Resolve dualstack endpoints for exec agent for IPv6-only tasks

Author: amogh09

agent/app/agent.go

@@ -347,7 +347,7 @@ func (agent *ecsAgent) start() int {
 		return exitcodes.ExitError
 	}
 	agent.initializeResourceFields(credentialsManager)
-	return agent.doStart(containerChangeEventStream, credentialsManager, state, imageManager, client, execcmd.NewManager())
+	return agent.doStart(containerChangeEventStream, credentialsManager, state, imageManager, client, execcmd.NewManager(agent.cfg))
 }
 
 // doStart is the worker invoked by start for starting the ECS Agent. This involves

agent/engine/common_integ_testutil.go

@@ -119,7 +119,7 @@ func setupGMSALinux(cfg *config.Config, state dockerstate.TaskEngineState, t *te
 
 	taskEngine := NewDockerTaskEngine(cfg, dockerClient, credentialsManager,
 		eventstream.NewEventStream("ENGINEINTEGTEST", context.Background()), imageManager, &hostResourceManager, state, metadataManager,
-		resourceFields, execcmd.NewManager(), engineserviceconnect.NewManager(), daemonManagers)
+		resourceFields, execcmd.NewManager(cfg), engineserviceconnect.NewManager(), daemonManagers)
 	taskEngine.MustInit(context.TODO())
 	return taskEngine, func() {
 		taskEngine.Shutdown()
@@ -278,7 +278,7 @@ func SetupIntegTestTaskEngine(cfg *config.Config, state dockerstate.TaskEngineSt
 
 	taskEngine := NewDockerTaskEngine(cfg, dockerClient, credentialsManager,
 		eventstream.NewEventStream("ENGINEINTEGTEST", context.Background()), imageManager, &hostResourceManager, state, metadataManager,
-		nil, execcmd.NewManager(), engineserviceconnect.NewManager(), daemonManagers)
+		nil, execcmd.NewManager(cfg), engineserviceconnect.NewManager(), daemonManagers)
 	taskEngine.MustInit(context.TODO())
 	return taskEngine, func() {
 		taskEngine.Shutdown()

agent/engine/docker_task_engine.go

@@ -2033,8 +2033,7 @@ func (engine *DockerTaskEngine) createContainer(task *apitask.Task, container *a
 	}
 
 	if execcmd.IsExecEnabledContainer(container) {
-		tID := task.GetID()
-		err := engine.execCmdMgr.InitializeContainer(tID, container, hostConfig)
+		err := engine.execCmdMgr.InitializeContainer(task, container, hostConfig)
 		if err != nil {
 			logger.Warn("Error initializing ExecCommandAgent; proceeding to start container without exec feature", logger.Fields{
 				field.TaskID:    task.GetID(),

agent/engine/engine_sudo_linux_integ_test.go

@@ -296,7 +296,7 @@ func TestExecCommandAgent(t *testing.T) {
 
 	testExecCmdHostBinDir := "/managed-agents/execute-command/bin"
 
-	taskEngine, done, _ := setupEngineForExecCommandAgent(t, testExecCmdHostBinDir)
+	taskEngine, done, _, cfg := setupEngineForExecCommandAgent(t, testExecCmdHostBinDir)
 	stateChangeEvents := taskEngine.StateChangeEvents()
 	defer done()
 
@@ -323,7 +323,7 @@ func TestExecCommandAgent(t *testing.T) {
 	cid := containerMap[testTask.Containers[0].Name].DockerID
 
 	// session limit is 2
-	testConfigFileName, _ := execcmd.GetExecAgentConfigFileName(2)
+	testConfigFileName, _ := execcmd.GetExecAgentConfigFileName(2, cfg, testTask)
 	testLogConfigFileName, _ := execcmd.GetExecAgentLogConfigFile()
 	verifyExecCmdAgentExpectedMounts(t, ctx, client, testTaskId, cid, testContainerName, testExecCmdHostBinDir+"/1.0.0.0", testConfigFileName, testLogConfigFileName)
 	pidA := verifyMockExecCommandAgentIsRunning(t, client, cid)
@@ -391,7 +391,7 @@ func TestManagedAgentEvent(t *testing.T) {
 
 			testExecCmdHostBinDir := "/managed-agents/execute-command/bin"
 
-			taskEngine, done, _ := setupEngineForExecCommandAgent(t, testExecCmdHostBinDir)
+			taskEngine, done, _, _ := setupEngineForExecCommandAgent(t, testExecCmdHostBinDir)
 			defer done()
 
 			testTask := createTestExecCommandAgentTask(testTaskId, testContainerName, time.Minute*tc.ManagedAgentLifetime)
@@ -448,7 +448,9 @@ func createTestExecCommandAgentTask(taskId, containerName string, sleepFor time.
 // setupEngineForExecCommandAgent creates a new TaskEngine with a custom execcmd.Manager that will attempt to read the
 // host binaries from the directory passed as parameter (as opposed to the default directory).
 // Additionally, it overrides the engine's monitorExecAgentsInterval to one second.
-func setupEngineForExecCommandAgent(t *testing.T, hostBinDir string) (TaskEngine, func(), credentials.Manager) {
+func setupEngineForExecCommandAgent(
+	t *testing.T, hostBinDir string,
+) (TaskEngine, func(), credentials.Manager, *config.Config) {
 	ctx, cancel := context.WithCancel(context.TODO())
 	defer cancel()
 
@@ -465,7 +467,7 @@ func setupEngineForExecCommandAgent(t *testing.T, hostBinDir string) (TaskEngine
 	imageManager := NewImageManager(cfg, dockerClient, state)
 	imageManager.SetDataClient(data.NewNoopClient())
 	metadataManager := containermetadata.NewManager(dockerClient, cfg)
-	execCmdMgr := execcmd.NewManagerWithBinDir(hostBinDir)
+	execCmdMgr := execcmd.NewManagerWithBinDir(hostBinDir, cfg)
 	hostResources := getTestHostResources()
 	hostResourceManager := NewHostResourceManager(hostResources)
 	daemonManagers := getTestDaemonManagers()
@@ -477,7 +479,7 @@ func setupEngineForExecCommandAgent(t *testing.T, hostBinDir string) (TaskEngine
 	taskEngine.MustInit(context.TODO())
 	return taskEngine, func() {
 		taskEngine.Shutdown()
-	}, credentialsManager
+	}, credentialsManager, cfg
 }
 
 const (

agent/engine/engine_windows_integ_test.go

@@ -576,7 +576,7 @@ func setupGMSA(cfg *config.Config, state dockerstate.TaskEngineState, t *testing
 
 	taskEngine := NewDockerTaskEngine(cfg, dockerClient, credentialsManager,
 		eventstream.NewEventStream("ENGINEINTEGTEST", context.Background()), imageManager, &hostResourceManager, state, metadataManager,
-		resourceFields, execcmd.NewManager(), engineserviceconnect.NewManager(), getTestDaemonManagers())
+		resourceFields, execcmd.NewManager(cfg), engineserviceconnect.NewManager(), getTestDaemonManagers())
 	taskEngine.MustInit(context.TODO())
 	return taskEngine, func() {
 		taskEngine.Shutdown()
@@ -814,7 +814,7 @@ func setupEngineForExecCommandAgent(t *testing.T, hostBinDir string) (TaskEngine
 	imageManager := NewImageManager(cfg, dockerClient, state)
 	imageManager.SetDataClient(data.NewNoopClient())
 	metadataManager := containermetadata.NewManager(dockerClient, cfg)
-	execCmdMgr := execcmd.NewManagerWithBinDir(hostBinDir)
+	execCmdMgr := execcmd.NewManagerWithBinDir(hostBinDir, cfg)
 	hostResources := getTestHostResources()
 	hostResourceManager := NewHostResourceManager(hostResources)
 

agent/engine/execcmd/manager.go

@@ -20,6 +20,7 @@ import (
 
 	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
 	apitask "github.com/aws/amazon-ecs-agent/agent/api/task"
+	"github.com/aws/amazon-ecs-agent/agent/config"
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi"
 
 	"github.com/aws/aws-sdk-go-v2/service/ecs/types"
@@ -66,7 +67,7 @@ func (e StartError) Retry() bool {
 }
 
 type Manager interface {
-	InitializeContainer(taskId string, container *apicontainer.Container, hostConfig *dockercontainer.HostConfig) error
+	InitializeContainer(task *apitask.Task, container *apicontainer.Container, hostConfig *dockercontainer.HostConfig) error
 	StartAgent(ctx context.Context, client dockerapi.DockerClient, task *apitask.Task, container *apicontainer.Container, containerId string) error
 	RestartAgentIfStopped(ctx context.Context, client dockerapi.DockerClient, task *apitask.Task, container *apicontainer.Container, containerId string) (RestartStatus, error)
 }
@@ -77,20 +78,22 @@ type manager struct {
 	retryMinDelay       time.Duration
 	startRetryTimeout   time.Duration
 	inspectRetryTimeout time.Duration
+	agentConfig         *config.Config
 }
 
-func NewManager() *manager {
+func NewManager(cfg *config.Config) *manager {
 	return &manager{
 		hostBinDir:          HostBinDir,
 		retryMaxDelay:       defaultRetryMaxDelay,
 		retryMinDelay:       defaultRetryMinDelay,
 		startRetryTimeout:   defaultStartRetryTimeout,
 		inspectRetryTimeout: defaultInspectRetryTimeout,
+		agentConfig:         cfg,
 	}
 }
 
-func NewManagerWithBinDir(hostBinDir string) *manager {
-	m := NewManager()
+func NewManagerWithBinDir(hostBinDir string, cfg *config.Config) *manager {
+	m := NewManager(cfg)
 	m.hostBinDir = hostBinDir
 	return m
 }

agent/engine/execcmd/manager_init_task.go

@@ -30,6 +30,7 @@ import (
 	dockercontainer "github.com/docker/docker/api/types/container"
 
 	apicontainer "github.com/aws/amazon-ecs-agent/agent/api/container"
+	apitask "github.com/aws/amazon-ecs-agent/agent/api/task"
 	"github.com/pborman/uuid"
 )
 
@@ -50,14 +51,29 @@ var (
 	execAgentConfigTemplate = `{
 	"Mgs": {
 		"Region": "",
-		"Endpoint": "",
+		"Endpoint": "%s",
 		"StopTimeoutMillis": 20000,
 		"SessionWorkersLimit": %d
 	},
 	"Agent": {
 		"Region": "",
 		"OrchestrationRootDir": "",
 		"ContainerMode": true
+	},
+	"Ssm": {
+		"Endpoint": "%s"
+	},
+	"Mds": {
+		"Endpoint": "%s"
+	},
+	"S3": {
+		"Endpoint": "%s"
+	},
+	"Kms": {
+		"Endpoint": "%s"
+	},
+	"CloudWatch": {
+		"Endpoint": "%s"
 	}
 }`
 
@@ -66,7 +82,9 @@ var (
 
 // InitializeContainer adds the necessary bind mounts in order for the ExecCommandAgent to run properly in the container
 // TODO: [ecs-exec] Should we validate the ssm agent binaries & certs are valid and fail here if they're not? (bind mount will succeed even if files don't exist in host)
-func (m *manager) InitializeContainer(taskId string, container *apicontainer.Container, hostConfig *dockercontainer.HostConfig) (rErr error) {
+func (m *manager) InitializeContainer(
+	task *apitask.Task, container *apicontainer.Container, hostConfig *dockercontainer.HostConfig,
+) (rErr error) {
 	defer func() {
 		if rErr != nil {
 			container.UpdateManagedAgentByName(ExecuteCommandAgentName, apicontainer.ManagedAgentState{
@@ -89,7 +107,8 @@ func (m *manager) InitializeContainer(taskId string, container *apicontainer.Con
 		return rErr
 	}
 
-	rErr = addRequiredBindMounts(taskId, cn, latestBinVersionDir, uuid, sessionWorkersLimit, hostConfig)
+	rErr = addRequiredBindMounts(task, cn, latestBinVersionDir, uuid, sessionWorkersLimit,
+		hostConfig, m.agentConfig)
 	if rErr != nil {
 		return rErr
 	}