[management] Add explicit target delete on service removal

[pascal-fischer]

Describe your changes

Fir sqlite the cascading delete is not taking effect which is causing orphaned targets.

Issue ticket number and link

#5398

Stack

Checklist

• Is it a bug fix
• Is a typo/documentation fix
• Is a feature enhancement
• It is a refactor
• Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

• I added/updated documentation for this change
• Documentation is not needed for this change (explain why)

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

Summary by CodeRabbit

• Bug Fixes

  • Service deletion now also removes all associated targets, ensures target cleanup happens before final removal, and surfaces failures during target deletion to prevent orphaned targets.

• Tests

  • Added a test that verifies deleting a service removes its targets and produces the expected events and peer updates.

• Chores

  • Added storage and mock support to better handle target retrieval and deletion in tests and runtime.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

DeleteService now removes all targets for a service inside the transaction using DeleteServiceTargets before deleting the service. Store interface and SQL store gained target CRUD methods; mocks and a unit test verifying target deletion and related events were added or updated.

Changes

Cohort / File(s)	Summary
Reverse Proxy Manager management/internals/modules/reverseproxy/manager/manager.go, management/internals/modules/reverseproxy/manager/manager_test.go	DeleteService now deletes service targets inside the transaction (calls DeleteServiceTargets then DeleteService). Added TestDeleteService_DeletesTargets and expanded test imports/mocks.
Store Interface & Mock management/server/store/store.go, management/server/store/store_mock.go	Added GetTargetsByServiceID, DeleteTarget, and DeleteServiceTargets to Store and updated gomock mock methods/recorders.
SQL Store Implementation management/server/store/sql_store.go	Implemented GetTargetsByServiceID (optional locking), DeleteTarget, and DeleteServiceTargets with DB error handling and NotFound semantics.
Account Manager & Mocks management/server/account/manager.go, management/server/account/manager_mock.go	Added go:generate directive, minor parameter name changes in Manager interface, and a regenerated large MockManager gomock file.

Sequence Diagram(s)

sequenceDiagram
    participant Caller as Caller/Test
    participant Manager as ReverseProxy Manager
    participant Store as Store (SQL)
    participant Account as Account Manager

    Caller->>Manager: DeleteService(accountID, serviceID)
    Manager->>Store: DeleteServiceTargets(ctx, accountID, serviceID)
    Store->>Store: DB: delete targets (locking/exec)
    Store-->>Manager: success / error
    Manager->>Store: DeleteService(ctx, accountID, serviceID)
    Store->>Store: DB: delete service
    Store-->>Manager: success / error
    Manager->>Account: emit events / update peers
    Account-->>Manager: ack
    Manager-->>Caller: result

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• [proxy] Send proxy updates on account delete #5375 — modifies reverseproxy manager DeleteService flow and target/service deletion interactions.
• [management] Refactor expose feature: move business logic from gRPC to manager #5435 — adjusts DeleteService logic (expose-tracker untracking) and related control flow.

Suggested reviewers

• crn4
• bcmmbaga

Poem

🐰
I hop through code and tidy every nest,
I clear targets gently so services can rest.
Within a transaction I nibble each trace,
Close the service door, then tidy the place.
Happy burrow — time for a carrot chase! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding explicit target deletion when a service is removed, which directly addresses the bug of orphaned targets.
Description check	✅ Passed	The description follows the template with most sections completed: change description, issue link, bug fix checkbox, and documentation decision are all provided.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/target-delete-on-service-delete

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

management/server/store/store.go (1)

274-275: Consider a bulk-delete store method instead of per-target deletes

The manager (per the AI summary) calls DeleteTarget in a loop for each target returned by GetTargetsByServiceID. For a service with many targets this results in N individual DELETE statements within the transaction. A DeleteTargetsByServiceID(ctx, accountID, serviceID string) error bulk method would be more efficient and eliminate the extra round-trips while also simplifying the manager logic.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/server/store/store.go` around lines 274 - 275, The code currently
fetches targets with GetTargetsByServiceID and then calls DeleteTarget in a
loop, causing N DELETE statements; add a bulk-delete method
DeleteTargetsByServiceID(ctx context.Context, accountID string, serviceID
string) error to the store interface and implement it in the concrete store
(execute a single DELETE FROM ... WHERE account_id=? AND service_id=? using the
same transaction/connection the manager uses), then update the manager to call
DeleteTargetsByServiceID instead of iterating and invoking DeleteTarget for each
Target; ensure the implementation preserves any locking/transaction semantics
used by GetTargetsByServiceID/DeleteTarget.

management/internals/modules/reverseproxy/manager/manager.go (1)

388-392: Consider a bulk delete instead of per-target iteration.

