[sd/etcd_factory] try default identity if etcd identity fails

And fail without trying to connect if neither the etcd identity nor default identity are valid.

diff --git a/sd/etcd_factory.go b/sd/etcd_factory.go
index 11c183ee8278507cf4272c4a3c2d62c623f34957..bd4badc507c945a715b7229e221b8e32094d965f 100644 (file)
--- a/sd/etcd_factory.go
+++ b/sd/etcd_factory.go
@@ -31,6 +31,15 @@ func NewDefaultEtcdClient() (*etcd_client.Client, error) {
        logger := log.WithPrefix("etcd-client")
 
        id := mtls.NewServiceIdentity(etcdMtlsId)
+       if !id.IsValid() {
+               id = mtls.DefaultIdentity()
+
+               if !id.IsValid() || id.Class() == mtls.AnonymousPrincipal {
+                       return nil, fmt.Errorf(
+                               "no valid identities available for connecting to etcd (tried %v, %v)",
+                               etcdMtlsId, id)
+               }
+       }
 
        if clientSingleton == nil {
                deadline := time.Now().Add(time.Millisecond * time.Duration(etcdStartupTimeoutMs))