refactor(gateway): single-source API-level cluster name

Both xDS builders now build "<env>_<hash>" through clusterkey.APILevelName so the two paths cannot drift. Add known-answer vectors pinning SHA-256[:8].

Author: mehara-rothila

gateway/gateway-controller/pkg/transform/restapi.go

@@ -344,7 +344,7 @@ func (t *RestAPITransformer) addUpstreamCluster(
 	// keys stay continuous). ClusterKey and EnvoyClusterName are intentionally
 	// the same string so the policy engine's `default_upstream_cluster` metadata
 	// points at the actual Envoy cluster.
-	clusterKey := upstreamName + "_" + clusterkey.APILevel(rdc.Metadata.UUID)
+	clusterKey := clusterkey.APILevelName(upstreamName, rdc.Metadata.UUID)
 
 	rdc.UpstreamClusters[clusterKey] = &models.UpstreamCluster{
 		BasePath: basePath,

gateway/gateway-controller/pkg/utils/clusterkey/clusterkey.go

@@ -44,3 +44,9 @@ func APILevel(apiID string) string {
 	sum := sha256.Sum256([]byte(apiID))
 	return hex.EncodeToString(sum[:8])
 }
+
+// APILevelName joins the env prefix ("main"/"sandbox") to the APILevel fragment
+// to form the full Envoy cluster name, so both xDS builders name clusters identically.
+func APILevelName(env, apiID string) string {
+	return env + "_" + APILevel(apiID)
+}

gateway/gateway-controller/pkg/utils/clusterkey/clusterkey_test.go

@@ -50,4 +50,36 @@ func TestAPILevel(t *testing.T) {
 		b := APILevel("api-2")
 		assert.NotEqual(t, a, b)
 	})
+
+	// Known-answer vectors pin the algorithm to SHA-256[:8]. Without these, any
+	// deterministic 16-hex function would satisfy the shape checks above.
+	t.Run("known-answer vectors", func(t *testing.T) {
+		assert.Equal(t, "f9811b73ac5d1a8d", APILevel("api-1"))
+		assert.Equal(t, "2a28373e2cacc6ea", APILevel("test-api"))
+	})
+
+	// Empty input is deterministic (the SHA-256 of the empty string), documenting
+	// that APILevel itself does not reject empty apiIDs; non-emptiness is enforced
+	// upstream at deploy time.
+	t.Run("empty input is deterministic", func(t *testing.T) {
+		assert.Equal(t, "e3b0c44298fc1c14", APILevel(""))
+	})
+}
+
+// TestAPILevelName validates the full cluster-name contract: the env prefix
+// joined to the APILevel fragment. Both xDS builders go through this helper, so
+// the two paths cannot drift.
+func TestAPILevelName(t *testing.T) {
+	t.Run("joins env prefix to fragment", func(t *testing.T) {
+		assert.Equal(t, "main_"+APILevel("api-1"), APILevelName("main", "api-1"))
+		assert.Equal(t, "sandbox_"+APILevel("api-1"), APILevelName("sandbox", "api-1"))
+	})
+
+	t.Run("main and sandbox share the fragment, differ by prefix", func(t *testing.T) {
+		main := APILevelName("main", "api-1")
+		sandbox := APILevelName("sandbox", "api-1")
+		assert.NotEqual(t, main, sandbox)
+		assert.Equal(t, "main_f9811b73ac5d1a8d", main)
+		assert.Equal(t, "sandbox_f9811b73ac5d1a8d", sandbox)
+	})
 }

gateway/gateway-controller/pkg/xds/translator.go

@@ -983,7 +983,7 @@ func (t *Translator) resolveUpstreamCluster(apiID, upstreamName string, up *api.
 	}
 
 	// Generate cluster name from URL-stable hash (URL intentionally excluded).
-	clusterName := upstreamName + "_" + clusterkey.APILevel(apiID)
+	clusterName := clusterkey.APILevelName(upstreamName, apiID)
 
 	return clusterName, parsedURL, timeout, nil
 }