aws
diff --git a/‎agent/ecscni/netconfig_linux.go
Lines changed: 22 additions & 2 deletions b/‎agent/ecscni/netconfig_linux.go
Lines changed: 22 additions & 2 deletions
diff --git a/‎agent/ecscni/plugin_linux_test.go
Lines changed: 196 additions & 65 deletions b/‎agent/ecscni/plugin_linux_test.go
Lines changed: 196 additions & 65 deletions
diff --git a/‎agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/netlib/model/networkinterface/networkinterface.go
Lines changed: 15 additions & 2 deletions b/‎agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/netlib/model/networkinterface/networkinterface.go
Lines changed: 15 additions & 2 deletions
@@ -114,11 +114,21 @@ func newIPAMConfig(cfg *Config) (IPAMConfig, error) {
 
 // NewVPCENINetworkConfig creates a new vpc-eni CNI plugin configuration.
 func NewVPCENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *libcni.NetworkConfig, error) {
+	gatewayIPAddresses := []string{eni.GetSubnetGatewayIPv4Address()}
+	if eni.IPv6Only() {
+		// Populate IPv6 Subnet Gateway address only for IPv6-only case as historically it hasn't
+		// been populated for dual-stack case.
+		if eni.GetSubnetGatewayIPv6Address() == "" {
+			return "", nil, fmt.Errorf("task ENI is IPv6-only but has no IPv6 subnet gateway address")
+		}
+		gatewayIPAddresses = []string{eni.GetSubnetGatewayIPv6Address()}
+	}
+
 	eniConf := VPCENIPluginConfig{
 		Type:               VPCENIPluginName,
 		ENIMACAddress:      eni.MacAddress,
 		ENIIPAddresses:     eni.GetIPAddressesWithPrefixLength(),
-		GatewayIPAddresses: []string{eni.GetSubnetGatewayIPv4Address()},
+		GatewayIPAddresses: gatewayIPAddresses,
 		BlockIMDS:          cfg.BlockInstanceMetadata,
 	}
 
@@ -132,13 +142,23 @@ func NewVPCENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *lib
 
 // NewBranchENINetworkConfig creates a new branch ENI CNI network configuration.
 func NewBranchENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *libcni.NetworkConfig, error) {
+	gatewayIPAddresses := []string{eni.GetSubnetGatewayIPv4Address()}
+	if eni.IPv6Only() {
+		// Populate IPv6 Subnet Gateway address only for IPv6-only case as historically it hasn't
+		// been populated for dual-stack case.
+		if eni.GetSubnetGatewayIPv6Address() == "" {
+			return "", nil, fmt.Errorf("task ENI is IPv6-only but has no IPv6 subnet gateway address")
+		}
+		gatewayIPAddresses = []string{eni.GetSubnetGatewayIPv6Address()}
+	}
+
 	eniConf := BranchENIConfig{
 		Type:                  ECSBranchENIPluginName,
 		TrunkMACAddress:       eni.InterfaceVlanProperties.TrunkInterfaceMacAddress,
 		BranchVlanID:          eni.InterfaceVlanProperties.VlanID,
 		BranchMACAddress:      eni.MacAddress,
 		IPAddresses:           eni.GetIPAddressesWithPrefixLength(),
-		GatewayIPAddresses:    []string{eni.GetSubnetGatewayIPv4Address()},
+		GatewayIPAddresses:    gatewayIPAddresses,
 		BlockInstanceMetadata: cfg.BlockInstanceMetadata,
 		InterfaceType:         vpcCNIPluginInterfaceType,
 	}
 
@@ -492,84 +492,215 @@ func TestReleaseIPInIPAM(t *testing.T) {
 // TestConstructVPCENINetworkConfig tests that NewVPCENINetworkConfig creates the correct
 // configuration for vpc-eni plugin
 func TestConstructVPCENINetworkConfig(t *testing.T) {
-	config := &Config{
-		ContainerID:           "containerid12",
-		ContainerPID:          "pid",