The fix correctly addresses the orphaned-targets bug. However, iterating and issuing individual DELETE statements per target is less efficient than a single bulk delete (e.g., DELETE FROM targets WHERE account_id = ? AND service_id = ?). If services can have many targets, consider adding a DeleteTargetsByServiceID store method.

For a small number of targets per service, this is perfectly fine as-is.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/internals/modules/reverseproxy/manager/manager.go` around lines
388 - 392, Replace the per-target deletion loop that calls
transaction.DeleteTarget for each entry with a single bulk-store method (e.g.,
DeleteTargetsByServiceID) to delete all targets for the given accountID and
serviceID in one statement; add a new store/transaction method signature
DeleteTargetsByServiceID(ctx, accountID, serviceID) (or similar) that executes
"DELETE FROM targets WHERE account_id = ? AND service_id = ?", implement it in
the same store/transaction layer, and update the code that currently iterates
over service.Targets to call this new bulk method using ctx, accountID,
serviceID (keeping existing error wrapping).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@management/server/store/store.go`:
- Around line 273-275: The two methods disagree on target identifier types:
GetServiceTargetByTargetID uses the external TargetId (string) while
DeleteTarget expects the internal DB ID (uint); make them consistent by changing
DeleteTarget(ctx context.Context, accountID string, serviceID string, targetID
uint) to accept the external target identifier string (targetID string) and
update its implementation to delete by the reverseproxy.Target.TargetId field
(and update all callers), or alternatively change GetServiceTargetByTargetID to
accept uint if you prefer internal IDs—ensure both the interface signatures and
their implementations/call sites (GetServiceTargetByTargetID, DeleteTarget and
any callers) use the same identifier type throughout.

---

Nitpick comments:
In `@management/internals/modules/reverseproxy/manager/manager.go`:
- Around line 388-392: Replace the per-target deletion loop that calls
transaction.DeleteTarget for each entry with a single bulk-store method (e.g.,
DeleteTargetsByServiceID) to delete all targets for the given accountID and
serviceID in one statement; add a new store/transaction method signature
DeleteTargetsByServiceID(ctx, accountID, serviceID) (or similar) that executes
"DELETE FROM targets WHERE account_id = ? AND service_id = ?", implement it in
the same store/transaction layer, and update the code that currently iterates
over service.Targets to call this new bulk method using ctx, accountID,
serviceID (keeping existing error wrapping).

In `@management/server/store/store.go`:
- Around line 274-275: The code currently fetches targets with
GetTargetsByServiceID and then calls DeleteTarget in a loop, causing N DELETE
statements; add a bulk-delete method DeleteTargetsByServiceID(ctx
context.Context, accountID string, serviceID string) error to the store
interface and implement it in the concrete store (execute a single DELETE FROM
... WHERE account_id=? AND service_id=? using the same transaction/connection
the manager uses), then update the manager to call DeleteTargetsByServiceID
instead of iterating and invoking DeleteTarget for each Target; ensure the
implementation preserves any locking/transaction semantics used by
GetTargetsByServiceID/DeleteTarget.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5d171f1 and 1669b4a.

📒 Files selected for processing (5)

• management/internals/modules/reverseproxy/manager/manager.go
• management/internals/modules/reverseproxy/manager/manager_test.go
• management/server/store/sql_store.go
• management/server/store/store.go
• management/server/store/store_mock.go

[coderabbitai]

🧹 Nitpick comments (1)

management/server/account/manager.go (1)

3-3: Consider migrating the go:generate directive to the actively maintained go.uber.org/mock fork.

github.com/golang/mock is no longer maintained (archived June 2023), and its own README points to go.uber.org/mock as the maintained fork. go.uber.org/mock v0.6.0 also fixed mockgen errors with go1.25 due to an outdated golang.org/x/tools dependency — meaning the archived version can break against future Go toolchains.

