Unix-like absolute file secrets are transformed as relative on Windows

[oldium]

trafficstars

Environment:

• Windows
• minikube
• github.com docker.exe and docker-compose.exe from Git master built with docker buildx bake
• DOCKER_HOST configured to use docker daemon from minikube (minikube docker-env | Invoke-Expression)
• minikube mount ./:/minikube-docker mount call from C:\Users\my_user\Testing to allow bind mounts from docker-compose.yaml as /minikube-docker/<something>

When docker-compose.yaml contains the following snippet:

secrets:
  my_password:
    file: /minikube-docker/config/MY_PASSWORD

than the file is wrongly converted as relative to C:\Users\my_user\Testing\minikube-docker\config\MY_PASSWORD and that is also what docker-compose sees and passes to docker daemon. This leads to error Error response from daemon: invalid mount config for type "bind": invalid mount path: 'C:/Users/my_user/Testing/minikube-docker/config/MY_PASSWORD'.

The same works fine on volumes, though.

I added code to docker-compose into cmd/compose/compose.go immediately after cli.ProjectFromOptions and it clearly shows that the secret's file is already absolute, so the problem is somewhere in the compose-go project. I tried to check the root cause by reading the code, but I am confused by the fact that the filepath.IsAbs should work and absPath function in loader.go checks filepath.IsAbs before making the path absolute. But because I am not a Go expert, I am curently not able to compile this on Windows and run some tests.

[oldium]

Finally, I was able to debug it from GoLand. The filepath.IsAbs simply returns false, because volumeNameLen is 0.

https://github.com/golang/go/blob/e828fbdffe3318b976aa12d2aee27d4a53bc9f12/src/path/filepath/path_windows.go#L40-L57

So definitely the secrets file needs the same care as volumes, i.e. an extra call to paths.IsAbs like in resolveVolumePath, which checks for the slash at the beginning of the file name.