Fixup 12492: Refactor allowedGrpcService to be non optional and fix bug

Makes `allowedGrpcServices` to be a non-optional struct instead of
an `Optional<Map<str,AllowedService>>` since it's
essentially an immuatable hash map, making it preferable to use an empty
instance instead of null.

Change a small bug where we continued instead of return when parsing
bootstrap credentials.

Author: sauravzg

xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java

@@ -25,9 +25,10 @@
 import io.grpc.xds.client.BootstrapperImpl;
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsLogger;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcService;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcServices;
 import io.grpc.xds.internal.grpcservice.ChannelCredsConfig;
 import io.grpc.xds.internal.grpcservice.ConfiguredChannelCredentials;
-import io.grpc.xds.internal.grpcservice.GrpcServiceXdsContext;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
@@ -163,7 +164,7 @@ private static ConfiguredChannelCredentials parseChannelCredentials(List<Map<Str
 
         ChannelCredentials creds = provider.newChannelCredentials(config);
         if (creds == null) {
-          continue;
+          return null;
         }
         return ConfiguredChannelCredentials.create(creds, new JsonChannelCredsConfig(type, config));
       }
@@ -172,10 +173,14 @@ private static ConfiguredChannelCredentials parseChannelCredentials(List<Map<Str
   }
 
   @Override
-  protected Optional<Object> parseAllowedGrpcServices(
+  protected Object parseAllowedGrpcServices(
       Map<String, ?> rawAllowedGrpcServices)
       throws XdsInitializationException {
-    ImmutableMap.Builder<String, GrpcServiceXdsContext.AllowedGrpcService> builder =
+    if (rawAllowedGrpcServices == null || rawAllowedGrpcServices.isEmpty()) {
+      return AllowedGrpcServices.empty();
+    }
+
+    ImmutableMap.Builder<String, AllowedGrpcService> builder =
         ImmutableMap.builder();
     for (String targetUri : rawAllowedGrpcServices.keySet()) {
       Map<String, ?> serviceConfig = JsonUtil.getObject(rawAllowedGrpcServices, targetUri);
@@ -193,13 +198,12 @@ protected Optional<Object> parseAllowedGrpcServices(
             parseCallCredentials(JsonUtil.checkObjectList(rawCallCredsList), targetUri);
       }
 
-      GrpcServiceXdsContext.AllowedGrpcService.Builder b = GrpcServiceXdsContext.AllowedGrpcService
-          .builder().configuredChannelCredentials(configuredChannel);
+      AllowedGrpcService.Builder b = AllowedGrpcService.builder()
+          .configuredChannelCredentials(configuredChannel);
       callCredentials.ifPresent(b::callCredentials);
       builder.put(targetUri, b.build());
     }
-    ImmutableMap<String, GrpcServiceXdsContext.AllowedGrpcService> parsed = builder.buildOrThrow();
-    return parsed.isEmpty() ? Optional.empty() : Optional.of(parsed);
+    return AllowedGrpcServices.create(builder.build());
   }
 
   @SuppressWarnings("unused")

xds/src/main/java/io/grpc/xds/client/Bootstrapper.java

@@ -24,9 +24,9 @@
 import com.google.common.collect.ImmutableMap;
 import io.grpc.Internal;
 import io.grpc.xds.client.EnvoyProtoData.Node;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcServices;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import javax.annotation.Nullable;
 
 /**
@@ -210,13 +210,14 @@ public abstract static class BootstrapInfo {
      * Parsed allowed_grpc_services configuration.
      * Returns an opaque object containing the parsed configuration.
      */
-    public abstract Optional<Object> allowedGrpcServices();
+    public abstract Object allowedGrpcServices();
 
     @VisibleForTesting
     public static Builder builder() {
       return new AutoValue_Bootstrapper_BootstrapInfo.Builder()
           .clientDefaultListenerResourceNameTemplate("%s")
-          .authorities(ImmutableMap.<String, AuthorityInfo>of());
+          .authorities(ImmutableMap.<String, AuthorityInfo>of())
+          .allowedGrpcServices(AllowedGrpcServices.empty());
     }
 
     @AutoValue.Builder
@@ -238,7 +239,7 @@ public abstract Builder clientDefaultListenerResourceNameTemplate(
 
       public abstract Builder authorities(Map<String, AuthorityInfo> authorities);
 
-      public abstract Builder allowedGrpcServices(Optional<Object> allowedGrpcServices);
+      public abstract Builder allowedGrpcServices(Object allowedGrpcServices);
 
       public abstract BootstrapInfo build();
     }

xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java

@@ -240,17 +240,15 @@ protected BootstrapInfo.Builder bootstrapBuilder(Map<String, ?> rawData)
     }
 