The migration is minimal: update the go:generate import path and regenerate the mock.

♻️ Proposed update

-//go:generate go run github.com/golang/mock/mockgen -package account -destination=manager_mock.go -source=./manager.go -build_flags=-mod=mod
+//go:generate go run go.uber.org/mock/mockgen -package account -destination=manager_mock.go -source=./manager.go -build_flags=-mod=mod

The generated mock's import in manager_mock.go would also need to change:

-	gomock "github.com/golang/mock/gomock"
+	gomock "go.uber.org/mock/gomock"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/server/account/manager.go` at line 3, Update the go:generate
directive in manager.go to use the maintained fork (replace
github.com/golang/mock with go.uber.org/mock) and then regenerate the mock;
specifically change the directive that runs mockgen and run the generator to
produce an updated manager_mock.go. After regenerating, update any import lines
inside manager_mock.go that reference github.com/golang/mock to the new
go.uber.org/mock package path so the generated code and the directive are
consistent.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@management/server/account/manager.go`:
- Line 3: Update the go:generate directive in manager.go to use the maintained
fork (replace github.com/golang/mock with go.uber.org/mock) and then regenerate
the mock; specifically change the directive that runs mockgen and run the
generator to produce an updated manager_mock.go. After regenerating, update any
import lines inside manager_mock.go that reference github.com/golang/mock to the
new go.uber.org/mock package path so the generated code and the directive are
consistent.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1669b4a and 500d6e0.

📒 Files selected for processing (2)

• management/server/account/manager.go
• management/server/account/manager_mock.go

[coderabbitai]

🧹 Nitpick comments (1)

management/server/account/manager.go (1)

3-3: Consider migrating to go.uber.org/mock — github.com/golang/mock is archived.

github.com/golang/mock has been archived since June 2023 and is no longer maintained. The repository's own README explicitly recommends using go.uber.org/mock, Uber's actively maintained fork. Since this is a newly added go:generate directive, adopt the maintained fork instead.

-//go:generate go run github.com/golang/mock/mockgen -package account -destination=manager_mock.go -source=./manager.go -build_flags=-mod=mod
+//go:generate go run go.uber.org/mock/mockgen -package account -destination=manager_mock.go -source=./manager.go -build_flags=-mod=mod

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/server/account/manager.go` at line 3, The go:generate directive
currently references the archived generator "github.com/golang/mock/mockgen";
update it to use Uber's maintained fork by replacing that path with
"go.uber.org/mock/mockgen" in the go:generate line in manager.go (keep the same
flags: -package account -destination=manager_mock.go -source=./manager.go
-build_flags=-mod=mod), and adjust any CI or developer docs that reference the
old generator if present.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@management/server/account/manager.go`:
- Line 3: The go:generate directive currently references the archived generator
"github.com/golang/mock/mockgen"; update it to use Uber's maintained fork by
replacing that path with "go.uber.org/mock/mockgen" in the go:generate line in
manager.go (keep the same flags: -package account -destination=manager_mock.go
-source=./manager.go -build_flags=-mod=mod), and adjust any CI or developer docs
that reference the old generator if present.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 500d6e0 and fe20300.

📒 Files selected for processing (2)

• management/server/account/manager.go
• management/server/account/manager_mock.go

[coderabbitai]

🧹 Nitpick comments (1)

management/server/account/manager.go (1)

3-3: Consider using go.uber.org/mock instead of the archived github.com/golang/mock.

