[BUG] Incorrect warning about secrets from environment variable being ignored #12010
Description
Description
While it is known that file secrets cannot have their ownership / permissions set via service level secrets, it appears that environment secrets can, yet the warning about said ownership / permissions being ignored is displayed.
Steps To Reproduce
- Set a secret from an environment variable and attempt to modify its uid, gid, and mode via service-level secrets
$ cat compose.yml
services:
my-service:
image: busybox:stable
command: ls -ln /run/secrets/my-secret
secrets:
- source: my-secret
uid: "10"
gid: "20"
mode: 0754
secrets:
my-secret:
environment: MY_SECRET
- Run docker compose and display the uid, gid, and mode of the secret, noting the incorrect warning about them not being set
$ MY_SECRET=success docker compose run --rm my-service
WARN[0000] secrets `uid`, `gid` and `mode` are not supported, they will be ignored
-rwxr-xr-- 1 10 20 7 Jul 23 20:40 /run/secrets/my-secret
Compose Version
Docker Compose version v2.29.0
Docker Environment
Client: Docker Engine - Community
Version: 27.1.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.16.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 42
Server Version: 27.1.0
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 nvidia runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.14.0-427.26.1.el9_4.x86_64
Operating System: Red Hat Enterprise Linux 9.4 (Plow)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 30.83GiB
Name: REDACTED
ID: 0608251b-f670-49b2-8b9e-8e9327933d84
Docker Root Dir: /home/docker
Debug Mode: false
Username: REDACTED
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Anything else?
No response