From: Hezko <tomer.haska@gmail.com>
Date: Wed, 20 May 2026 07:33:12 +0000 (+0300)
Subject: Merge pull request #68728 from Hezko/bugfix-14187
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b3801e4fd4fd3a6194de76418ae830b280845e4d;p=ceph.git

Merge pull request #68728 from Hezko/bugfix-14187

mgr/dashboard: raise an error when invalid server-address was provided
---

b3801e4fd4fd3a6194de76418ae830b280845e4d
diff --cc src/pybind/mgr/dashboard/services/nvmeof_client.py
index c3ce16e8b691,879968e4c8e9..dc44eff47b5c
--- a/src/pybind/mgr/dashboard/services/nvmeof_client.py
+++ b/src/pybind/mgr/dashboard/services/nvmeof_client.py
@@@ -74,25 -64,28 +74,32 @@@ else
                      None
                  )
                  if matched_gateway:
 -                    self.daemon_name = matched_gateway.get('daemon_name')
                      self.gateway_addr = matched_gateway.get('service_url')
                      logger.debug("Gateway address set to: %s", self.gateway_addr)
+                 else:
+                     raise DashboardException(
+                         msg=f"No gateway found matching server address: {server_address}",
+                         code='server_address_not_found',
+                         component='nvmeof',
+                         http_status_code=400
+                     )
              enable_auth = is_mtls_enabled(service_name)
              if enable_auth:
 -                client_key = NvmeofGatewaysConfig.get_client_key(service_name)
 -                client_cert = NvmeofGatewaysConfig.get_client_cert(service_name)
 -                server_cert = NvmeofGatewaysConfig.get_ssl_cert(service_name)
 -                logger.info('Securely connecting to: %s', self.gateway_addr)
 -                credentials = grpc.ssl_channel_credentials(
 -                    root_certificates=server_cert,
 -                    private_key=client_key,
 -                    certificate_chain=client_cert,
 -                )
 -                self.channel = grpc.secure_channel(self.gateway_addr, credentials)
 +                tls_bundle = NvmeofGatewaysConfig.get_nvmeof_tls_bundle(service_name,
 +                                                                        self.daemon_name)
 +                if tls_bundle:
 +                    logger.info('Securely connecting to: %s', self.gateway_addr)
 +                    encoded_tls_bundle = encode_tls_bundle(tls_bundle)
 +                    credentials = grpc.ssl_channel_credentials(
 +                        root_certificates=encoded_tls_bundle['server_cert'],
 +                        private_key=encoded_tls_bundle['client_key'],
 +                        certificate_chain=encoded_tls_bundle['client_cert'],
 +                    )
 +                    self.channel = grpc.secure_channel(self.gateway_addr, credentials)
 +                else:
 +                    self.channel = None
 +                    logger.error("Cannot obtain nvmeof TLS bundle for the service %s (gw: %s)",
 +                                 service_name, self.gateway_addr)
              else:
                  logger.info("Insecurely connecting to: %s", self.gateway_addr)
                  self.channel = grpc.insecure_channel(self.gateway_addr)