github.com/golang/mock has been archived (June 2023) and is no longer maintained. The community-maintained successor is go.uber.org/mock. Migration will require updating imports and regenerating mocks with Uber's mockgen.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/server/account/manager.go` at line 3, Update the go:generate
directive and mock usage to the community-maintained Uber mock tool: replace the
old generator reference "github.com/golang/mock/mockgen" in the manager.go
go:generate comment with the Uber equivalent (e.g. "go.uber.org/mock/mockgen"),
then update any imports/usages of gomock in the package (tests and generated
manager_mock.go) to the Uber mock package and regenerate the mocks with the new
mockgen; target symbols include the go:generate line in manager.go and the
generated manager_mock.go and any references to gomock in tests/helpers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@management/server/account/manager.go`:
- Line 3: Update the go:generate directive and mock usage to the
community-maintained Uber mock tool: replace the old generator reference
"github.com/golang/mock/mockgen" in the manager.go go:generate comment with the
Uber equivalent (e.g. "go.uber.org/mock/mockgen"), then update any
imports/usages of gomock in the package (tests and generated manager_mock.go) to
the Uber mock package and regenerate the mocks with the new mockgen; target
symbols include the go:generate line in manager.go and the generated
manager_mock.go and any references to gomock in tests/helpers.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe20300 and 0632235.

📒 Files selected for processing (2)

• management/server/account/manager.go
• management/server/account/manager_mock.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@management/server/store/sql_store.go`:
- Around line 4899-4911: The DeleteServiceTargets method in SqlStore currently
returns status.NotFound when result.RowsAffected == 0, which wrongly fails
legitimate deletions for services with zero targets; update
SqlStore.DeleteServiceTargets (and references to reverseproxy.Target if needed)
to treat zero rows affected as a successful no-op: remove or change the
RowsAffected == 0 branch so the function simply returns nil (optionally log a
debug/info message that no targets existed) while preserving the existing error
handling for result.Error.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0632235 and c0d6340.

📒 Files selected for processing (3)

• management/internals/modules/reverseproxy/manager/manager.go
• management/server/store/sql_store.go
• management/server/store/store.go

🚧 Files skipped from review as they are similar to previous changes (2)

• management/server/store/store.go
• management/internals/modules/reverseproxy/manager/manager.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Do not fail when no targets exist in bulk service-target deletion.

At Line 4906, returning NotFound on RowsAffected == 0 makes DeleteServiceTargets fail for services that legitimately have zero targets, which can abort service removal in the transaction flow.

Suggested fix

func (s *SqlStore) DeleteServiceTargets(ctx context.Context, accountID string, serviceID string) error {
	result := s.db.Delete(&reverseproxy.Target{}, "account_id = ? AND service_id = ?", accountID, serviceID)
	if result.Error != nil {
		log.WithContext(ctx).Errorf("failed to delete targets from store: %v", result.Error)
		return status.Errorf(status.Internal, "failed to delete targets from store")
	}
-
-	if result.RowsAffected == 0 {
-		return status.Errorf(status.NotFound, "not targets found for service %s", serviceID)
-	}
 
	return nil
}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func (s *SqlStore) DeleteServiceTargets(ctx context.Context, accountID string, serviceID string) error {
	result := s.db.Delete(&reverseproxy.Target{}, "account_id = ? AND service_id = ?", accountID, serviceID)
	if result.Error != nil {
	log.WithContext(ctx).Errorf("failed to delete targets from store: %v", result.Error)
	return status.Errorf(status.Internal, "failed to delete targets from store")
	}
	if result.RowsAffected == 0 {
	return status.Errorf(status.NotFound, "not targets found for service %s", serviceID)
	}
	return nil
	}
	func (s *SqlStore) DeleteServiceTargets(ctx context.Context, accountID string, serviceID string) error {
	result := s.db.Delete(&reverseproxy.Target{}, "account_id = ? AND service_id = ?", accountID, serviceID)
	if result.Error != nil {
	log.WithContext(ctx).Errorf("failed to delete targets from store: %v", result.Error)
	return status.Errorf(status.Internal, "failed to delete targets from store")
	}
	return nil
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@management/server/store/sql_store.go` around lines 4899 - 4911, The
DeleteServiceTargets method in SqlStore currently returns status.NotFound when
result.RowsAffected == 0, which wrongly fails legitimate deletions for services
with zero targets; update SqlStore.DeleteServiceTargets (and references to
reverseproxy.Target if needed) to treat zero rows affected as a successful
no-op: remove or change the RowsAffected == 0 branch so the function simply
returns nil (optionally log a debug/info message that no targets existed) while
preserving the existing error handling for result.Error.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
7 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud