Include IPv6 address in TMDS v4 container metadata response

amogh09 · amogh09 · commit 4e8633c2be67 · 2025-04-18T19:06:30.000Z
diff --git a/agent/handlers/task_server_setup_test.go b/agent/handlers/task_server_setup_test.go
@@ -66,6 +66,7 @@ import (
 	smithy "github.com/aws/smithy-go"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/network"
 	"github.com/golang/mock/gomock"
 	"github.com/gorilla/mux"
 	"github.com/stretchr/testify/assert"
@@ -542,6 +543,90 @@ func standardHostTask() *apitask.Task {
 	return task
 }
 
+func standardBridgeTask() *apitask.Task {
+	container1 = &apicontainer.Container{
+		Name:                containerName,
+		Image:               imageName,
+		ImageID:             imageID,
+		DesiredStatusUnsafe: apicontainerstatus.ContainerRunning,
+		KnownStatusUnsafe:   apicontainerstatus.ContainerRunning,
+		CPU:                 cpu,
+		Memory:              memory,
+		Type:                apicontainer.ContainerNormal,
+		KnownPortBindingsUnsafe: []apicontainer.PortBinding{
+			{
+				ContainerPort: containerPort,
+				Protocol:      apicontainer.TransportProtocolTCP,
+			},
+		},
+		NetworkModeUnsafe: bridgeMode,
+		NetworkSettingsUnsafe: &types.NetworkSettings{
+			DefaultNetworkSettings: types.DefaultNetworkSettings{
+				IPAddress: bridgeIPAddr,
+			},
+		},
+	}
+	container1.SetLabels(labels)
+	return &apitask.Task{
+		Arn:                      taskARN,
+		Associations:             []apitask.Association{association},
+		Containers:               []*apicontainer.Container{container1},
+		Family:                   family,
+		Version:                  version,
+		DesiredStatusUnsafe:      apitaskstatus.TaskRunning,
+		KnownStatusUnsafe:        apitaskstatus.TaskRunning,
+		CPU:                      cpu,
+		Memory:                   memory,
+		PullStartedAtUnsafe:      now,
+		PullStoppedAtUnsafe:      now,
+		ExecutionStoppedAtUnsafe: now,
+		LaunchType:               "EC2",
+		NetworkMode:              bridgeMode,
+	}
+}
+
+func standardBridgeDockerContainer() *apicontainer.DockerContainer {
+	return &apicontainer.DockerContainer{
+		DockerID:   containerID,
+		DockerName: containerName,
+		Container:  standardBridgeTask().Containers[0],
+	}
+}
+
+func standardV4BridgeContainerResponse() *v4.ContainerResponse {
+	return &v4.ContainerResponse{
+		ContainerResponse: &v2.ContainerResponse{ID: containerID,
+			Name:          containerName,
+			DockerName:    containerName,
+			Image:         imageName,
+			ImageID:       imageID,
+			DesiredStatus: statusRunning,
+			KnownStatus:   statusRunning,
+			Limits: v2.LimitsResponse{
+				CPU:    aws.Float64(cpu),
+				Memory: aws.Int64(memory),
+			},
+			Type:   containerType,
+			Labels: labels,
+			Ports: []tmdsresponse.PortResponse{
+				{
+					ContainerPort: containerPort,
+					Protocol:      containerPortProtocol,
+				},
+			},
+		},
+		Networks: []v4.Network{
+			{
+				Network: tmdsresponse.Network{
+					NetworkMode:   bridgeMode,
+					IPv4Addresses: []string{bridgeIPAddr},
+				},
+				NetworkInterfaceProperties: v4.NetworkInterfaceProperties{},
+			},
+		},
+	}
+}
+
 // Returns a standard v2 task response. This getter function protects against tests mutating the
 // response.
 func expectedTaskResponse() v2.TaskResponse {
@@ -2002,6 +2087,55 @@ func TestV4ContainerMetadata(t *testing.T) {
 			expectedResponseBody: expectedV4BridgeContainerResponse,
 		})
 	})
+	t.Run("happy case bridge mode including IPv6 from network settings", func(t *testing.T) {
+		bridgeTask := standardBridgeTask()
+		bridgeContainer := standardBridgeDockerContainer()
+		networkSettings := bridgeContainer.Container.GetNetworkSettings()
+		networkSettings.GlobalIPv6Address = "5:6:7:8::"
+		bridgeContainer.Container.SetNetworkSettings(networkSettings)
+
+		expectedResponse := standardV4BridgeContainerResponse()
+		expectedNetwork := expectedResponse.Networks[0]
+		expectedNetwork.Network.IPv6Addresses = []string{"5:6:7:8::"}
+		expectedResponse.Networks = []v4.Network{{Network: expectedNetwork.Network}}
+
+		testTMDSRequest(t, TMDSTestCase[v4.ContainerResponse]{
+			path: v4BasePath + v3EndpointID,
+			setStateExpectations: func(state *mock_dockerstate.MockTaskEngineState) {
+				state.EXPECT().ContainerByID(containerID).Return(bridgeContainer, true).AnyTimes()
+				state.EXPECT().DockerIDByV3EndpointID(v3EndpointID).Return(containerID, true)
+				state.EXPECT().TaskByID(containerID).Return(bridgeTask, true)
+			},
+			expectedStatusCode:   http.StatusOK,
+			expectedResponseBody: *expectedResponse,
+		})
+	})
+	t.Run("happy case bridge mode including IPv6 from docker networks", func(t *testing.T) {
+		bridgeTask := standardBridgeTask()
+		bridgeContainer := standardBridgeDockerContainer()
+		bridgeContainer.Container.SetNetworkSettings(&types.NetworkSettings{
+			Networks: map[string]*network.EndpointSettings{
+				"bridge": {IPAddress: "1.2.3.4", GlobalIPv6Address: "5:6:7:8::"},
+			},
+		})
+
+		expectedResponse := standardV4BridgeContainerResponse()
+		expectedNetwork := expectedResponse.Networks[0]
+		expectedNetwork.Network.IPv4Addresses = []string{"1.2.3.4"}
+		expectedNetwork.Network.IPv6Addresses = []string{"5:6:7:8::"}
+		expectedResponse.Networks = []v4.Network{{Network: expectedNetwork.Network}}
+
+		testTMDSRequest(t, TMDSTestCase[v4.ContainerResponse]{
+			path: v4BasePath + v3EndpointID,
+			setStateExpectations: func(state *mock_dockerstate.MockTaskEngineState) {
+				state.EXPECT().ContainerByID(containerID).Return(bridgeContainer, true).AnyTimes()
+				state.EXPECT().DockerIDByV3EndpointID(v3EndpointID).Return(containerID, true)
+				state.EXPECT().TaskByID(containerID).Return(bridgeTask, true)
+			},
+			expectedStatusCode:   http.StatusOK,
+			expectedResponseBody: *expectedResponse,
+		})
+	})
 }
 
