move service manager

management/internals/modules/reverseproxy/service/interface.go

@@ -1,6 +1,6 @@
-package reverseproxy
+package service
 
-//go:generate go run github.com/golang/mock/mockgen -package reverseproxy -destination=interface_mock.go -source=./interface.go -build_flags=-mod=mod
+//go:generate go run github.com/golang/mock/mockgen -package service -destination=interface_mock.go -source=./interface.go -build_flags=-mod=mod
 
 import (
 	"context"
@@ -13,7 +13,7 @@ type Manager interface {
 	UpdateService(ctx context.Context, accountID, userID string, service *Service) (*Service, error)
 	DeleteService(ctx context.Context, accountID, userID, serviceID string) error
 	SetCertificateIssuedAt(ctx context.Context, accountID, serviceID string) error
-	SetStatus(ctx context.Context, accountID, serviceID string, status ProxyStatus) error
+	SetStatus(ctx context.Context, accountID, serviceID string, status Status) error
 	ReloadAllServicesForAccount(ctx context.Context, accountID string) error
 	ReloadService(ctx context.Context, accountID, serviceID string) error
 	GetGlobalServices(ctx context.Context) ([]*Service, error)

management/internals/modules/reverseproxy/service/interface_mock.go

@@ -1,8 +1,8 @@
 // Code generated by MockGen. DO NOT EDIT.
 // Source: ./interface.go
 
-// Package reverseproxy is a generated GoMock package.
-package reverseproxy
+// Package service is a generated GoMock package.
+package service
 
 import (
 	context "context"
@@ -196,7 +196,7 @@ func (mr *MockManagerMockRecorder) SetCertificateIssuedAt(ctx, accountID, servic
 }
 
 // SetStatus mocks base method.
-func (m *MockManager) SetStatus(ctx context.Context, accountID, serviceID string, status ProxyStatus) error {
+func (m *MockManager) SetStatus(ctx context.Context, accountID, serviceID string, status Status) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetStatus", ctx, accountID, serviceID, status)
 	ret0, _ := ret[0].(error)

management/internals/modules/reverseproxy/service/manager/api.go

@@ -1,4 +1,4 @@
-package service
+package manager
 
 import (
 	"encoding/json"
@@ -6,10 +6,10 @@ import (
 
 	"github.com/gorilla/mux"
 
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	accesslogsmanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs/manager"
 	domainmanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain/manager"
+	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/shared/management/http/api"
 	"github.com/netbirdio/netbird/shared/management/http/util"
@@ -17,11 +17,11 @@ import (
 )
 
 type handler struct {
-	manager reverseproxy.Manager
+	manager rpservice.Manager
 }
 
 // RegisterEndpoints registers all service HTTP endpoints.
-func RegisterEndpoints(manager reverseproxy.Manager, domainManager domainmanager.Manager, accessLogsManager accesslogs.Manager, router *mux.Router) {
+func RegisterEndpoints(manager rpservice.Manager, domainManager domainmanager.Manager, accessLogsManager accesslogs.Manager, router *mux.Router) {
 	h := &handler{
 		manager: manager,
 	}
@@ -72,7 +72,7 @@ func (h *handler) createService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	service := new(reverseproxy.Service)
+	service := new(rpservice.Service)
 	service.FromAPIRequest(&req, userAuth.AccountId)
 
 	if err = service.Validate(); err != nil {
@@ -130,7 +130,7 @@ func (h *handler) updateService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	service := new(reverseproxy.Service)
+	service := new(rpservice.Service)
 	service.ID = serviceID
 	service.FromAPIRequest(&req, userAuth.AccountId)
 

management/internals/modules/reverseproxy/service/manager/manager.go

@@ -1,4 +1,4 @@
-package service
+package manager
 
 import (
 	"context"
@@ -7,7 +7,7 @@ import (
 
 	log "github.com/sirupsen/logrus"
 
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/sessionkey"
 	nbgrpc "github.com/netbirdio/netbird/management/internals/shared/grpc"
 	"github.com/netbirdio/netbird/management/server/account"
@@ -36,7 +36,7 @@ type Manager struct {
 }
 
