Revendor swarmkit to b79d41fa99c137181d8f58ef76a6e8a25bc2e72f

This commit updates swarmkit to b79d41fa99c137181d8f58ef76a6e8a25bc2e72f

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

hack/vendor.sh

@@ -143,7 +143,7 @@ clone git github.com/docker/docker-credential-helpers v0.3.0
 clone git github.com/docker/containerd 2545227b0357eb55e369fa0072baef9ad91cdb69
 
 # cluster
-clone git github.com/docker/swarmkit 7b202f058db2f3a7d41351a56e5ef720c9b5a45d
+clone git github.com/docker/swarmkit b79d41fa99c137181d8f58ef76a6e8a25bc2e72f
 clone git github.com/golang/mock bd3c8e81be01eef76d4b503f5e687d2d1354d2d9
 clone git github.com/gogo/protobuf v0.3
 clone git github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a

vendor/src/github.com/docker/swarmkit/agent/config.go

@@ -1,12 +1,11 @@
 package agent
 
 import (
-	"fmt"
-
 	"github.com/boltdb/bolt"
 	"github.com/docker/swarmkit/agent/exec"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/remotes"
+	"github.com/pkg/errors"
 	"google.golang.org/grpc/credentials"
 )
 
@@ -34,15 +33,15 @@ type Config struct {
 
 func (c *Config) validate() error {
 	if c.Credentials == nil {
-		return fmt.Errorf("agent: Credentials is required")
+		return errors.New("agent: Credentials is required")
 	}
 
 	if c.Executor == nil {
-		return fmt.Errorf("agent: executor required")
+		return errors.New("agent: executor required")
 	}
 
 	if c.DB == nil {
-		return fmt.Errorf("agent: database required")
+		return errors.New("agent: database required")
 	}
 
 	return nil

vendor/src/github.com/docker/swarmkit/agent/node.go

@@ -3,7 +3,6 @@ package agent
 import (
 	"crypto/tls"
 	"encoding/json"
-	"fmt"
 	"io/ioutil"
 	"net"
 	"os"
@@ -22,6 +21,7 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager"
 	"github.com/docker/swarmkit/remotes"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -500,7 +500,7 @@ func (n *Node) loadCertificates() error {
 			return nil
 		}
 
-		return fmt.Errorf("error while loading TLS Certificate in %s: %v", configPaths.Node.Cert, err)
+		return errors.Wrapf(err, "error while loading TLS Certificate in %s", configPaths.Node.Cert)
 	}
 	// todo: try csr if no cert or store nodeID/role in some other way
 	n.Lock()

vendor/src/github.com/docker/swarmkit/api/control.proto

@@ -71,6 +71,44 @@ service Control {
 	rpc UpdateCluster(UpdateClusterRequest) returns (UpdateClusterResponse) {
 		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
 	};
+
+	// --- secret APIs ---
+
+	// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
+	// id as `GetSecretRequest.SecretID`
+	// - Returns `NotFound` if the Secret with the given id is not found.
+	// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
+	// - Returns an error if getting fails.
+	rpc GetSecret(GetSecretRequest) returns (GetSecretResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// ListSecrets returns a `ListSecretResponse` with a list all non-internal `Secret`s being
+	// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
+	// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
+	// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
+	// - Returns an error if listing fails.
+	rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+	// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
+	// on the provided `CreateSecretRequest.SecretSpec`.
+	// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
+	//   or if the secret data is too long or contains invalid characters.
+	// - Returns `ResourceExhausted` if there are already the maximum number of allowed
+	//   secrets in the system.
+	// - Returns an error if the creation fails.
+	rpc CreateSecret(CreateSecretRequest) returns (CreateSecretResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
+
+	// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
+	// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
+	// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
+	// - Returns an error if the deletion fails.
+	rpc RemoveSecret(RemoveSecretRequest) returns (RemoveSecretResponse) {
+		option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
+	}
 }
 
