xds: change google_default/compute_engine creds to select TLS if the xDS cluster name is prefixed with 'google_cfe_' (#8152)

Following up changes in bbc5f61abb, the cluster_resolver LB policy uses the hostname received in CDS responses for discovering LOGICAL_DNS cluster endpoints.

Based on the new design, TD will generate a CFE cluster called "google_cfe_${service_name}" (e.g., for DirectPath service "cloud-bigtable.googleapis.com", the cluster name will be "google_cfe_cloud-bigtable.googleapis.com") for each DirectPath service. google_default/compute_engine creds will identify CFE clusters by the name having the prefix "google_cfe_".

alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java

@@ -65,6 +65,8 @@ public final class AltsProtocolNegotiator {
 
   private static final AsciiString SCHEME = AsciiString.of("https");
 
+  private static final String DIRECT_PATH_SERVICE_CFE_CLUSTER_PREFIX = "google_cfe_";
+
   /**
    * ClientAltsProtocolNegotiatorFactory is a factory for doing client side negotiation of an ALTS
    * channel.
@@ -282,7 +284,8 @@ public final class AltsProtocolNegotiator {
       boolean isXdsDirectPath = false;
       if (clusterNameAttrKey != null) {
         String clusterName = grpcHandler.getEagAttributes().get(clusterNameAttrKey);
-        if (clusterName != null && !clusterName.equals("google_cfe")) {
+        if (clusterName != null
+            && !clusterName.startsWith(DIRECT_PATH_SERVICE_CFE_CLUSTER_PREFIX)) {
           isXdsDirectPath = true;
         }
       }

alts/src/test/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiatorTest.java

@@ -181,8 +181,8 @@ public final class GoogleDefaultProtocolNegotiatorTest {
 
     @Test
     public void tlsHandler_googleCfe() {
-      Attributes attrs =
-          Attributes.newBuilder().set(XDS_CLUSTER_NAME_ATTR_KEY, "google_cfe").build();
+      Attributes attrs = Attributes.newBuilder().set(
+          XDS_CLUSTER_NAME_ATTR_KEY, "google_cfe_api.googleapis.com").build();
       subtest_tlsHandler(attrs);
     }
   }