     Map<String, ?> rawAllowedGrpcServices = JsonUtil.getObject(rawData, "allowed_grpc_services");
-    if (rawAllowedGrpcServices != null) {
-      builder.allowedGrpcServices(parseAllowedGrpcServices(rawAllowedGrpcServices));
-    }
+    builder.allowedGrpcServices(parseAllowedGrpcServices(rawAllowedGrpcServices));
 
     return builder;
   }
 
-  protected java.util.Optional<Object> parseAllowedGrpcServices(
+  protected Object parseAllowedGrpcServices(
       Map<String, ?> rawAllowedGrpcServices)
       throws XdsInitializationException {
-    return java.util.Optional.empty();
+    return io.grpc.xds.internal.grpcservice.AllowedGrpcServices.empty();
   }
 
   private List<ServerInfo> parseServerInfos(List<?> rawServerConfigs, XdsLogger logger)

xds/src/main/java/io/grpc/xds/internal/grpcservice/AllowedGrpcService.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import com.google.auto.value.AutoValue;
+import io.grpc.CallCredentials;
+import java.util.Optional;
+
+/**
+ * Represents an allowed gRPC service configuration with local credentials.
+ */
+@AutoValue
+public abstract class AllowedGrpcService {
+  public abstract ConfiguredChannelCredentials configuredChannelCredentials();
+
+  public abstract Optional<CallCredentials> callCredentials();
+
+  public static Builder builder() {
+    return new AutoValue_AllowedGrpcService.Builder();
+  }
+
+  @AutoValue.Builder
+  public abstract static class Builder {
+    public abstract Builder configuredChannelCredentials(ConfiguredChannelCredentials credentials);
+
+    public abstract Builder callCredentials(CallCredentials callCredentials);
+
+    public abstract AllowedGrpcService build();
+  }
+}

xds/src/main/java/io/grpc/xds/internal/grpcservice/AllowedGrpcServices.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds.internal.grpcservice;
+
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableMap;
+import java.util.Map;
+
+/**
+ * Wrapper for allowed gRPC services keyed by target URI.
+ */
+@AutoValue
+public abstract class AllowedGrpcServices {
+  public abstract ImmutableMap<String, AllowedGrpcService> services();
+
+  public static AllowedGrpcServices create(Map<String, AllowedGrpcService> services) {
+    return new AutoValue_AllowedGrpcServices(ImmutableMap.copyOf(services));
+  }
+
+  public static AllowedGrpcServices empty() {
+    return create(ImmutableMap.of());
+  }
+}

xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfigParser.java

@@ -130,7 +130,7 @@ public static GrpcServiceConfig.GoogleGrpcConfig parseGoogleGrpcConfig(
     }
 
     if (!context.isTrustedControlPlane()) {
-      Optional<GrpcServiceXdsContext.AllowedGrpcService> override =
+      Optional<AllowedGrpcService> override =
           context.validAllowedGrpcService();
       if (!override.isPresent()) {
         throw new GrpcServiceParseException(

xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceXdsContext.java

@@ -17,7 +17,6 @@
 package io.grpc.xds.internal.grpcservice;
 
 import com.google.auto.value.AutoValue;
-import io.grpc.CallCredentials;
 import io.grpc.Internal;
 import java.util.Optional;
 
@@ -45,27 +44,4 @@ public static GrpcServiceXdsContext create(
         isTargetUriSchemeSupported);
   }
 
-  /**
-   * Represents an allowed gRPC service configuration with local credentials.
-   */
-  @AutoValue
-  public abstract static class AllowedGrpcService {
-    public abstract ConfiguredChannelCredentials configuredChannelCredentials();
-
-    public abstract Optional<CallCredentials> callCredentials();
-
-    public static Builder builder() {
-      return new AutoValue_GrpcServiceXdsContext_AllowedGrpcService.Builder();
-    }
-
-    @AutoValue.Builder
-    public abstract static class Builder {
-      public abstract Builder configuredChannelCredentials(
-          ConfiguredChannelCredentials credentials);
-
-      public abstract Builder callCredentials(CallCredentials callCredentials);
-
-      public abstract AllowedGrpcService build();
-    }
-  }
 }

xds/src/test/java/io/grpc/xds/GrpcBootstrapperImplTest.java

@@ -37,7 +37,8 @@
 import io.grpc.xds.client.EnvoyProtoData.Node;
 import io.grpc.xds.client.Locality;
 import io.grpc.xds.client.XdsInitializationException;
-import io.grpc.xds.internal.grpcservice.GrpcServiceXdsContext.AllowedGrpcService;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcService;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcServices;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
@@ -117,13 +118,10 @@ public void parseBootstrap_allowedGrpcServices() throws XdsInitializationExcepti
 
     bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
     BootstrapInfo info = bootstrapper.bootstrap();
-    @SuppressWarnings("unchecked")
-    Map<String, AllowedGrpcService> allowed =
-        (Map<String, AllowedGrpcService>) info.allowedGrpcServices().get();
-
+    AllowedGrpcServices allowed = (AllowedGrpcServices) info.allowedGrpcServices();
     assertThat(allowed).isNotNull();
-    assertThat(allowed).containsKey("dns:///foo.com:443");
-    AllowedGrpcService service = allowed.get("dns:///foo.com:443");
+    assertThat(allowed.services()).containsKey("dns:///foo.com:443");
+    AllowedGrpcService service = allowed.services().get("dns:///foo.com:443");
     assertThat(service.configuredChannelCredentials().channelCredentials())
         .isInstanceOf(InsecureChannelCredentials.class);
     assertThat(service.callCredentials().isPresent()).isFalse();

xds/src/test/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfigParserTest.java

@@ -29,7 +29,6 @@
 import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.local.v3.LocalCredentials;
 import io.envoyproxy.envoy.extensions.grpc_service.channel_credentials.xds.v3.XdsCredentials;
 import io.grpc.InsecureChannelCredentials;
-import io.grpc.xds.internal.grpcservice.GrpcServiceXdsContext.AllowedGrpcService;
 import java.nio.charset.StandardCharsets;
 import org.junit.Test;
 import org.junit.runner.RunWith;