 message GetNodeRequest {
@@ -293,3 +331,59 @@ message UpdateClusterRequest {
 message UpdateClusterResponse {
 	Cluster cluster = 1;
 }
+
+// GetSecretRequest is the request to get a `Secret` object given a secret id.
+message GetSecretRequest {
+	string secret_id = 1 [(gogoproto.customname) = "SecretID"];
+}
+
+// GetSecretResponse contains the Secret corresponding to the id in
+// `GetSecretRequest`, but the `Secret.Spec.Data` field in each `Secret`
+// object should be nil instead of actually containing the secret bytes.
+message GetSecretResponse {
+	Secret secret = 1;
+}
+
+// ListSecretRequest is the request to list all non-internal secrets in the secret store,
+// or all secrets filtered by (name or name prefix or id prefix) and labels.
+message ListSecretsRequest {
+	message Filters {
+		repeated string names = 1;
+		repeated string id_prefixes = 2 [(gogoproto.customname) = "IDPrefixes"];
+		map<string, string> labels = 3;
+		repeated string name_prefixes = 4;
+	}
+
+	Filters filters = 1;
+}
+
+// ListSecretResponse contains a list of all the secrets that match the name or
+// name prefix filters provided in `ListSecretRequest`.  The `Secret.Spec.Data`
+// field in each `Secret` object should be nil instead of actually containing
+// the secret bytes.
+message ListSecretsResponse {
+	repeated Secret secrets = 1;
+}
+
+// CreateSecretRequest specifies a new secret (it will not update an existing
+// secret) to create.
+message CreateSecretRequest {
+	SecretSpec spec = 1;
+}
+
+// CreateSecretResponse contains the newly created `Secret`` corresponding to the
+// name in `CreateSecretRequest`.  The `Secret.Spec.Data` field should be nil instead
+// of actually containing the secret bytes.
+message CreateSecretResponse {
+	Secret secret = 1;
+}
+
+// RemoveSecretRequest contains the ID of the secret that should be removed.  This
+// removes all versions of the secret.
+message RemoveSecretRequest {
+	string secret_id = 1 [(gogoproto.customname) = "SecretID"];
+}
+
+// RemoveSecretResponse is an empty object indicating the successful removal of
+// a secret.
+message RemoveSecretResponse {}

vendor/src/github.com/docker/swarmkit/api/dispatcher.pb.go

@@ -235,6 +235,14 @@ type AssignmentsMessage struct {
 	// assignment set. It is not used in the first assignments message of
 	// a stream.
 	RemoveTasks []string `protobuf:"bytes,5,rep,name=remove_tasks,json=removeTasks" json:"remove_tasks,omitempty"`
+	// UpdateSecrets is a set of new or updated secrets for this node.
+	// In the first assignments message, it contains all of the secrets
+	// the node needs for itself and its assigned tasks.
+	UpdateSecrets []*Secret `protobuf:"bytes,6,rep,name=update_secrets,json=updateSecrets" json:"update_secrets,omitempty"`
+	// RemoveSecrets is a set of previously-assigned secret names to remove
+	// from memory. It is not used in the first assignments message of
+	// a stream.
+	RemoveSecrets []string `protobuf:"bytes,7,rep,name=remove_secrets,json=removeSecrets" json:"remove_secrets,omitempty"`
 }
 
 func (m *AssignmentsMessage) Reset()                    { *m = AssignmentsMessage{} }
@@ -480,6 +488,20 @@ func (m *AssignmentsMessage) Copy() *AssignmentsMessage {
 		}
 	}
 
+	if m.UpdateSecrets != nil {
+		o.UpdateSecrets = make([]*Secret, 0, len(m.UpdateSecrets))
+		for _, v := range m.UpdateSecrets {
+			o.UpdateSecrets = append(o.UpdateSecrets, v.Copy())
+		}
+	}
+
+	if m.RemoveSecrets != nil {
+		o.RemoveSecrets = make([]string, 0, len(m.RemoveSecrets))
+		for _, v := range m.RemoveSecrets {
+			o.RemoveSecrets = append(o.RemoveSecrets, v)
+		}
+	}
+
 	return o
 }
 
@@ -606,7 +628,7 @@ func (this *AssignmentsMessage) GoString() string {
 	if this == nil {
 		return "nil"
 	}
-	s := make([]string, 0, 9)
+	s := make([]string, 0, 11)
 	s = append(s, "&api.AssignmentsMessage{")
 	s = append(s, "Type: "+fmt.Sprintf("%#v", this.Type)+",\n")
 	s = append(s, "AppliesTo: "+fmt.Sprintf("%#v", this.AppliesTo)+",\n")
@@ -615,6 +637,10 @@ func (this *AssignmentsMessage) GoString() string {
 		s = append(s, "UpdateTasks: "+fmt.Sprintf("%#v", this.UpdateTasks)+",\n")
 	}
 	s = append(s, "RemoveTasks: "+fmt.Sprintf("%#v", this.RemoveTasks)+",\n")
+	if this.UpdateSecrets != nil {
+		s = append(s, "UpdateSecrets: "+fmt.Sprintf("%#v", this.UpdateSecrets)+",\n")
+	}
+	s = append(s, "RemoveSecrets: "+fmt.Sprintf("%#v", this.RemoveSecrets)+",\n")
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1346,6 +1372,33 @@ func (m *AssignmentsMessage) MarshalTo(data []byte) (int, error) {
 			i += copy(data[i:], s)
 		}
 	}
+	if len(m.UpdateSecrets) > 0 {
+		for _, msg := range m.UpdateSecrets {
+			data[i] = 0x32
+			i++
+			i = encodeVarintDispatcher(data, i, uint64(msg.Size()))
+			n, err := msg.MarshalTo(data[i:])
+			if err != nil {
+				return 0, err
+			}
+			i += n
+		}
+	}
+	if len(m.RemoveSecrets) > 0 {
+		for _, s := range m.RemoveSecrets {
+			data[i] = 0x3a
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				data[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
+			}
+			data[i] = uint8(l)
+			i++
+			i += copy(data[i:], s)
+		}
+	}
 	return i, nil
 }
 
