fix xds credentials being silently ignored (#566)

* fix xds credentials being silently ignored Fixes #565 * Apply suggestion from @dragonsinth Co-authored-by: Scott Blum <dragonsinth@gmail.com> --------- Co-authored-by: Scott Blum <dragonsinth@gmail.com>
2026-06-18 17:08:30 +03:00 · 2026-06-15 17:10:27 +02:00
parent 4ea1554ec7
commit afea969b8a
1 changed files with 17 additions and 2 deletions
--- a/grpcurl.go
+++ b/grpcurl.go
@@ -614,8 +614,8 @@ func BlockingDial(ctx context.Context, network, address string, creds credential
 	}
 	var err error
-	if strings.HasPrefix(address, "xds:///") {
+	if strings.HasPrefix(address, "xds://") {
-		// The xds:/// prefix is used to signal to the gRPC client to use an xDS server to resolve the
+		// The xds:// prefix is used to signal to the gRPC client to use an xDS server to resolve the
 		// target. The relevant credentials will be automatically pulled from the GRPC_XDS_BOOTSTRAP or
 		// GRPC_XDS_BOOTSTRAP_CONFIG env vars.
 		creds, err = xdsCredentials.NewClientCredentials(xdsCredentials.ClientOptions{FallbackCreds: creds})
@@ -753,3 +753,18 @@ func (c *errSignalingConn) Read(b []byte) (int, error) {
 	}
 	return n, err
 }
 // UsesXDS forwards the optional UsesXDS marker of the wrapped credentials. The
 // xDS credentials returned for "xds://" targets implement this method, and
 // grpc-go's cds balancer relies on a type assertion for it to decide whether to
 // apply the security configuration (e.g. UpstreamTlsContext) delivered by the
 // management server. Because errSignalingCreds embeds the TransportCredentials
 // interface, that extra method is not promoted automatically, so we forward it
 // explicitly. Without this, xDS-supplied mTLS is silently ignored and the
 // connection falls back to the plain credentials.
 func (c *errSignalingCreds) UsesXDS() bool {
 	if x, ok := c.TransportCredentials.(interface{ UsesXDS() bool }); ok {
 		return x.UsesXDS()
 	}
 	return false
 }