 func TestV4TaskMetadata(t *testing.T) {
diff --git a/agent/handlers/v4/container_metadata_handler.go b/agent/handlers/v4/container_metadata_handler.go
@@ -37,6 +37,7 @@ func GetContainerNetworkMetadata(containerID string, state dockerstate.TaskEngin
 	// We get the NetworkMode (Network interface name) from the HostConfig because this
 	// this is the network with which the container is created
 	ipv4AddressFromSettings := settings.IPAddress
+	ipv6AddressFromSettings := settings.GlobalIPv6Address
 	networkModeFromHostConfig := dockerContainer.Container.GetNetworkMode()
 
 	// Extensive Network information is not available for Docker API versions 1.17-1.20
@@ -46,12 +47,32 @@ func GetContainerNetworkMetadata(containerID string, state dockerstate.TaskEngin
 		for modeFromSettings, containerNetwork := range settings.Networks {
 			networkMode := modeFromSettings
 			ipv4Addresses := []string{containerNetwork.IPAddress}
-			network := tmdsv4.Network{Network: tmdsresponse.Network{NetworkMode: networkMode, IPv4Addresses: ipv4Addresses}}
+			var ipv6Addresses []string
+			if containerNetwork.GlobalIPv6Address != "" {
+				ipv6Addresses = []string{containerNetwork.GlobalIPv6Address}
+			}
+			network := tmdsv4.Network{
+				Network: tmdsresponse.Network{
+					NetworkMode:   networkMode,
+					IPv4Addresses: ipv4Addresses,
+					IPv6Addresses: ipv6Addresses,
+				},
+			}
 			networks = append(networks, network)
 		}
 	} else {
 		ipv4Addresses := []string{ipv4AddressFromSettings}
-		network := tmdsv4.Network{Network: tmdsresponse.Network{NetworkMode: networkModeFromHostConfig, IPv4Addresses: ipv4Addresses}}
+		var ipv6Addresses []string
+		if ipv6AddressFromSettings != "" {
+			ipv6Addresses = []string{ipv6AddressFromSettings}
+		}
+		network := tmdsv4.Network{
+			Network: tmdsresponse.Network{
+				NetworkMode:   networkModeFromHostConfig,
+				IPv4Addresses: ipv4Addresses,
+				IPv6Addresses: ipv6Addresses,
+			},
+		}
 		networks = append(networks, network)
 	}
 	return networks, nil