@@ -1762,6 +1815,18 @@ func (m *AssignmentsMessage) Size() (n int) {
 			n += 1 + l + sovDispatcher(uint64(l))
 		}
 	}
+	if len(m.UpdateSecrets) > 0 {
+		for _, e := range m.UpdateSecrets {
+			l = e.Size()
+			n += 1 + l + sovDispatcher(uint64(l))
+		}
+	}
+	if len(m.RemoveSecrets) > 0 {
+		for _, s := range m.RemoveSecrets {
+			l = len(s)
+			n += 1 + l + sovDispatcher(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -1893,6 +1958,8 @@ func (this *AssignmentsMessage) String() string {
 		`ResultsIn:` + fmt.Sprintf("%v", this.ResultsIn) + `,`,
 		`UpdateTasks:` + strings.Replace(fmt.Sprintf("%v", this.UpdateTasks), "Task", "Task", 1) + `,`,
 		`RemoveTasks:` + fmt.Sprintf("%v", this.RemoveTasks) + `,`,
+		`UpdateSecrets:` + strings.Replace(fmt.Sprintf("%v", this.UpdateSecrets), "Secret", "Secret", 1) + `,`,
+		`RemoveSecrets:` + fmt.Sprintf("%v", this.RemoveSecrets) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3027,6 +3094,66 @@ func (m *AssignmentsMessage) Unmarshal(data []byte) error {
 			}
 			m.RemoveTasks = append(m.RemoveTasks, string(data[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UpdateSecrets", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowDispatcher
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthDispatcher
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.UpdateSecrets = append(m.UpdateSecrets, &Secret{})
+			if err := m.UpdateSecrets[len(m.UpdateSecrets)-1].Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RemoveSecrets", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowDispatcher
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthDispatcher
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.RemoveSecrets = append(m.RemoveSecrets, string(data[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipDispatcher(data[iNdEx:])
@@ -3156,57 +3283,59 @@ var (
 func init() { proto.RegisterFile("dispatcher.proto", fileDescriptorDispatcher) }
 
