secret.target: explicitly allow or disallow absolute path

[AkihiroSuda]

What is the problem you're trying to solve

The current spec does not seem to allow an absolute path like /foo/bar as a secret target:

target: The name of the file to be mounted in /run/secrets/ in the service's task containers. Defaults to source if not specified.

However, this seems to have been allowed in docker-compose.

Describe the solution you'd like
Revise the spec to explicitly allow (or disallow) absolute path.

[AkihiroSuda]

@ndeloof Is this expected to be allowed or disallowed?

[ndeloof]

This doc is based on https://docs.docker.com/compose/compose-file/compose-file-v3/#secrets which does not define support for absolute paths. docker-compose indeed do support those, and I don't see reasons not to allow this.

[EricHripko]

Should we amend the wording on the spec to reflect this?

[AkihiroSuda]

Yes, this should be explicitly mentioned in the spec.

[epuronta]

I've created a PR to Docker Docs (docker/docs#15854) to clarify this specific issue. Merging seems to be blocked (see this comment) because the information is missing from this spec, and this spec is blocked because it's created based the aforementioned Docker Docs.

I optimistically created a PR here as well (#281). Who can break the deadlock though?

Issues #95 and #276 seem to be pretty much duplicates of this issue.