 // NewManager creates a new service manager.
-func NewManager(store store.Store, accountManager account.Manager, permissionsManager permissions.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer, clusterDeriver ClusterDeriver) reverseproxy.Manager {
+func NewManager(store store.Store, accountManager account.Manager, permissionsManager permissions.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer, clusterDeriver ClusterDeriver) rpservice.Manager {
 	return &Manager{
 		store:              store,
 		accountManager:     accountManager,
@@ -46,7 +46,7 @@ func NewManager(store store.Store, accountManager account.Manager, permissionsMa
 	}
 }
 
-func (m *Manager) GetAllServices(ctx context.Context, accountID, userID string) ([]*reverseproxy.Service, error) {
+func (m *Manager) GetAllServices(ctx context.Context, accountID, userID string) ([]*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Read)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -70,10 +70,10 @@ func (m *Manager) GetAllServices(ctx context.Context, accountID, userID string)
 	return services, nil
 }
 
-func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, service *rpservice.Service) error {
 	for _, target := range service.Targets {
 		switch target.TargetType {
-		case reverseproxy.TargetTypePeer:
+		case rpservice.TargetTypePeer:
 			peer, err := m.store.GetPeerByID(ctx, store.LockingStrengthNone, accountID, target.TargetId)
 			if err != nil {
 				log.WithContext(ctx).Warnf("failed to get peer by id %s for service %s: %v", target.TargetId, service.ID, err)
@@ -81,7 +81,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 				continue
 			}
 			target.Host = peer.IP.String()
-		case reverseproxy.TargetTypeHost:
+		case rpservice.TargetTypeHost:
 			resource, err := m.store.GetNetworkResourceByID(ctx, store.LockingStrengthNone, accountID, target.TargetId)
 			if err != nil {
 				log.WithContext(ctx).Warnf("failed to get resource by id %s for service %s: %v", target.TargetId, service.ID, err)
@@ -89,7 +89,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 				continue
 			}
 			target.Host = resource.Prefix.Addr().String()
-		case reverseproxy.TargetTypeDomain:
+		case rpservice.TargetTypeDomain:
 			resource, err := m.store.GetNetworkResourceByID(ctx, store.LockingStrengthNone, accountID, target.TargetId)
 			if err != nil {
 				log.WithContext(ctx).Warnf("failed to get resource by id %s for service %s: %v", target.TargetId, service.ID, err)
@@ -97,7 +97,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 				continue
 			}
 			target.Host = resource.Domain
-		case reverseproxy.TargetTypeSubnet:
+		case rpservice.TargetTypeSubnet:
 			// For subnets we do not do any lookups on the resource
 		default:
 			return fmt.Errorf("unknown target type: %s", target.TargetType)
@@ -106,7 +106,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 	return nil
 }
 
-func (m *Manager) GetService(ctx context.Context, accountID, userID, serviceID string) (*reverseproxy.Service, error) {
+func (m *Manager) GetService(ctx context.Context, accountID, userID, serviceID string) (*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Read)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -127,7 +127,7 @@ func (m *Manager) GetService(ctx context.Context, accountID, userID, serviceID s
 	return service, nil
 }
 
-func (m *Manager) CreateService(ctx context.Context, accountID, userID string, service *reverseproxy.Service) (*reverseproxy.Service, error) {
+func (m *Manager) CreateService(ctx context.Context, accountID, userID string, service *rpservice.Service) (*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Create)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -151,14 +151,14 @@ func (m *Manager) CreateService(ctx context.Context, accountID, userID string, s
 		return nil, fmt.Errorf("failed to replace host by lookup for service %s: %w", service.ID, err)
 	}
 
-	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Create, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Create, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 
 	m.accountManager.UpdateAccountPeers(ctx, accountID)
 
 	return service, nil
 }
 
-func (m *Manager) initializeServiceForCreate(ctx context.Context, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) initializeServiceForCreate(ctx context.Context, accountID string, service *rpservice.Service) error {
 	if m.clusterDeriver != nil {
 		proxyCluster, err := m.clusterDeriver.DeriveClusterFromDomain(ctx, accountID, service.Domain)
 		if err != nil {
@@ -185,7 +185,7 @@ func (m *Manager) initializeServiceForCreate(ctx context.Context, accountID stri
 	return nil
 }
 
-func (m *Manager) persistNewService(ctx context.Context, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) persistNewService(ctx context.Context, accountID string, service *rpservice.Service) error {
 	return m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		if err := m.checkDomainAvailable(ctx, transaction, accountID, service.Domain, ""); err != nil {
 			return err
@@ -219,7 +219,7 @@ func (m *Manager) checkDomainAvailable(ctx context.Context, transaction store.St
 	return nil
 }
 
