Make sure really long service names still end up with cluster names t…

…hat don't collide.

Fixes #4354.

Signed-off-by: Flynn <emissary@flynn.kodachi.com>

CHANGELOG.md

@@ -85,37 +85,14 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
   Host. The `tlsSecret` field in the Host has a new subfield `namespace` that will allow the use of
   secrets from different namespaces.
 
-- Feature: Previously the `Host` resource could only use secrets that are in the namespace as the
-  Host. The `tlsSecret` field in the Host has a new subfield `namespace` that will allow the use of
-  secrets from different namespaces.
-
 - Change: Set `AMBASSADOR_EDS_BYPASS` to `true` to bypass EDS handling of endpoints and have
   endpoints be inserted to clusters manually. This can help resolve with `503 UH` caused by
   certification rotation relating to a delay between EDS + CDS. The default is `false`.
 
-## [3.1.1] TBD
-[3.1.1]: https://github.com/emissary-ingress/emissary/compare/v3.1.0...v3.1.1
-
-### Emissary-ingress and Ambassador Edge Stack
-
-## [3.0.1] TBD
-[3.0.1]: https://github.com/emissary-ingress/emissary/compare/v3.0.0...v3.0.1
-
-### Emissary-ingress and Ambassador Edge Stack
-
-- Bugfix: A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming
-  from emissary ingress before sending them to Ambassador cloud. This issue has been resolved to
-  ensure that all the nodes composing the emissary ingress cluster are reporting properly.
-
-- Security: Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327,
-  CVE-2022-24675, CVE-2022-24921, CVE-2022-23772.
+- Bugfix: Distinct services with names that are the same in the first forty characters will no
+  longer be incorrectly mapped to the same cluster. ([#4354])
 
-- Security: Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782,
-  CVE-2022-27781, CVE-2022-27780.
-
-- Security: Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.
-
-- Security: Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458
+[#4354]: https://github.com/emissary-ingress/emissary/issues/4354
 
 ## [3.1.0] August 01, 2022
 [3.1.0]: https://github.com/emissary-ingress/emissary/compare/v3.0.0...v3.1.0

docs/releaseNotes.yml

@@ -49,52 +49,20 @@ items:
           Previously the <code>Host</code> resource could only use secrets that are in the namespace as the
           Host. The <code>tlsSecret</code> field in the Host has a new subfield <code>namespace</code> that will allow
           the use of secrets from different namespaces.
-      - title: Add support for Host resources using secrets from different namespaces
-        type: feature
-        body: >-
-          Previously the <code>Host</code> resource could only use secrets that are in the namespace as the
-          Host. The <code>tlsSecret</code> field in the Host has a new subfield <code>namespace</code> that will allow
-          the use of secrets from different namespaces.
       - title: Allow bypassing of EDS for manual endpoint insertion
         type: change
         body: >-
           Set `AMBASSADOR_EDS_BYPASS` to `true` to bypass EDS handling of endpoints and have endpoints be
           inserted to clusters manually. This can help resolve with `503 UH` caused by certification rotation relating to
           a delay between EDS + CDS. The default is `false`.
-
-  - version: 3.1.1
-    prevVersion: 3.1.0
-    date: 'TBD'
-    notes: []
-
-  - version: 3.0.1
-    prevVersion: 3.0.0
-    date: 'TBD'
-    notes:
-      - title: Fix regression in the agent for the metrics transfer.
+      - title: Correctly manage cluster names when service names are very long
         type: bugfix
         body: >-
-          A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming from
-          emissary ingress before sending them to Ambassador cloud. This issue has been resolved to ensure
-          that all the nodes composing the emissary ingress cluster are reporting properly.
-      - title: Update Golang to 1.17.12
-        type: security
-        body: >-
-          Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327, CVE-2022-24675,
-          CVE-2022-24921, CVE-2022-23772.
-      - title: Update Curl to 7.80.0-r2
-        type: security
-        body: >-
-          Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782, CVE-2022-27781,
-          CVE-2022-27780.
-      - title: Update openSSL-dev to 1.1.1q-r0
-        type: security
-        body: >-
-          Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.
-      - title: Update ncurses to 1.1.1q-r0
-        type: security
-        body: >-
-          Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458
+          Distinct services with names that are the same in the first forty characters
+          will no longer be incorrectly mapped to the same cluster.
+        github:
+        - title: "#4354"
+          link: https://github.com/emissary-ingress/emissary/issues/4354
 
   - version: 3.1.0
     date: '2022-08-01'

python/ambassador/ir/ir.py

@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License
-import json
+import hashlib
 import logging
 import os
 from ipaddress import ip_address
@@ -480,7 +480,11 @@ def __init__(
             if len(name) > 60:
                 # Too long. Gather this cluster by name prefix and normalize
                 # its name below.
-                short_name = name[0:40]
+                h = hashlib.new("sha1")
+                h.update(name.encode("utf-8"))
+                hd = h.hexdigest()[0:16].upper()
+
+                short_name = name[0:40] + "-" + hd
 
                 cluster = self.clusters[name]
                 self.logger.debug(f"COLLISION: compress {name} to {short_name}")