 var fileDescriptorDispatcher = []byte{
-	// 820 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x9c, 0x55, 0x4d, 0x6f, 0x1b, 0x45,
-	0x18, 0xce, 0x38, 0x8e, 0x53, 0xbf, 0xeb, 0x14, 0x33, 0x54, 0x74, 0x65, 0xb5, 0x1b, 0x77, 0x43,
-	0x23, 0x4b, 0x0d, 0x9b, 0x62, 0x24, 0x0e, 0x10, 0x01, 0x75, 0x6d, 0x09, 0xab, 0x4d, 0x5a, 0x6d,
-	0x0d, 0x3d, 0x5a, 0x6b, 0xef, 0x2b, 0x77, 0x71, 0xbc, 0xb3, 0xcc, 0xcc, 0xb6, 0xf8, 0x80, 0x84,
-	0x04, 0x48, 0x1c, 0x11, 0xa7, 0x8a, 0x1f, 0xc1, 0xef, 0x88, 0x38, 0x71, 0xe4, 0x14, 0x11, 0xff,
-	0x00, 0xc4, 0x4f, 0xa8, 0x76, 0x77, 0xd6, 0x71, 0x9d, 0x75, 0xe2, 0xe4, 0xe4, 0xd9, 0x77, 0x9e,
-	0xe7, 0x99, 0x47, 0xef, 0x97, 0xa1, 0xec, 0x7a, 0x22, 0x70, 0x64, 0xff, 0x05, 0x72, 0x2b, 0xe0,
-	0x4c, 0x32, 0x4a, 0x5d, 0xd6, 0x1f, 0x22, 0xb7, 0xc4, 0x2b, 0x87, 0x8f, 0x86, 0x9e, 0xb4, 0x5e,
-	0x7e, 0x54, 0xd1, 0xe4, 0x38, 0x40, 0x91, 0x00, 0x2a, 0x1b, 0xac, 0xf7, 0x2d, 0xf6, 0x65, 0xfa,
-	0x79, 0x63, 0xc0, 0x06, 0x2c, 0x3e, 0xee, 0x46, 0x27, 0x15, 0x7d, 0x2f, 0x38, 0x0c, 0x07, 0x9e,
-	0xbf, 0x9b, 0xfc, 0xa8, 0xe0, 0x4d, 0x37, 0xe4, 0x8e, 0xf4, 0x98, 0xbf, 0x9b, 0x1e, 0x92, 0x0b,
-	0xf3, 0x17, 0x02, 0xd7, 0x9f, 0xa1, 0x10, 0x1e, 0xf3, 0x6d, 0xfc, 0x2e, 0x44, 0x21, 0x69, 0x0b,
-	0x34, 0x17, 0x45, 0x9f, 0x7b, 0x41, 0x84, 0xd3, 0x49, 0x95, 0xd4, 0xb4, 0xfa, 0x96, 0x75, 0xd6,
-	0x9c, 0x75, 0xc0, 0x5c, 0x6c, 0x9e, 0x42, 0xed, 0x59, 0x1e, 0xdd, 0x01, 0x10, 0x89, 0x70, 0xd7,
-	0x73, 0xf5, 0x5c, 0x95, 0xd4, 0x8a, 0x8d, 0x8d, 0xc9, 0xf1, 0x66, 0x51, 0x3d, 0xd7, 0x6e, 0xda,
-	0x45, 0x05, 0x68, 0xbb, 0xe6, 0x4f, 0xb9, 0xa9, 0x8f, 0x7d, 0x14, 0xc2, 0x19, 0xe0, 0x9c, 0x00,
-	0x39, 0x5f, 0x80, 0xee, 0x40, 0xde, 0x67, 0x2e, 0xc6, 0x0f, 0x69, 0x75, 0x7d, 0x91, 0x5d, 0x3b,
-	0x46, 0xd1, 0x3d, 0xb8, 0x36, 0x72, 0x7c, 0x67, 0x80, 0x5c, 0xe8, 0xab, 0xd5, 0xd5, 0x9a, 0x56,
-	0xaf, 0x66, 0x31, 0x9e, 0xa3, 0x37, 0x78, 0x21, 0xd1, 0x7d, 0x8a, 0xc8, 0xed, 0x29, 0x83, 0x3e,
-	0x87, 0xf7, 0x7d, 0x94, 0xaf, 0x18, 0x1f, 0x76, 0x7b, 0x8c, 0x49, 0x21, 0xb9, 0x13, 0x74, 0x87,
-	0x38, 0x16, 0x7a, 0x3e, 0xd6, 0xba, 0x93, 0xa5, 0xd5, 0xf2, 0xfb, 0x7c, 0x1c, 0xa7, 0xe6, 0x11,
-	0x8e, 0xed, 0x1b, 0x4a, 0xa0, 0x91, 0xf2, 0x1f, 0xe1, 0x58, 0x98, 0x5f, 0x42, 0xf9, 0x2b, 0x74,
-	0xb8, 0xec, 0xa1, 0x23, 0xd3, 0x72, 0x5c, 0x2a, 0x0d, 0xe6, 0x13, 0x78, 0x77, 0x46, 0x41, 0x04,
-	0xcc, 0x17, 0x48, 0x3f, 0x85, 0x42, 0x80, 0xdc, 0x63, 0xae, 0x2a, 0xe6, 0xad, 0x2c, 0x7f, 0x4d,
-	0xd5, 0x18, 0x8d, 0xfc, 0xd1, 0xf1, 0xe6, 0x8a, 0xad, 0x18, 0xe6, 0x6f, 0x39, 0xb8, 0xf9, 0x75,
-	0xe0, 0x3a, 0x12, 0x3b, 0x8e, 0x18, 0x3e, 0x93, 0x8e, 0x0c, 0xc5, 0x95, 0xac, 0xd1, 0x6f, 0x60,