-		BlockInstanceMetadata: true,
-	}
-
-	eniName, eniNetworkConfig, err := NewVPCENINetworkConfig(
-		&ni.NetworkInterface{
-			ID: eniID,
-			IPV4Addresses: []*ni.IPV4Address{
-				{Address: ipv4Address, Primary: true},
-			},
-			IPV6Addresses: []*ni.IPV6Address{
-				{
-					Address: ipv6Address,
+	tests := []struct {
+		name          string
+		iface         *ni.NetworkInterface
+		expectedError string
+		expected      VPCENIPluginConfig
+	}{
+		{
+			name: "Dual stack - IPv6 subnet gateway is ignored due to historical reasons",
+			iface: &ni.NetworkInterface{
+				ID:            eniID,
+				IPV4Addresses: []*ni.IPV4Address{{Address: ipv4Address}},
+				IPV6Addresses: []*ni.IPV6Address{
+					{
+						Address: ipv6Address,
+					},
 				},
+				MacAddress:               eniMACAddress,
+				SubnetGatewayIPV4Address: eniSubnetGatewayIPV4Address,
+				SubnetGatewayIPV6Address: "1:2:3:4::1",
+			},
+			expected: VPCENIPluginConfig{
+				Type:               "vpc-eni",
+				ENIIPAddresses:     []string{eniIPV4AddressWithBlockSize, eniIPV6AddressWithBlockSize},
+				ENIMACAddress:      eniMACAddress,
+				BlockIMDS:          true,
+				GatewayIPAddresses: []string{eniSubnetGatewayIPV4AddressWithoutBlockSize},
 			},
-			MacAddress:               eniMACAddress,
-			SubnetGatewayIPV4Address: eniSubnetGatewayIPV4Address,
 		},
-		config)
-	require.NoError(t, err, "Failed to construct eni network config")
-	assert.Equal(t, "eth0", eniName)
-	eniConfig := &VPCENIPluginConfig{}
-	err = json.Unmarshal(eniNetworkConfig.Bytes, eniConfig)
-	require.NoError(t, err, "unmarshal config from bytes failed")
-	assert.Equal(t, &VPCENIPluginConfig{
-		Type:               "vpc-eni",
-		ENIIPAddresses:     []string{eniIPV4AddressWithBlockSize, eniIPV6AddressWithBlockSize},
-		ENIMACAddress:      eniMACAddress,
-		BlockIMDS:          true,
-		GatewayIPAddresses: []string{eniSubnetGatewayIPV4AddressWithoutBlockSize},
-	}, eniConfig)
+		{
+			name: "IPv4 only",
+			iface: &ni.NetworkInterface{
+				ID:                       eniID,
+				IPV4Addresses:            []*ni.IPV4Address{{Address: ipv4Address}},
+				MacAddress:               eniMACAddress,
+				SubnetGatewayIPV4Address: eniSubnetGatewayIPV4Address,
+			},
+			expected: VPCENIPluginConfig{
+				Type:               "vpc-eni",
+				ENIIPAddresses:     []string{eniIPV4AddressWithBlockSize},
+				ENIMACAddress:      eniMACAddress,
+				BlockIMDS:          true,
+				GatewayIPAddresses: []string{eniSubnetGatewayIPV4AddressWithoutBlockSize},
+			},
+		},
+		{
+			name: "IPv6 only",
+			iface: &ni.NetworkInterface{
+				ID:                       eniID,
+				IPV6Addresses:            []*ni.IPV6Address{{Address: ipv6Address}},
+				MacAddress:               eniMACAddress,
+				SubnetGatewayIPV6Address: "1:2:3:4::1",
+			},
+			expected: VPCENIPluginConfig{
+				Type:               "vpc-eni",
+				ENIIPAddresses:     []string{eniIPV6AddressWithBlockSize},
+				ENIMACAddress:      eniMACAddress,
+				BlockIMDS:          true,
+				GatewayIPAddresses: []string{"1:2:3:4::1"},
+			},
+		},
+		{
+			name: "IPv6 only - no subnet gateway address",
+			iface: &ni.NetworkInterface{
+				ID:            eniID,
+				IPV6Addresses: []*ni.IPV6Address{{Address: ipv6Address}},
+				MacAddress:    eniMACAddress,
+			},
