From 4828698bec2c44005a3f0ad4f70b70ceeeae9049 Mon Sep 17 00:00:00 2001
From: sanjaypujare <sanjaypujare@users.noreply.github.com>
Date: Fri, 3 Sep 2021 12:38:26 -0700
Subject: [PATCH] xds: enable PSM security by default (#8478)

---
 .../main/java/io/grpc/xds/ClusterImplLoadBalancer.java |  3 ++-
 .../java/io/grpc/xds/ClusterImplLoadBalancerTest.java  | 10 +++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
index dffbe3dade..d95361935a 100644
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@@ -69,7 +69,8 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
           || Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_CIRCUIT_BREAKING"));
   @VisibleForTesting
   static boolean enableSecurity =
-      Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"));
+      Strings.isNullOrEmpty(System.getenv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"))
+          || Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"));
   private static final Attributes.Key<ClusterLocalityStats> ATTR_CLUSTER_LOCALITY_STATS =
       Attributes.Key.create("io.grpc.xds.ClusterImplLoadBalancer.clusterLocalityStats");
 
diff --git a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
index 3b2a54c2c2..dfcf101fcf 100644
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@@ -480,16 +480,16 @@ public class ClusterImplLoadBalancerTest {
   }
 
   @Test
-  public void endpointAddressesAttachedWithTlsConfig_enableSecurity() {
+  public void endpointAddressesAttachedWithTlsConfig_disableSecurity() {
     boolean originalEnableSecurity = ClusterImplLoadBalancer.enableSecurity;
-    ClusterImplLoadBalancer.enableSecurity = true;
-    subtest_endpointAddressesAttachedWithTlsConfig(true);
+    ClusterImplLoadBalancer.enableSecurity = false;
+    subtest_endpointAddressesAttachedWithTlsConfig(false);
     ClusterImplLoadBalancer.enableSecurity = originalEnableSecurity;
   }
 
   @Test
-  public void endpointAddressesAttachedWithTlsConfig_securityDisabledByDefault() {
-    subtest_endpointAddressesAttachedWithTlsConfig(false);
+  public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
+    subtest_endpointAddressesAttachedWithTlsConfig(true);
   }
 
   private void subtest_endpointAddressesAttachedWithTlsConfig(boolean enableSecurity) {