diff --git a/docker/resource_docker_container.go b/docker/resource_docker_container.go index 85a5f7fe..176541ec 100644 --- a/docker/resource_docker_container.go +++ b/docker/resource_docker_container.go @@ -28,6 +28,13 @@ func resourceDockerContainer() *schema.Resource { Optional: true, }, + "read_only": { + Type: schema.TypeBool, + Default: false, + Optional: true, + ForceNew: true, + }, + "start": { Type: schema.TypeBool, Default: true, diff --git a/docker/resource_docker_container_funcs.go b/docker/resource_docker_container_funcs.go index e4c5b05c..c078e9e3 100644 --- a/docker/resource_docker_container_funcs.go +++ b/docker/resource_docker_container_funcs.go @@ -214,8 +214,9 @@ func resourceDockerContainerCreate(d *schema.ResourceData, meta interface{}) err Name: d.Get("restart").(string), MaximumRetryCount: d.Get("max_retry_count").(int), }, - Mounts: mounts, - AutoRemove: d.Get("rm").(bool), + Mounts: mounts, + AutoRemove: d.Get("rm").(bool), + ReadonlyRootfs: d.Get("read_only").(bool), LogConfig: container.LogConfig{ Type: d.Get("log_driver").(string), }, diff --git a/docker/resource_docker_container_test.go b/docker/resource_docker_container_test.go index 53d9342f..ed21ae5f 100644 --- a/docker/resource_docker_container_test.go +++ b/docker/resource_docker_container_test.go @@ -1100,6 +1100,34 @@ func TestAccDockerContainer_rm(t *testing.T) { }) } +func TestAccDockerContainer_readonly(t *testing.T) { + var c types.ContainerJSON + + testCheck := func(*terraform.State) error { + if !c.HostConfig.ReadonlyRootfs { + return fmt.Errorf("Container isn't readonly") + } + + return nil + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDockerContainerReadOnlyConfig, + Check: resource.ComposeTestCheckFunc( + testAccContainerRunning("docker_container.foo", &c), + testCheck, + resource.TestCheckResourceAttr("docker_container.foo", "name", "tf-test"), + resource.TestCheckResourceAttr("docker_container.foo", "read_only", "true"), + ), + }, + }, + }) +} + func TestAccDockerContainer_healthcheck(t *testing.T) { var c types.ContainerJSON testCheck := func(*terraform.State) error { @@ -1955,6 +1983,18 @@ resource "docker_image" "foo" { rm = true } ` +const testAccDockerContainerReadOnlyConfig = ` +resource "docker_image" "foo" { + name = "busybox:latest" + keep_locally = true +} + resource "docker_container" "foo" { + name = "tf-test" + image = "${docker_image.foo.latest}" + command = ["/bin/sleep", "15"] + read_only = true +} +` const testAccDockerContainerAttachConfig = ` resource "docker_image" "foo" { name = "busybox:latest" diff --git a/website/docs/r/container.html.markdown b/website/docs/r/container.html.markdown index 89f1b187..b4117de7 100644 --- a/website/docs/r/container.html.markdown +++ b/website/docs/r/container.html.markdown @@ -68,6 +68,7 @@ data is stored in them. See [the docker documentation][linkdoc] for more details * `working_dir`- (Optional, string) The working directory for commands to run in * `rm` - (Optional, bool) If true, then the container will be automatically removed after his execution. Terraform won't check this container after creation. +* `read_only` - (Optional, bool) If true, the container will be started as readonly. * `start` - (Optional, bool) If true, then the Docker container will be started after creation. If false, then the container is only created. * `attach` - (Optional, bool) If true attach to the container after its creation and waits the end of his execution.