-func (m *Manager) UpdateService(ctx context.Context, accountID, userID string, service *reverseproxy.Service) (*reverseproxy.Service, error) {
+func (m *Manager) UpdateService(ctx context.Context, accountID, userID string, service *rpservice.Service) (*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Update)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -255,7 +255,7 @@ type serviceUpdateInfo struct {
 	serviceEnabledChanged bool
 }
 
-func (m *Manager) persistServiceUpdate(ctx context.Context, accountID string, service *reverseproxy.Service) (*serviceUpdateInfo, error) {
+func (m *Manager) persistServiceUpdate(ctx context.Context, accountID string, service *rpservice.Service) (*serviceUpdateInfo, error) {
 	var updateInfo serviceUpdateInfo
 
 	err := m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
@@ -293,7 +293,7 @@ func (m *Manager) persistServiceUpdate(ctx context.Context, accountID string, se
 	return &updateInfo, err
 }
 
-func (m *Manager) handleDomainChange(ctx context.Context, transaction store.Store, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) handleDomainChange(ctx context.Context, transaction store.Store, accountID string, service *rpservice.Service) error {
 	if err := m.checkDomainAvailable(ctx, transaction, accountID, service.Domain, service.ID); err != nil {
 		return err
 	}
@@ -310,7 +310,7 @@ func (m *Manager) handleDomainChange(ctx context.Context, transaction store.Stor
 	return nil
 }
 
-func (m *Manager) preserveExistingAuthSecrets(service, existingService *reverseproxy.Service) {
+func (m *Manager) preserveExistingAuthSecrets(service, existingService *rpservice.Service) {
 	if service.Auth.PasswordAuth != nil && service.Auth.PasswordAuth.Enabled &&
 		existingService.Auth.PasswordAuth != nil && existingService.Auth.PasswordAuth.Enabled &&
 		service.Auth.PasswordAuth.Password == "" {
@@ -328,40 +328,40 @@ func (m *Manager) SendServiceUpdateToCluster(accountID string, update *proto.Pro
 	m.proxyGRPCServer.SendServiceUpdateToCluster(update, clusterAddr)
 }
 
-func (m *Manager) preserveServiceMetadata(service, existingService *reverseproxy.Service) {
+func (m *Manager) preserveServiceMetadata(service, existingService *rpservice.Service) {
 	service.Meta = existingService.Meta
 	service.SessionPrivateKey = existingService.SessionPrivateKey
 	service.SessionPublicKey = existingService.SessionPublicKey
 }
 
-func (m *Manager) sendServiceUpdateNotifications(accountID string, service *reverseproxy.Service, updateInfo *serviceUpdateInfo) {
+func (m *Manager) sendServiceUpdateNotifications(accountID string, service *rpservice.Service, updateInfo *serviceUpdateInfo) {
 	oidcCfg := m.proxyGRPCServer.GetOIDCValidationConfig()
 
 	switch {
 	case updateInfo.domainChanged && updateInfo.oldCluster != service.ProxyCluster:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Delete, "", oidcCfg), updateInfo.oldCluster)
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Create, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Delete, "", oidcCfg), updateInfo.oldCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Create, "", oidcCfg), service.ProxyCluster)
 	case !service.Enabled && updateInfo.serviceEnabledChanged:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Delete, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Delete, "", oidcCfg), service.ProxyCluster)
 	case service.Enabled && updateInfo.serviceEnabledChanged:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Create, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Create, "", oidcCfg), service.ProxyCluster)
 	default:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Update, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Update, "", oidcCfg), service.ProxyCluster)
 	}
 }
 
