report error using non-file secret|config with read-only service

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

Author: ndeloof

pkg/compose/secrets.go

@@ -35,6 +35,10 @@ func (s *composeService) injectSecrets(ctx context.Context, project *types.Proje
 			continue
 		}
 
+		if service.ReadOnly {
+			return fmt.Errorf("cannot create secret %q in read-only service %s: `file` is the sole supported option", file.Name, service.Name)
+		}
+
 		if config.Target == "" {
 			config.Target = "/run/secrets/" + config.Source
 		} else if !isAbsTarget(config.Target) {
@@ -43,7 +47,7 @@ func (s *composeService) injectSecrets(ctx context.Context, project *types.Proje
 
 		env, ok := project.Environment[file.Environment]
 		if !ok {
-			return fmt.Errorf("environment variable %q required by file %q is not set", file.Environment, file.Name)
+			return fmt.Errorf("environment variable %q required by secret %q is not set", file.Environment, file.Name)
 		}
 		b, err := createTar(env, types.FileReferenceConfig(config))
 		if err != nil {
@@ -67,14 +71,18 @@ func (s *composeService) injectConfigs(ctx context.Context, project *types.Proje
 		if file.Environment != "" {
 			env, ok := project.Environment[file.Environment]
 			if !ok {
-				return fmt.Errorf("environment variable %q required by file %q is not set", file.Environment, file.Name)
+				return fmt.Errorf("environment variable %q required by config %q is not set", file.Environment, file.Name)
 			}
 			content = env
 		}
 		if content == "" {
 			continue
 		}
 
+		if service.ReadOnly {
+			return fmt.Errorf("cannot create config %q in read-only service %s: `file` is the sole supported option", file.Name, service.Name)
+		}
+
 		if config.Target == "" {
 			config.Target = "/" + config.Source
 		}