Bug Report: In-place Mutation of Device Name in _get_common_name()

Description

The _get_common_name() function currently truncates long device names by mutating device.name directly.

Due to Django’s ForeignKey caching behavior, this modification affects the original in-memory Device instance, leading to silent data corruption during VPN certificate provisioning.

Steps to Reproduce

1. Create a Device with a name exceeding the certificate Common Name (CN) length limit.
2. Trigger VPN certificate provisioning for that device.
3. Inspect the device.name attribute after provisioning.

Actual Behavior

• device.name is unexpectedly modified (truncated) in memory.
• This happens because _get_common_name() alters the original object instead of working on a copy.

Expected Behavior

• device.name should remain unchanged.
• Only the certificate’s Common Name (CN) should be truncated for compliance.

Related PR

• [fix] _get_common_name() must not mutate the device name in-place #1294

Impact

• Silent mutation of model instances
• Potential inconsistencies across the application
• Hard-to-debug side effects due to Django ORM caching

Suggested Fix

Avoid mutating the original device.name. Instead, operate on a derived value:

cn = device.name[:MAX_CN_LENGTH]

without modifying the device instance itself.

Benefit

Ensures data integrity, avoids unintended side effects, and aligns with Django best practices for immutable model handling in utility functions.