feat: allow security_opt and readonly_rootfs to be configured (#787)

Author: gurinderu

testcontainers/src/core/containers/request.rs

@@ -35,6 +35,8 @@ pub struct ContainerRequest<I: Image> {
     pub(crate) privileged: bool,
     pub(crate) cap_add: Option<Vec<String>>,
     pub(crate) cap_drop: Option<Vec<String>>,
+    pub(crate) readonly_rootfs: bool,
+    pub(crate) security_opts: Option<Vec<String>>,
     pub(crate) shm_size: Option<u64>,
     pub(crate) cgroupns_mode: Option<CgroupnsMode>,
     pub(crate) userns_mode: Option<String>,
@@ -198,6 +200,14 @@ impl<I: Image> ContainerRequest<I> {
     pub fn user(&self) -> Option<&str> {
         self.user.as_deref()
     }
+
+    pub fn security_opts(&self) -> Option<&Vec<String>> {
+        self.security_opts.as_ref()
+    }
+
+    pub fn readonly_rootfs(&self) -> bool {
+        self.readonly_rootfs
+    }
 }
 
 impl<I: Image> From<I> for ContainerRequest<I> {
@@ -219,6 +229,8 @@ impl<I: Image> From<I> for ContainerRequest<I> {
             privileged: false,
             cap_add: None,
             cap_drop: None,
+            security_opts: None,
+            readonly_rootfs: false,
             shm_size: None,
             cgroupns_mode: None,
             userns_mode: None,

testcontainers/src/core/image/image_ext.rs

@@ -169,6 +169,12 @@ pub trait ImageExt<I: Image> {
 
     /// Sets the user that commands are run as inside the container.
     fn with_user(self, user: impl Into<String>) -> ContainerRequest<I>;
+
+    /// Sets the container's root filesystem to be mounted as read-only
+    fn with_readonly_rootfs(self, readonly_rootfs: bool) -> ContainerRequest<I>;
+
+    /// Sets security options for the container
+    fn with_security_opt(self, security_opt: impl Into<String>) -> ContainerRequest<I>;
 }
 
 /// Implements the [`ImageExt`] trait for the every type that can be converted into a [`ContainerRequest`].
@@ -391,4 +397,22 @@ impl<RI: Into<ContainerRequest<I>>, I: Image> ImageExt<I> for RI {
             ..container_req
         }
     }
+
+    fn with_readonly_rootfs(self, readonly_rootfs: bool) -> ContainerRequest<I> {
+        let container_req = self.into();
+        ContainerRequest {
+            readonly_rootfs,
+            ..container_req
+        }
+    }
+
+    fn with_security_opt(self, security_opt: impl Into<String>) -> ContainerRequest<I> {
+        let mut container_req = self.into();
+        container_req
+            .security_opts
+            .get_or_insert_with(Vec::new)
+            .push(security_opt.into());
+
+        container_req
+    }
 }

testcontainers/src/runners/async_runner.rs

@@ -146,6 +146,8 @@ where
                 userns_mode: container_req.userns_mode().map(|v| v.to_string()),
                 cap_add: container_req.cap_add().cloned(),
                 cap_drop: container_req.cap_drop().cloned(),
+                readonly_rootfs: Some(container_req.readonly_rootfs()),
+                security_opt: container_req.security_opts().cloned(),
                 ..Default::default()
             }),
             working_dir: container_req.working_dir().map(|dir| dir.to_string()),