-	0x3d, 0x8c, 0x85, 0xd2, 0x94, 0xef, 0x65, 0xd9, 0x58, 0xf0, 0x96, 0x75, 0x1a, 0x49, 0x10, 0x76,
-	0x2a, 0x56, 0x61, 0x50, 0x9e, 0xbf, 0xa4, 0x5b, 0xb0, 0x2e, 0x1d, 0x31, 0x3c, 0xb5, 0x05, 0x93,
-	0xe3, 0xcd, 0x42, 0x04, 0x6b, 0x37, 0xed, 0x42, 0x74, 0xd5, 0x76, 0xe9, 0x27, 0x50, 0x10, 0x31,
-	0x49, 0x35, 0x8d, 0x91, 0xe5, 0x67, 0xc6, 0x89, 0x42, 0x9b, 0x15, 0xd0, 0xcf, 0xba, 0x4c, 0x52,
-	0x6d, 0xee, 0x41, 0x29, 0x8a, 0x5e, 0x2d, 0x45, 0xe6, 0xe7, 0x8a, 0x9d, 0x8e, 0x80, 0x05, 0x6b,
-	0x91, 0x57, 0xa1, 0x93, 0x38, 0x61, 0xfa, 0x22, 0x83, 0x76, 0x02, 0x33, 0x1b, 0x40, 0x1f, 0x08,
-	0xe1, 0x0d, 0xfc, 0x11, 0xfa, 0xf2, 0x8a, 0x1e, 0xfe, 0xc8, 0xbd, 0x25, 0x92, 0x5a, 0xf9, 0x02,
-	0xf2, 0xd1, 0x2a, 0x8a, 0xe9, 0xd7, 0xeb, 0xf7, 0xb2, 0x9c, 0x9c, 0x65, 0x59, 0x9d, 0x71, 0x80,
-	0x76, 0x4c, 0xa4, 0xb7, 0x01, 0x9c, 0x20, 0x38, 0xf4, 0x50, 0x74, 0x25, 0x4b, 0xf6, 0x81, 0x5d,
-	0x54, 0x91, 0x0e, 0x8b, 0xae, 0x39, 0x8a, 0xf0, 0x50, 0x8a, 0xae, 0xe7, 0xeb, 0xab, 0xc9, 0xb5,
-	0x8a, 0xb4, 0x7d, 0xfa, 0x19, 0x94, 0x92, 0x7a, 0x77, 0x93, 0x84, 0xe4, 0x2f, 0x48, 0x88, 0x16,
-	0x4e, 0x2b, 0x24, 0xe8, 0x1d, 0x28, 0x71, 0x1c, 0xb1, 0x97, 0x29, 0x79, 0xad, 0xba, 0x5a, 0x2b,
-	0xda, 0x5a, 0x12, 0x8b, 0x21, 0xe6, 0x5d, 0xc8, 0x47, 0x5e, 0x69, 0x09, 0xae, 0x3d, 0x7c, 0xb2,
-	0xff, 0xf4, 0x71, 0xab, 0xd3, 0x2a, 0xaf, 0xd0, 0x77, 0x40, 0x6b, 0x1f, 0x3c, 0xb4, 0x5b, 0xfb,
-	0xad, 0x83, 0xce, 0x83, 0xc7, 0x65, 0x52, 0x7f, 0xbd, 0x06, 0xd0, 0x9c, 0xee, 0x6d, 0xfa, 0x3d,
-	0xac, 0xab, 0x1c, 0x52, 0x33, 0xcb, 0xca, 0xdb, 0x9b, 0xb5, 0x72, 0x1e, 0x46, 0x65, 0xcc, 0xdc,
-	0xfa, 0xeb, 0xcf, 0xff, 0x5e, 0xe7, 0x6e, 0x43, 0x29, 0xc6, 0x7c, 0x18, 0xed, 0x08, 0xe4, 0xb0,
-	0x91, 0x7c, 0xa9, 0x0d, 0x74, 0x9f, 0xd0, 0x1f, 0xa0, 0x38, 0x9d, 0x73, 0xfa, 0x41, 0x96, 0xee,
-	0xfc, 0x22, 0xa9, 0xdc, 0xbd, 0x00, 0xa5, 0x3a, 0x78, 0x19, 0x03, 0xf4, 0x77, 0x02, 0xe5, 0xf9,
-	0x19, 0xa0, 0xf7, 0x2e, 0x31, 0xcf, 0x95, 0x9d, 0xe5, 0xc0, 0x97, 0x31, 0x15, 0xc2, 0x5a, 0x52,
-	0xef, 0xea, 0xa2, 0xb6, 0x98, 0xbe, 0xbe, 0x18, 0x91, 0xd6, 0x61, 0x7b, 0x89, 0x17, 0x7f, 0xcd,
-	0x91, 0xfb, 0x84, 0xfe, 0x4c, 0x40, 0x9b, 0x69, 0x7d, 0xba, 0x7d, 0xc1, 0x6c, 0xa4, 0x1e, 0xb6,
-	0x97, 0x9b, 0xa1, 0x25, 0x3b, 0xa2, 0x71, 0xeb, 0xe8, 0xc4, 0x58, 0xf9, 0xe7, 0xc4, 0x58, 0xf9,
-	0xff, 0xc4, 0x20, 0x3f, 0x4e, 0x0c, 0x72, 0x34, 0x31, 0xc8, 0xdf, 0x13, 0x83, 0xfc, 0x3b, 0x31,
-	0x48, 0xaf, 0x10, 0xff, 0xdd, 0x7f, 0xfc, 0x26, 0x00, 0x00, 0xff, 0xff, 0xf9, 0xb7, 0x47, 0x6b,
-	0x76, 0x08, 0x00, 0x00,
+	// 858 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x9c, 0x56, 0x41, 0x6f, 0x1b, 0x45,