 // validateTargetReferences checks that all target IDs reference existing peers or resources in the account.
-func validateTargetReferences(ctx context.Context, transaction store.Store, accountID string, targets []*reverseproxy.Target) error {
+func validateTargetReferences(ctx context.Context, transaction store.Store, accountID string, targets []*rpservice.Target) error {
 	for _, target := range targets {
 		switch target.TargetType {
-		case reverseproxy.TargetTypePeer:
+		case rpservice.TargetTypePeer:
 			if _, err := transaction.GetPeerByID(ctx, store.LockingStrengthShare, accountID, target.TargetId); err != nil {
 				if sErr, ok := status.FromError(err); ok && sErr.Type() == status.NotFound {
 					return status.Errorf(status.InvalidArgument, "peer target %q not found in account", target.TargetId)
 				}
 				return fmt.Errorf("look up peer target %q: %w", target.TargetId, err)
 			}
-		case reverseproxy.TargetTypeHost, reverseproxy.TargetTypeSubnet, reverseproxy.TargetTypeDomain:
+		case rpservice.TargetTypeHost, rpservice.TargetTypeSubnet, rpservice.TargetTypeDomain:
 			if _, err := transaction.GetNetworkResourceByID(ctx, store.LockingStrengthShare, accountID, target.TargetId); err != nil {
 				if sErr, ok := status.FromError(err); ok && sErr.Type() == status.NotFound {
 					return status.Errorf(status.InvalidArgument, "resource target %q not found in account", target.TargetId)
@@ -382,7 +382,7 @@ func (m *Manager) DeleteService(ctx context.Context, accountID, userID, serviceI
 		return status.NewPermissionDeniedError()
 	}
 
-	var service *reverseproxy.Service
+	var service *rpservice.Service
 	err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		var err error
 		service, err = transaction.GetServiceByID(ctx, store.LockingStrengthUpdate, accountID, serviceID)
@@ -402,7 +402,7 @@ func (m *Manager) DeleteService(ctx context.Context, accountID, userID, serviceI
 
 	m.accountManager.StoreEvent(ctx, userID, serviceID, accountID, activity.ServiceDeleted, service.EventMeta())
 
-	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Delete, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Delete, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 
 	m.accountManager.UpdateAccountPeers(ctx, accountID)
 
@@ -429,7 +429,7 @@ func (m *Manager) SetCertificateIssuedAt(ctx context.Context, accountID, service
 }
 
 // SetStatus updates the status of the service (e.g., "active", "tunnel_not_created", etc.)
-func (m *Manager) SetStatus(ctx context.Context, accountID, serviceID string, status reverseproxy.ProxyStatus) error {
+func (m *Manager) SetStatus(ctx context.Context, accountID, serviceID string, status rpservice.Status) error {
 	return m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		service, err := transaction.GetServiceByID(ctx, store.LockingStrengthUpdate, accountID, serviceID)
 		if err != nil {
@@ -457,7 +457,7 @@ func (m *Manager) ReloadService(ctx context.Context, accountID, serviceID string
 		return fmt.Errorf("failed to replace host by lookup for service %s: %w", service.ID, err)
 	}
 
-	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 
 	m.accountManager.UpdateAccountPeers(ctx, accountID)
 
@@ -475,13 +475,13 @@ func (m *Manager) ReloadAllServicesForAccount(ctx context.Context, accountID str
 		if err != nil {
 			return fmt.Errorf("failed to replace host by lookup for service %s: %w", service.ID, err)
 		}
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 	}
 
 	return nil
 }
 
-func (m *Manager) GetGlobalServices(ctx context.Context) ([]*reverseproxy.Service, error) {
+func (m *Manager) GetGlobalServices(ctx context.Context) ([]*rpservice.Service, error) {
 	services, err := m.store.GetServices(ctx, store.LockingStrengthNone)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get services: %w", err)
@@ -497,7 +497,7 @@ func (m *Manager) GetGlobalServices(ctx context.Context) ([]*reverseproxy.Servic
 	return services, nil
 }
 
-func (m *Manager) GetServiceByID(ctx context.Context, accountID, serviceID string) (*reverseproxy.Service, error) {
+func (m *Manager) GetServiceByID(ctx context.Context, accountID, serviceID string) (*rpservice.Service, error) {
 	service, err := m.store.GetServiceByID(ctx, store.LockingStrengthNone, accountID, serviceID)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get service: %w", err)
@@ -511,7 +511,7 @@ func (m *Manager) GetServiceByID(ctx context.Context, accountID, serviceID strin
 	return service, nil
 }
 
-func (m *Manager) GetAccountServices(ctx context.Context, accountID string) ([]*reverseproxy.Service, error) {
+func (m *Manager) GetAccountServices(ctx context.Context, accountID string) ([]*rpservice.Service, error) {
 	services, err := m.store.GetAccountServices(ctx, store.LockingStrengthNone, accountID)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get services: %w", err)

management/internals/modules/reverseproxy/service/manager/manager_test.go

@@ -1,4 +1,4 @@
-package service
+package manager
 
 import (
 	"context"
@@ -10,7 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/shared/management/status"
 )
@@ -24,9 +24,9 @@ func TestInitializeServiceForCreate(t *testing.T) {
 			clusterDeriver: nil,
 		}
 
