Add support for readonly containers (#206)

Closes #203 Signed-off-by: dubo-dubon-duponey <dubodubonduponey+github@pm.me>
2025-12-30 11:39:44 -05:00 · 2019-10-25 06:14:09 -04:00 · 2019-10-25 06:14:09 -04:00 · 4d3eb6ca33
commit 4d3eb6ca33
parent 2b3bdec287
4 changed files with 51 additions and 2 deletions
--- a/docker/resource_docker_container.go
+++ b/docker/resource_docker_container.go
@ -28,6 +28,13 @@ func resourceDockerContainer() *schema.Resource {
 				Optional: true,
 			},

+			"read_only": {
+				Type:     schema.TypeBool,
+				Default:  false,
+				Optional: true,
+				ForceNew: true,
+			},
+
 			"start": {
 				Type:     schema.TypeBool,
 				Default:  true,
--- a/docker/resource_docker_container_funcs.go
+++ b/docker/resource_docker_container_funcs.go
@ -214,8 +214,9 @@ func resourceDockerContainerCreate(d *schema.ResourceData, meta interface{}) err
 			Name:              d.Get("restart").(string),
 			MaximumRetryCount: d.Get("max_retry_count").(int),
 		},
-		Mounts:     mounts,
-		AutoRemove: d.Get("rm").(bool),
+		Mounts:         mounts,
+		AutoRemove:     d.Get("rm").(bool),
+		ReadonlyRootfs: d.Get("read_only").(bool),
 		LogConfig: container.LogConfig{
 			Type: d.Get("log_driver").(string),
 		},
--- a/docker/resource_docker_container_test.go
+++ b/docker/resource_docker_container_test.go
@ -1100,6 +1100,34 @@ func TestAccDockerContainer_rm(t *testing.T) {
 	})
 }

+func TestAccDockerContainer_readonly(t *testing.T) {
+	var c types.ContainerJSON
+
+	testCheck := func(*terraform.State) error {
+		if !c.HostConfig.ReadonlyRootfs {
+			return fmt.Errorf("Container isn't readonly")
+		}
+
+		return nil
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDockerContainerReadOnlyConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccContainerRunning("docker_container.foo", &c),
+					testCheck,
+					resource.TestCheckResourceAttr("docker_container.foo", "name", "tf-test"),
+					resource.TestCheckResourceAttr("docker_container.foo", "read_only", "true"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccDockerContainer_healthcheck(t *testing.T) {
 	var c types.ContainerJSON
 	testCheck := func(*terraform.State) error {
@ -1955,6 +1983,18 @@ resource "docker_image" "foo" {
 	rm = true
 }
 `
+const testAccDockerContainerReadOnlyConfig = `
+resource "docker_image" "foo" {
+	name = "busybox:latest"
+	keep_locally = true
+}
+ resource "docker_container" "foo" {
+	name = "tf-test"
+	image = "${docker_image.foo.latest}"
+	command = ["/bin/sleep", "15"]
+	read_only = true
+}
+`
 const testAccDockerContainerAttachConfig = `
 resource "docker_image" "foo" {
 	name = "busybox:latest"
--- a/website/docs/r/container.html.markdown
+++ b/website/docs/r/container.html.markdown
@ -68,6 +68,7 @@ data is stored in them. See [the docker documentation][linkdoc] for more details
 * `working_dir`- (Optional, string) The working directory for commands to run in
 * `rm` - (Optional, bool) If true, then the container will be automatically removed after his execution. Terraform
   won't check this container after creation.
+* `read_only` - (Optional, bool) If true, the container will be started as readonly.
 * `start` - (Optional, bool) If true, then the Docker container will be
  started after creation. If false, then the container is only created.
 * `attach` - (Optional, bool) If true attach to the container after its creation and waits the end of his execution.