Add safe OpenVPN preflight and dry-run provisioning

src/main/java/com/litoralregas/openvpn/router/RouterController.java

@@ -69,20 +69,38 @@ public class RouterController {
 
             var allocation = ipAllocationService.findByRouterId(id);
 
-            String command = openVpnService.buildProvisionCommand(
+            var preflight = openVpnService.runPreflightCheck();
+
+            if (preflight.exitCode() != 0) {
+                throw new IllegalStateException(
+                        "Preflight failed. stdout: " + preflight.stdout()
+                                + " stderr: " + preflight.stderr()
+                );
+            }
+
+            var result = openVpnService.provisionClient(
                     allocation.getClientName(),
                     allocation.getLanSubnet(),
                     allocation.getVpnIp()
             );
 
+            if (result.exitCode() != 0) {
+                throw new IllegalStateException(
+                        "Provision failed. stdout: " + result.stdout()
+                                + " stderr: " + result.stderr()
+                );
+            }
+
             var finishedDeployment = deploymentService.finishSuccess(
                     deployment,
-                    "DRY RUN ONLY. Would execute: " + command
+                    result.stdout()
             );
 
-            // Keep this as PROVISIONING? No — dry run succeeded but real provision did not happen.
-            // So we should NOT mark as PROVISIONED yet.
-            service.forceStatus(id, RouterStatus.PENDING);
+            if (openVpnService.isDryRun()) {
+                service.forceStatus(id, RouterStatus.PENDING);
+            } else {
+                service.forceStatus(id, RouterStatus.PROVISIONED);
+            }
 
             return DeploymentResponse.from(finishedDeployment);
         } catch (Exception exception) {