+	0x14, 0xce, 0xd8, 0x8e, 0x53, 0xbf, 0xb5, 0x83, 0x19, 0x2a, 0xba, 0xb2, 0x5a, 0xc7, 0xdd, 0x90,
+	0x28, 0x52, 0x83, 0x53, 0x8c, 0xc4, 0x01, 0x22, 0x20, 0xae, 0x2d, 0x61, 0xb5, 0x49, 0xab, 0x8d,
+	0xa1, 0x47, 0x6b, 0xe3, 0x7d, 0x72, 0x17, 0x27, 0x3b, 0xcb, 0xcc, 0x6c, 0x8b, 0x0f, 0x48, 0x48,
+	0x14, 0x89, 0x23, 0xe2, 0xd4, 0x5f, 0xc1, 0xef, 0x88, 0x38, 0x71, 0xe4, 0x14, 0x11, 0xff, 0x00,
+	0xc4, 0x4f, 0x40, 0xbb, 0x33, 0xeb, 0x18, 0x67, 0xdd, 0x38, 0x39, 0x65, 0xe7, 0xcd, 0xf7, 0x7d,
+	0xef, 0xd3, 0x7b, 0xf3, 0x5e, 0x0c, 0x65, 0xd7, 0x13, 0x81, 0x23, 0xfb, 0x2f, 0x90, 0xd7, 0x03,
+	0xce, 0x24, 0xa3, 0xd4, 0x65, 0xfd, 0x21, 0xf2, 0xba, 0x78, 0xe5, 0xf0, 0x93, 0xa1, 0x27, 0xeb,
+	0x2f, 0x3f, 0xaa, 0x18, 0x72, 0x14, 0xa0, 0x50, 0x80, 0x4a, 0x89, 0x1d, 0x7d, 0x8b, 0x7d, 0x99,
+	0x1c, 0x6f, 0x0f, 0xd8, 0x80, 0xc5, 0x9f, 0x3b, 0xd1, 0x97, 0x8e, 0xbe, 0x17, 0x1c, 0x87, 0x03,
+	0xcf, 0xdf, 0x51, 0x7f, 0x74, 0xf0, 0x8e, 0x1b, 0x72, 0x47, 0x7a, 0xcc, 0xdf, 0x49, 0x3e, 0xd4,
+	0x85, 0xf5, 0x33, 0x81, 0xd5, 0x43, 0x14, 0xc2, 0x63, 0xbe, 0x8d, 0xdf, 0x85, 0x28, 0x24, 0x6d,
+	0x83, 0xe1, 0xa2, 0xe8, 0x73, 0x2f, 0x88, 0x70, 0x26, 0xa9, 0x91, 0x2d, 0xa3, 0xb1, 0x5e, 0xbf,
+	0x6c, 0xae, 0x7e, 0xc0, 0x5c, 0x6c, 0x5d, 0x40, 0xed, 0x69, 0x1e, 0xdd, 0x06, 0x10, 0x4a, 0xb8,
+	0xe7, 0xb9, 0x66, 0xa6, 0x46, 0xb6, 0x0a, 0xcd, 0xd2, 0xf8, 0x6c, 0xad, 0xa0, 0xd3, 0x75, 0x5a,
+	0x76, 0x41, 0x03, 0x3a, 0xae, 0xf5, 0x53, 0x66, 0xe2, 0x63, 0x1f, 0x85, 0x70, 0x06, 0x38, 0x23,
+	0x40, 0xde, 0x2e, 0x40, 0xb7, 0x21, 0xe7, 0x33, 0x17, 0xe3, 0x44, 0x46, 0xc3, 0x9c, 0x67, 0xd7,
+	0x8e, 0x51, 0x74, 0x17, 0x6e, 0x9d, 0x38, 0xbe, 0x33, 0x40, 0x2e, 0xcc, 0x6c, 0x2d, 0xbb, 0x65,
+	0x34, 0x6a, 0x69, 0x8c, 0xe7, 0xe8, 0x0d, 0x5e, 0x48, 0x74, 0x9f, 0x21, 0x72, 0x7b, 0xc2, 0xa0,
+	0xcf, 0xe1, 0x7d, 0x1f, 0xe5, 0x2b, 0xc6, 0x87, 0xbd, 0x23, 0xc6, 0xa4, 0x90, 0xdc, 0x09, 0x7a,
+	0x43, 0x1c, 0x09, 0x33, 0x17, 0x6b, 0xdd, 0x4f, 0xd3, 0x6a, 0xfb, 0x7d, 0x3e, 0x8a, 0x4b, 0xf3,
+	0x18, 0x47, 0xf6, 0x6d, 0x2d, 0xd0, 0x4c, 0xf8, 0x8f, 0x71, 0x24, 0xac, 0x2f, 0xa1, 0xfc, 0x15,
+	0x3a, 0x5c, 0x1e, 0xa1, 0x23, 0x93, 0x76, 0x5c, 0xab, 0x0c, 0xd6, 0x53, 0x78, 0x77, 0x4a, 0x41,
+	0x04, 0xcc, 0x17, 0x48, 0x3f, 0x85, 0x7c, 0x80, 0xdc, 0x63, 0xae, 0x6e, 0xe6, 0xdd, 0x34, 0x7f,
+	0x2d, 0xfd, 0x30, 0x9a, 0xb9, 0xd3, 0xb3, 0xb5, 0x25, 0x5b, 0x33, 0xac, 0x5f, 0x33, 0x70, 0xe7,
+	0xeb, 0xc0, 0x75, 0x24, 0x76, 0x1d, 0x31, 0x3c, 0x94, 0x8e, 0x0c, 0xc5, 0x8d, 0xac, 0xd1, 0x6f,
+	0x60, 0x25, 0x8c, 0x85, 0x92, 0x92, 0xef, 0xa6, 0xd9, 0x98, 0x93, 0xab, 0x7e, 0x11, 0x51, 0x08,
