasks.py (3)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

openwisp_controller/config/controller/views.py (2)

• GetVpnView (485-516)
• invalidate_get_vpn_cache (508-516)

openwisp_controller/config/base/base.py (2)

• invalidate_checksum_cache (57-64)
• invalidate_checksum_cache (92-94)

openwisp_controller/config/handlers.py (2)

openwisp_controller/config/tasks.py (1)

• invalidate_organization_vpn_cache (104-122)

openwisp_controller/geo/base/models.py (1)

• organization_id (64-65)

🪛 Ruff (0.14.10)

openwisp_controller/config/handlers.py

157-157: Unused function argument: kwargs

(ARG001)

---

170-170: Unused function argument: kwargs

(ARG001)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Python==3.12 | django~=5.2.0
• GitHub Check: Python==3.13 | django~=5.2.0
• GitHub Check: Python==3.12 | django~=4.2.0
• GitHub Check: Python==3.13 | django~=5.1.0
• GitHub Check: Python==3.12 | django~=5.1.0
• GitHub Check: Python==3.11 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=4.2.0
• GitHub Check: Python==3.11 | django~=5.1.0
• GitHub Check: Python==3.10 | django~=5.2.0
• GitHub Check: Python==3.10 | django~=5.1.0

🔇 Additional comments (2)

openwisp_controller/config/handlers.py (2)

157-167: LGTM! Pre-save handler correctly captures original context.

The handler properly:

• Returns early for new instances
• Efficiently fetches only the context field from the database
• Stores the original value for comparison in post-save
• Handles the DoesNotExist exception

---

170-180: LGTM! Post-save handler correctly triggers cache invalidation.

The handler properly:

• Retrieves the stored original context with a safe fallback
• Only triggers invalidation when context actually changed
• Uses transaction.on_commit to ensure the task runs only after successful database commit
• Converts organization_id to string as expected by the Celery task

The previous critical issue regarding comparing identical values has been successfully resolved using the pre-save/post-save pattern.

[Srinath0916]

@nemesifier , The implementation is complete and all tests are passing. The cache invalidation now properly handles VPN configuration changes. Happy to address any additional feedback you might have, I think it is ready to merge.