-		service := &reverseproxy.Service{
+		service := &rpservice.Service{
 			Domain: "example.com",
-			Auth:   reverseproxy.AuthConfig{},
+			Auth:   rpservice.AuthConfig{},
 		}
 
 		err := mgr.initializeServiceForCreate(ctx, accountID, service)
@@ -44,8 +44,8 @@ func TestInitializeServiceForCreate(t *testing.T) {
 			clusterDeriver: nil,
 		}
 
-		service1 := &reverseproxy.Service{Domain: "test1.com", Auth: reverseproxy.AuthConfig{}}
-		service2 := &reverseproxy.Service{Domain: "test2.com", Auth: reverseproxy.AuthConfig{}}
+		service1 := &rpservice.Service{Domain: "test1.com", Auth: rpservice.AuthConfig{}}
+		service2 := &rpservice.Service{Domain: "test2.com", Auth: rpservice.AuthConfig{}}
 
 		err1 := mgr.initializeServiceForCreate(ctx, accountID, service1)
 		err2 := mgr.initializeServiceForCreate(ctx, accountID, service2)
@@ -87,7 +87,7 @@ func TestCheckDomainAvailable(t *testing.T) {
 			setupMock: func(ms *store.MockStore) {
 				ms.EXPECT().
 					GetServiceByDomain(ctx, accountID, "exists.com").
-					Return(&reverseproxy.Service{ID: "existing-id", Domain: "exists.com"}, nil)
+					Return(&rpservice.Service{ID: "existing-id", Domain: "exists.com"}, nil)
 			},
 			expectedError: true,
 			errorType:     status.AlreadyExists,
@@ -99,7 +99,7 @@ func TestCheckDomainAvailable(t *testing.T) {
 			setupMock: func(ms *store.MockStore) {
 				ms.EXPECT().
 					GetServiceByDomain(ctx, accountID, "exists.com").
-					Return(&reverseproxy.Service{ID: "service-123", Domain: "exists.com"}, nil)
+					Return(&rpservice.Service{ID: "service-123", Domain: "exists.com"}, nil)
 			},
 			expectedError: false,
 		},
@@ -110,7 +110,7 @@ func TestCheckDomainAvailable(t *testing.T) {
 			setupMock: func(ms *store.MockStore) {
 				ms.EXPECT().
 					GetServiceByDomain(ctx, accountID, "exists.com").
-					Return(&reverseproxy.Service{ID: "service-123", Domain: "exists.com"}, nil)
+					Return(&rpservice.Service{ID: "service-123", Domain: "exists.com"}, nil)
 			},
 			expectedError: true,
 			errorType:     status.AlreadyExists,
@@ -179,7 +179,7 @@ func TestCheckDomainAvailable_EdgeCases(t *testing.T) {
 		mockStore := store.NewMockStore(ctrl)
 		mockStore.EXPECT().
 			GetServiceByDomain(ctx, accountID, "test.com").
-			Return(&reverseproxy.Service{ID: "some-id", Domain: "test.com"}, nil)
+			Return(&rpservice.Service{ID: "some-id", Domain: "test.com"}, nil)
 
 		mgr := &Manager{}
 		err := mgr.checkDomainAvailable(ctx, mockStore, accountID, "test.com", "")
@@ -215,10 +215,10 @@ func TestPersistNewService(t *testing.T) {
 		defer ctrl.Finish()
 
 		mockStore := store.NewMockStore(ctrl)
-		service := &reverseproxy.Service{
+		service := &rpservice.Service{
 			ID:      "service-123",
 			Domain:  "new.com",
-			Targets: []*reverseproxy.Target{},
+			Targets: []*rpservice.Target{},
 		}
 
