From: Dan Fuhry <dan@fuhry.com>
Date: Fri, 14 Nov 2025 18:25:06 +0000 (-0500)
Subject: [sd/etcd_factory] try default identity if etcd identity fails
X-Git-Url: https://go.fuhry.dev/?a=commitdiff_plain;h=d6af7a70c1d1aeaead1b180bca841b0b78748876;p=runtime.git

[sd/etcd_factory] try default identity if etcd identity fails

And fail without trying to connect if neither the etcd identity nor default identity are valid.
---

diff --git a/sd/etcd_factory.go b/sd/etcd_factory.go
index 11c183e..bd4badc 100644
--- a/sd/etcd_factory.go
+++ b/sd/etcd_factory.go
@@ -31,6 +31,15 @@ func NewDefaultEtcdClient() (*etcd_client.Client, error) {
 	logger := log.WithPrefix("etcd-client")
 
 	id := mtls.NewServiceIdentity(etcdMtlsId)
+	if !id.IsValid() {
+		id = mtls.DefaultIdentity()
+
+		if !id.IsValid() || id.Class() == mtls.AnonymousPrincipal {
+			return nil, fmt.Errorf(
+				"no valid identities available for connecting to etcd (tried %v, %v)",
+				etcdMtlsId, id)
+		}
+	}
 
 	if clientSingleton == nil {
 		deadline := time.Now().Add(time.Millisecond * time.Duration(etcdStartupTimeoutMs))