-`image` (String) The ID of the image to back this container. The easiest way to get this value is to use the `docker_image` resource as is shown in the example.
-`attach` (Boolean) If `true` attach to the container after its creation and waits the end of its execution. Defaults to `false`.
-`capabilities` (Block Set, Max: 1) Add or drop certrain linux capabilities. (see [below for nested schema](#nestedblock--capabilities))
-`command` (List of String) The command to use to start the container. For example, to run `/usr/bin/myprogram -f baz.conf` set the command to be `["/usr/bin/myprogram","-","baz.con"]`.
-`cpu_set` (String) A comma-separated list or hyphen-separated range of CPUs a container can use, e.g. `0-1`.
-`cpu_shares` (Number) CPU shares (relative weight) for the container.
-`destroy_grace_seconds` (Number) If defined will attempt to stop the container before destroying. Container will be destroyed after `n` seconds or on successful stop.
-`devices` (Block Set) Bind devices to the container. (see [below for nested schema](#nestedblock--devices))
-`dns` (Set of String) DNS servers to use.
-`dns_opts` (Set of String) DNS options used by the DNS provider(s), see `resolv.conf` documentation for valid list of options.
-`dns_search` (Set of String) DNS search domains that are used when bare unqualified hostnames are used inside of the container.
-`domainname` (String) Domain name of the container.
-`entrypoint` (List of String) The command to use as the Entrypoint for the container. The Entrypoint allows you to configure a container to run as an executable. For example, to run `/usr/bin/myprogram` when starting a container, set the entrypoint to be `"/usr/bin/myprogra"]`.
-`env` (Set of String) Environment variables to set in the form of `KEY=VALUE`, e.g. `DEBUG=0`
-`group_add` (Set of String) Additional groups for the container user
-`healthcheck` (Block List, Max: 1) A test to perform to check that the container is healthy (see [below for nested schema](#nestedblock--healthcheck))
-`host` (Block Set) Additional hosts to add to the container. (see [below for nested schema](#nestedblock--host))
-`hostname` (String) Hostname of the container.
-`init` (Boolean) Configured whether an init process should be injected for this container. If unset this will default to the `dockerd` defaults.
-`ipc_mode` (String) IPC sharing mode for the container. Possible values are: `none`, `private`, `shareable`, `container:<name|id>` or `host`.
-`labels` (Block Set) User-defined key/value metadata (see [below for nested schema](#nestedblock--labels))
-`links` (Set of String, Deprecated) Set of links for link based connectivity between containers that are running on the same host.
-`log_driver` (String) The logging driver to use for the container.
-`log_opts` (Map of String) Key/value pairs to use as options for the logging driver.
-`logs` (Boolean) Save the container logs (`attach` must be enabled). Defaults to `false`.
-`max_retry_count` (Number) The maximum amount of times to an attempt a restart when `restart` is set to 'on-failure'.
-`memory` (Number) The memory limit for the container in MBs.
-`memory_swap` (Number) The total memory limit (memory + swap) for the container in MBs. This setting may compute to `-1` after `terraform apply` if the target host doesn't support memory swap, when that is the case docker will use a soft limitation.
-`mounts` (Block Set) Specification for mounts to be added to containers created as part of the service. (see [below for nested schema](#nestedblock--mounts))
-`must_run` (Boolean) If `true`, then the Docker container will be kept running. If `false`, then as long as the container exists, Terraform assumes it is successful. Defaults to `true`.
-`network_alias` (Set of String, Deprecated) Set an alias for the container in all specified networks
-`network_mode` (String) Network mode of the container.
-`networks` (Set of String, Deprecated) ID of the networks in which the container is.
-`networks_advanced` (Block Set) The networks the container is attached to (see [below for nested schema](#nestedblock--networks_advanced))
-`pid_mode` (String) he PID (Process) Namespace mode for the container. Either `container:<name|id>` or `host`.
-`ports` (Block List) Publish a container's port(s) to the host. (see [below for nested schema](#nestedblock--ports))
-`privileged` (Boolean) If `true`, the container runs in privileged mode.
-`publish_all_ports` (Boolean) Publish all ports of the container.
-`read_only` (Boolean) If `true`, the container will be started as readonly. Defaults to `false`.
-`remove_volumes` (Boolean) If `true`, it will remove anonymous volumes associated with the container. Defaults to `true`.
-`restart` (String) The restart policy for the container. Must be one of 'no', 'on-failure', 'always', 'unless-stopped'. Defaults to `no`.
-`rm` (Boolean) If `true`, then the container will be automatically removed when it exits. Defaults to `false`.
-`security_opts` (Set of String) List of string values to customize labels for MLS systems, such as SELinux. See https://docs.docker.com/engine/reference/run/#security-configuration.
-`shm_size` (Number) Size of `/dev/shm` in MBs.
-`start` (Boolean) If `true`, then the Docker container will be started after creation. If `false`, then the container is only created. Defaults to `true`.
-`stdin_open` (Boolean) If `true`, keep STDIN open even if not attached (`docker run -i`). Defaults to `false`.
-`storage_opts` (Map of String) Key/value pairs for the storage driver options, e.g. `size`: `120G`
-`sysctls` (Map of String) A map of kernel parameters (sysctls) to set in the container.
-`tmpfs` (Map of String) A map of container directories which should be replaced by `tmpfs mounts`, and their corresponding mount options.
-`tty` (Boolean) If `true`, allocate a pseudo-tty (`docker run -t`). Defaults to `false`.
-`ulimit` (Block Set) Ulimit options to add. (see [below for nested schema](#nestedblock--ulimit))
-`upload` (Block Set) Specifies files to upload to the container before starting it. Only one of `content` or `content_base64` can be set and at least one of them has to be set. (see [below for nested schema](#nestedblock--upload))
-`user` (String) User used for run the first process. Format is `user` or `user:group` which user and group can be passed literraly or by name.
-`userns_mode` (String) Sets the usernamespace mode for the container when usernamespace remapping option is enabled.
-`volumes` (Block Set) Spec for mounting volumes in the container. (see [below for nested schema](#nestedblock--volumes))
-`working_dir` (String) The working directory for commands to run in.
-`test` (List of String) Command to run to check health. For example, to run `curl -f localhost/health` set the command to be `["CMD", "curl", "-f", "localhost/health"]`.
-`bind_options` (Block List, Max: 1) Optional configuration for the bind type. (see [below for nested schema](#nestedblock--mounts--bind_options))
-`read_only` (Boolean) Whether the mount should be read-only.
-`source` (String) Mount source (e.g. a volume name, a host path).
-`tmpfs_options` (Block List, Max: 1) Optional configuration for the tmpfs type. (see [below for nested schema](#nestedblock--mounts--tmpfs_options))
-`volume_options` (Block List, Max: 1) Optional configuration for the volume type. (see [below for nested schema](#nestedblock--mounts--volume_options))
-`content` (String) Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text. Conflicts with `content_base64`&`source`
-`content_base64` (String) Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for larger binary content such as the result of the `base64encode` interpolation function. See [here](https://github.com/terraform-providers/terraform-provider-docker/issues/48#issuecomment-374174588) for the reason. Conflicts with `content`&`source`
-`executable` (Boolean) If `true`, the file will be uploaded with user executable permission. Defaults to `false`.
-`source` (String) A filename that references a file which will be uploaded as the object content. This allows for large file uploads that do not get stored in state. Conflicts with `content`&`content_base64`
-`source_hash` (String) If using `source`, this will force an update if the file content has updated but the filename has not.