 		// Mock ExecuteInTransaction to execute the function immediately
@@ -248,10 +248,10 @@ func TestPersistNewService(t *testing.T) {
 		defer ctrl.Finish()
 
 		mockStore := store.NewMockStore(ctrl)
-		service := &reverseproxy.Service{
+		service := &rpservice.Service{
 			ID:      "service-123",
 			Domain:  "existing.com",
-			Targets: []*reverseproxy.Target{},
+			Targets: []*rpservice.Target{},
 		}
 
 		mockStore.EXPECT().
@@ -260,7 +260,7 @@ func TestPersistNewService(t *testing.T) {
 				txMock := store.NewMockStore(ctrl)
 				txMock.EXPECT().
 					GetServiceByDomain(ctx, accountID, "existing.com").
-					Return(&reverseproxy.Service{ID: "other-id", Domain: "existing.com"}, nil)
+					Return(&rpservice.Service{ID: "other-id", Domain: "existing.com"}, nil)
 
 				return fn(txMock)
 			})
@@ -278,18 +278,18 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 	mgr := &Manager{}
 
 	t.Run("preserve password when empty", func(t *testing.T) {
-		existing := &reverseproxy.Service{
-			Auth: reverseproxy.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+		existing := &rpservice.Service{
+			Auth: rpservice.AuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "hashed-password",
 				},
 			},
 		}
 
-		updated := &reverseproxy.Service{
-			Auth: reverseproxy.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+		updated := &rpservice.Service{
+			Auth: rpservice.AuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "",
 				},
@@ -302,18 +302,18 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 	})
 
 	t.Run("preserve pin when empty", func(t *testing.T) {
-		existing := &reverseproxy.Service{
-			Auth: reverseproxy.AuthConfig{
-				PinAuth: &reverseproxy.PINAuthConfig{
+		existing := &rpservice.Service{
+			Auth: rpservice.AuthConfig{
+				PinAuth: &rpservice.PINAuthConfig{
 					Enabled: true,
 					Pin:     "hashed-pin",
 				},
 			},
 		}
 
-		updated := &reverseproxy.Service{
-			Auth: reverseproxy.AuthConfig{
-				PinAuth: &reverseproxy.PINAuthConfig{
+		updated := &rpservice.Service{
+			Auth: rpservice.AuthConfig{
+				PinAuth: &rpservice.PINAuthConfig{
 					Enabled: true,
 					Pin:     "",
 				},
@@ -326,18 +326,18 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 	})
 
 	t.Run("do not preserve when password is provided", func(t *testing.T) {
-		existing := &reverseproxy.Service{
-			Auth: reverseproxy.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+		existing := &rpservice.Service{
+			Auth: rpservice.AuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "old-password",
 				},
 			},
 		}
 
-		updated := &reverseproxy.Service{
-			Auth: reverseproxy.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+		updated := &rpservice.Service{
+			Auth: rpservice.AuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "new-password",
 				},
@@ -354,8 +354,8 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 func TestPreserveServiceMetadata(t *testing.T) {
 	mgr := &Manager{}
 
-	existing := &reverseproxy.Service{
-		Meta: reverseproxy.ServiceMeta{
+	existing := &rpservice.Service{
+		Meta: rpservice.ServiceMeta{
 			CertificateIssuedAt: time.Now(),
 			Status:              "active",
 		},
@@ -363,7 +363,7 @@ func TestPreserveServiceMetadata(t *testing.T) {
 		SessionPublicKey:  "public-key",
 	}
 
-	updated := &reverseproxy.Service{
+	updated := &rpservice.Service{
 		Domain: "updated.com",
 	}
 

management/internals/modules/reverseproxy/service/service.go

@@ -1,4 +1,4 @@
-package reverseproxy
+package service
 
 import (
 	"errors"
@@ -26,15 +26,15 @@ const (
 	Delete Operation = "delete"
 )
 
-type ProxyStatus string
+type Status string
 
 const (
-	StatusPending            ProxyStatus = "pending"
-	StatusActive             ProxyStatus = "active"
-	StatusTunnelNotCreated   ProxyStatus = "tunnel_not_created"
-	StatusCertificatePending ProxyStatus = "certificate_pending"
-	StatusCertificateFailed  ProxyStatus = "certificate_failed"
-	StatusError              ProxyStatus = "error"
+	StatusPending            Status = "pending"
+	StatusActive             Status = "active"
+	StatusTunnelNotCreated   Status = "tunnel_not_created"
+	StatusCertificatePending Status = "certificate_pending"
+	StatusCertificateFailed  Status = "certificate_failed"
+	StatusError              Status = "error"
 
 	TargetTypePeer   = "peer"
 	TargetTypeHost   = "host"

management/internals/modules/reverseproxy/service/service_test.go

@@ -1,4 +1,4 @@
-package reverseproxy
+package service
 
 import (
 	"errors"