From b924609c1ef938dfbb16c2327cbae323222e923a Mon Sep 17 00:00:00 2001
From: Anuj Singh <singholt@amazon.com>
Date: Mon, 12 Dec 2022 17:34:56 -0500
Subject: [PATCH] potential SC bugfix

---
 agent/api/ecsclient/client.go |  1 +
 agent/api/task/task.go        | 11 ++++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/agent/api/ecsclient/client.go b/agent/api/ecsclient/client.go
index e588722a6b7..22af0fbf169 100644
--- a/agent/api/ecsclient/client.go
+++ b/agent/api/ecsclient/client.go
@@ -532,6 +532,7 @@ func getNetworkBindings(change api.ContainerStateChange, shouldExcludeIPv6PortBi
 	// ContainerPortSet consists of singular ports, and ports that belong to a range, but for which we were not able to
 	// find contiguous host ports and ask docker to pick instead.
 	containerPortSet := change.Container.GetContainerPortSet()
+	seelog.Infof("ContainerPortSet used to generate network bindings: %v", containerPortSet)
 	// each entry in the ContainerPortRangeMap implies that we found a contiguous host port range for the same
 	containerPortRangeMap := change.Container.GetContainerPortRangeMap()
 
diff --git a/agent/api/task/task.go b/agent/api/task/task.go
index 2c73c784350..4153c6fb420 100644
--- a/agent/api/task/task.go
+++ b/agent/api/task/task.go
@@ -2338,6 +2338,8 @@ func (task *Task) dockerPortMap(container *apicontainer.Container) (nat.PortMap,
 	dockerPortMap := nat.PortMap{}
 	scContainer := task.GetServiceConnectContainer()
 	containerToCheck := container
+	containerPortSet := make(map[int]struct{})
+	containerPortRangeMap := make(map[string]string)
 	if task.IsServiceConnectEnabled() && task.IsNetworkModeBridge() {
 		if container.Type == apicontainer.ContainerCNIPause {
 			// we will create bindings for task containers (including both customer containers and SC Appnet container)
@@ -2352,12 +2354,17 @@ func (task *Task) dockerPortMap(container *apicontainer.Container) (nat.PortMap,
 				// create bindings for all ingress listener ports
 				// no need to create binding for egress listener port as it won't be access from host level or from outside
 				for _, ic := range task.ServiceConnectConfig.IngressConfig {
-					dockerPort := nat.Port(strconv.Itoa(int(ic.ListenerPort))) + "/tcp"
+					listenerPortInt := int(ic.ListenerPort)
+					dockerPort := nat.Port(strconv.Itoa(listenerPortInt)) + "/tcp"
 					hostPort := 0           // default bridge-mode SC experience - host port will be an ephemeral port assigned by docker
 					if ic.HostPort != nil { // non-default bridge-mode SC experience - host port specified by customer
 						hostPort = int(*ic.HostPort)
 					}
 					dockerPortMap[dockerPort] = append(dockerPortMap[dockerPort], nat.PortBinding{HostPort: strconv.Itoa(hostPort)})
+					// append non-range, singular container port to the containerPortSet
+					containerPortSet[listenerPortInt] = struct{}{}
+					// set Container.ContainerPortSet to be used during network binding creation
+					taskContainer.SetContainerPortSet(containerPortSet)
 				}
 				return dockerPortMap, nil
 			}
@@ -2370,8 +2377,6 @@ func (task *Task) dockerPortMap(container *apicontainer.Container) (nat.PortMap,
 		}
 	}
 
-	containerPortSet := make(map[int]struct{})
-	containerPortRangeMap := make(map[string]string)
 	for _, portBinding := range containerToCheck.Ports {
 		// for each port binding config, either one of containerPort or containerPortRange is set
 		if portBinding.ContainerPort != 0 {