+	0x3b, 0x11, 0xab, 0x30, 0x28, 0xcf, 0x5e, 0xd2, 0x75, 0x58, 0x91, 0x8e, 0x18, 0x5e, 0xd8, 0x82,
+	0xf1, 0xd9, 0x5a, 0x3e, 0x82, 0x75, 0x5a, 0x76, 0x3e, 0xba, 0xea, 0xb8, 0xf4, 0x13, 0xc8, 0x8b,
+	0x98, 0xa4, 0x1f, 0x4d, 0x35, 0xcd, 0xcf, 0x94, 0x13, 0x8d, 0xb6, 0x2a, 0x60, 0x5e, 0x76, 0xa9,
+	0x4a, 0x6d, 0xed, 0x42, 0x31, 0x8a, 0xde, 0xac, 0x44, 0xd6, 0xe7, 0x9a, 0x9d, 0x8c, 0x40, 0x1d,
+	0x96, 0x23, 0xaf, 0xc2, 0x24, 0x71, 0xc1, 0xcc, 0x79, 0x06, 0x6d, 0x05, 0xb3, 0x9a, 0x40, 0xf7,
+	0x84, 0xf0, 0x06, 0xfe, 0x09, 0xfa, 0xf2, 0x86, 0x1e, 0x5e, 0x67, 0xff, 0x27, 0x92, 0x58, 0xf9,
+	0x02, 0x72, 0xd1, 0x2a, 0x8a, 0xe9, 0xab, 0x8d, 0x07, 0x69, 0x4e, 0x2e, 0xb3, 0xea, 0xdd, 0x51,
+	0x80, 0x76, 0x4c, 0xa4, 0xf7, 0x00, 0x9c, 0x20, 0x38, 0xf6, 0x50, 0xf4, 0x24, 0x53, 0xfb, 0xc0,
+	0x2e, 0xe8, 0x48, 0x97, 0x45, 0xd7, 0x1c, 0x45, 0x78, 0x2c, 0x45, 0xcf, 0xf3, 0xcd, 0xac, 0xba,
+	0xd6, 0x91, 0x8e, 0x4f, 0x3f, 0x83, 0xa2, 0xea, 0x77, 0x4f, 0x15, 0x24, 0x77, 0x45, 0x41, 0x8c,
+	0x70, 0xd2, 0x21, 0x41, 0xef, 0x43, 0x91, 0xe3, 0x09, 0x7b, 0x99, 0x90, 0x97, 0x6b, 0xd9, 0xad,
+	0x82, 0x6d, 0xa8, 0x98, 0x82, 0xec, 0xc1, 0xaa, 0xd6, 0x17, 0xd8, 0xe7, 0x28, 0x85, 0x99, 0x8f,
+	0x33, 0x54, 0xd2, 0x32, 0x1c, 0xc6, 0x10, 0xbb, 0xa4, 0x18, 0xea, 0x24, 0xe8, 0x06, 0xac, 0xea,
+	0x2c, 0x89, 0xc4, 0x4a, 0x9c, 0xa7, 0xa4, 0xa2, 0x1a, 0x66, 0x6d, 0x40, 0x2e, 0xaa, 0x0a, 0x2d,
+	0xc2, 0xad, 0x47, 0x4f, 0xf7, 0x9f, 0x3d, 0x69, 0x77, 0xdb, 0xe5, 0x25, 0xfa, 0x0e, 0x18, 0x9d,
+	0x83, 0x47, 0x76, 0x7b, 0xbf, 0x7d, 0xd0, 0xdd, 0x7b, 0x52, 0x26, 0x8d, 0x37, 0xcb, 0x00, 0xad,
+	0xc9, 0x7f, 0x08, 0xfa, 0x3d, 0xac, 0xe8, 0x6e, 0x51, 0x2b, 0xdd, 0xd2, 0xf4, 0x0e, 0xaf, 0xbc,
+	0x0d, 0xa3, 0x7b, 0x63, 0xad, 0xff, 0xf1, 0xfb, 0x3f, 0x6f, 0x32, 0xf7, 0xa0, 0x18, 0x63, 0x3e,
+	0x8c, 0xb6, 0x11, 0x72, 0x28, 0xa9, 0x93, 0xde, 0x75, 0x0f, 0x09, 0xfd, 0x01, 0x0a, 0x93, 0x8d,
+	0x42, 0x3f, 0x48, 0xd3, 0x9d, 0x5d, 0x59, 0x95, 0x8d, 0x2b, 0x50, 0x7a, 0x56, 0x16, 0x31, 0x40,
+	0x7f, 0x23, 0x50, 0x9e, 0x9d, 0x36, 0xfa, 0xe0, 0x1a, 0x9b, 0xa3, 0xb2, 0xbd, 0x18, 0xf8, 0x3a,
+	0xa6, 0x42, 0x58, 0x56, 0xcf, 0xa6, 0x36, 0xef, 0x01, 0x4e, 0xb2, 0xcf, 0x47, 0x24, 0x7d, 0xd8,
+	0x5c, 0x20, 0xe3, 0x2f, 0x19, 0xf2, 0x90, 0xd0, 0xd7, 0x04, 0x8c, 0xa9, 0x21, 0xa3, 0x9b, 0x57,
+	0x4c, 0x61, 0xe2, 0x61, 0x73, 0xb1, 0x69, 0x5d, 0xf0, 0x45, 0x34, 0xef, 0x9e, 0x9e, 0x57, 0x97,
+	0xfe, 0x3a, 0xaf, 0x2e, 0xfd, 0x7b, 0x5e, 0x25, 0x3f, 0x8e, 0xab, 0xe4, 0x74, 0x5c, 0x25, 0x7f,
+	0x8e, 0xab, 0xe4, 0xef, 0x71, 0x95, 0x1c, 0xe5, 0xe3, 0x1f, 0x16, 0x1f, 0xff, 0x17, 0x00, 0x00,
+	0xff, 0xff, 0xf5, 0xa0, 0x46, 0x49, 0xe0, 0x08, 0x00, 0x00,
 }