+			expectedError: "task ENI is IPv6-only but has no IPv6 subnet gateway address",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			config := &Config{
+				ContainerID:           "containerid12",
+				ContainerPID:          "pid",
+				BlockInstanceMetadata: true,
+			}
+			eniName, eniNetworkConfig, err := NewVPCENINetworkConfig(tt.iface, config)
+			if tt.expectedError != "" {
+				assert.EqualError(t, err, tt.expectedError)
+			} else {
+				require.NoError(t, err, "Failed to construct eni network config")
+				assert.Equal(t, "eth0", eniName)
+				eniConfig := &VPCENIPluginConfig{}
+				err = json.Unmarshal(eniNetworkConfig.Bytes, eniConfig)
+				require.NoError(t, err, "unmarshal config from bytes failed")
+				assert.Equal(t, tt.expected, *eniConfig)
+			}
+		})
+	}
 }
 
 // TestConstructBranchENINetworkConfig tests createBranchENINetworkConfig creates the correct
 // configuration for eni plugin
 func TestConstructBranchENINetworkConfig(t *testing.T) {
-	config := &Config{
-		ContainerID:           "containerid12",
-		ContainerPID:          "pid",
-		BlockInstanceMetadata: true,
-	}
-
-	eniName, eniNetworkConfig, err := NewBranchENINetworkConfig(
-		&ni.NetworkInterface{
-			ID: eniID,
-			IPV4Addresses: []*ni.IPV4Address{
-				{Address: ipv4Address, Primary: true},
+	tests := []struct {
+		name          string
+		iface         *ni.NetworkInterface
+		expected      BranchENIConfig
+		expectedError string
+	}{
+		{
+			name: "dual stack - IPv6 subnet gateway is ignored due to historical reasons",
+			iface: &ni.NetworkInterface{
+				ID:                       eniID,
+				IPV4Addresses:            []*ni.IPV4Address{{Address: ipv4Address}},
+				IPV6Addresses:            []*ni.IPV6Address{{Address: ipv6Address}},
+				MacAddress:               eniMACAddress,
+				SubnetGatewayIPV4Address: eniSubnetGatewayIPV4Address,
+				SubnetGatewayIPV6Address: "1:2:3:4::1",
+				InterfaceVlanProperties: &ni.InterfaceVlanProperties{
+					TrunkInterfaceMacAddress: trunkENIMACAddress,
+					VlanID:                   branchENIVLANID,
+				},
 			},
-			IPV6Addresses: []*ni.IPV6Address{
-				{
-					Address: ipv6Address,
+			expected: BranchENIConfig{
+				Type:                  "vpc-branch-eni",
+				IPAddresses:           []string{eniIPV4AddressWithBlockSize, eniIPV6AddressWithBlockSize},
+				BranchMACAddress:      eniMACAddress,
+				BlockInstanceMetadata: true,
+				GatewayIPAddresses:    []string{eniSubnetGatewayIPV4AddressWithoutBlockSize},
+				TrunkMACAddress:       trunkENIMACAddress,
+				BranchVlanID:          branchENIVLANID,
+				InterfaceType:         "vlan",
+			},
+		},
+		{
+			name: "IPv4 only",
+			iface: &ni.NetworkInterface{
+				ID:                       eniID,
+				IPV4Addresses:            []*ni.IPV4Address{{Address: ipv4Address}},
+				MacAddress:               eniMACAddress,
+				SubnetGatewayIPV4Address: eniSubnetGatewayIPV4Address,
+				InterfaceVlanProperties: &ni.InterfaceVlanProperties{
+					TrunkInterfaceMacAddress: trunkENIMACAddress,
+					VlanID:                   branchENIVLANID,
 				},
 			},
-			MacAddress:               eniMACAddress,
-			SubnetGatewayIPV4Address: eniSubnetGatewayIPV4Address,
-			InterfaceVlanProperties: &ni.InterfaceVlanProperties{
-				TrunkInterfaceMacAddress: trunkENIMACAddress,
-				VlanID:                   branchENIVLANID,
+			expected: BranchENIConfig{
+				Type:                  "vpc-branch-eni",
+				IPAddresses:           []string{eniIPV4AddressWithBlockSize},
+				BranchMACAddress:      eniMACAddress,
+				BlockInstanceMetadata: true,
+				GatewayIPAddresses:    []string{eniSubnetGatewayIPV4AddressWithoutBlockSize},
+				TrunkMACAddress:       trunkENIMACAddress,
+				BranchVlanID:          branchENIVLANID,
+				InterfaceType:         "vlan",
 			},
 		},
-		config)
-	require.NoError(t, err, "Failed to construct eni network config")
-	assert.Equal(t, "eth0", eniName)
-	branchENIConfig := &BranchENIConfig{}
-	err = json.Unmarshal(eniNetworkConfig.Bytes, branchENIConfig)
-	require.NoError(t, err, "unmarshal config from bytes failed")
-	assert.Equal(t, &BranchENIConfig{
-		Type:                  "vpc-branch-eni",
-		IPAddresses:           []string{eniIPV4AddressWithBlockSize, eniIPV6AddressWithBlockSize},
-		BranchMACAddress:      eniMACAddress,
-		BlockInstanceMetadata: true,
-		GatewayIPAddresses:    []string{eniSubnetGatewayIPV4AddressWithoutBlockSize},
-		TrunkMACAddress:       trunkENIMACAddress,
-		BranchVlanID:          branchENIVLANID,
-		InterfaceType:         "vlan",
-	}, branchENIConfig)
+		{
+			name: "IPv6 only",
+			iface: &ni.NetworkInterface{
+				ID:                       eniID,
+				IPV6Addresses:            []*ni.IPV6Address{{Address: ipv6Address}},
+				MacAddress:               eniMACAddress,
+				SubnetGatewayIPV6Address: "1:2:3:4::1",
+				InterfaceVlanProperties: &ni.InterfaceVlanProperties{
+					TrunkInterfaceMacAddress: trunkENIMACAddress,
+					VlanID:                   branchENIVLANID,
+				},
+			},
+			expected: BranchENIConfig{
+				Type:                  "vpc-branch-eni",
+				IPAddresses:           []string{eniIPV6AddressWithBlockSize},
+				BranchMACAddress:      eniMACAddress,
+				BlockInstanceMetadata: true,
+				GatewayIPAddresses:    []string{"1:2:3:4::1"},
+				TrunkMACAddress:       trunkENIMACAddress,
+				BranchVlanID:          branchENIVLANID,
+				InterfaceType:         "vlan",
+			},
+		},
+		{
+			name: "IPv6 only - no subnet gateway address found",
+			iface: &ni.NetworkInterface{
+				ID:            eniID,
+				IPV6Addresses: []*ni.IPV6Address{{Address: ipv6Address}},
+				MacAddress:    eniMACAddress,
+				InterfaceVlanProperties: &ni.InterfaceVlanProperties{
+					TrunkInterfaceMacAddress: trunkENIMACAddress,
+					VlanID:                   branchENIVLANID,
+				},
+			},
+			expectedError: "task ENI is IPv6-only but has no IPv6 subnet gateway address",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			config := &Config{
+				ContainerID:           "containerid12",
+				ContainerPID:          "pid",
+				BlockInstanceMetadata: true,
+			}
+
+			eniName, eniNetworkConfig, err := NewBranchENINetworkConfig(tt.iface, config)
+			if tt.expectedError != "" {
+				assert.EqualError(t, err, tt.expectedError)
+			} else {
+				require.NoError(t, err, "Failed to construct eni network config")
+				assert.Equal(t, "eth0", eniName)
+				branchENIConfig := &BranchENIConfig{}
+				err = json.Unmarshal(eniNetworkConfig.Bytes, branchENIConfig)
+				require.NoError(t, err, "unmarshal config from bytes failed")
+				assert.Equal(t, tt.expected, *branchENIConfig)
+			}
+		})
+	}
 }
 
 // TestConstructBridgeNetworkConfigWithoutIPAM tests createBridgeNetworkConfigWithoutIPAM creates the right configuration for bridge plugin