vendor/src/github.com/docker/swarmkit/api/dispatcher.proto

@@ -202,4 +202,14 @@ message AssignmentsMessage {
 	// assignment set. It is not used in the first assignments message of
 	// a stream.
 	repeated string remove_tasks = 5;
+
+	// UpdateSecrets is a set of new or updated secrets for this node.
+	// In the first assignments message, it contains all of the secrets
+	// the node needs for itself and its assigned tasks.
+	repeated Secret update_secrets = 6;
+
+	// RemoveSecrets is a set of previously-assigned secret names to remove
+	// from memory. It is not used in the first assignments message of
+	// a stream.
+	repeated string remove_secrets = 7;
 }

vendor/src/github.com/docker/swarmkit/api/objects.pb.go

@@ -233,6 +233,31 @@ func (m *Cluster) Reset()                    { *m = Cluster{} }
 func (*Cluster) ProtoMessage()               {}
 func (*Cluster) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{7} }
 
+// Secret represents a secret that should be passed to a container or a node,
+// and is immutable. It wraps the `spec` provided by the user with useful
+// information that is generated from the secret data in the `spec`, such as
+// the digest and size of the secret data.
+type Secret struct {
+	ID   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Meta Meta   `protobuf:"bytes,2,opt,name=meta" json:"meta"`
+	// Spec contains the actual secret data, as well as any context around the
+	// secret data that the user provides.
+	Spec SecretSpec `protobuf:"bytes,3,opt,name=spec" json:"spec"`
+	// Digest represents the cryptographic digest of the secret data, and follows
+	// the form "<algorithm>:<digest>": for example "sha256:DEADBEEF...".  It
+	// is calculated from the data contained in `Secret.Spec.data`.
+	Digest string `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"`
+	// Size represents the size (number of bytes) of the secret data, and is
+	// calculated from the data contained in `Secret.Spec.data`..
+	SecretSize uint32 `protobuf:"varint,5,opt,name=size,proto3" json:"size,omitempty"`
+	// Whether the secret is an internal secret (not set by a user) or not.
+	Internal bool `protobuf:"varint,6,opt,name=internal,proto3" json:"internal,omitempty"`
+}
+
+func (m *Secret) Reset()                    { *m = Secret{} }
+func (*Secret) ProtoMessage()               {}
+func (*Secret) Descriptor() ([]byte, []int) { return fileDescriptorObjects, []int{8} }
+
 func init() {
 	proto.RegisterType((*Meta)(nil), "docker.swarmkit.v1.Meta")
 	proto.RegisterType((*Node)(nil), "docker.swarmkit.v1.Node")
@@ -243,6 +268,7 @@ func init() {
 	proto.RegisterType((*NetworkAttachment)(nil), "docker.swarmkit.v1.NetworkAttachment")
 	proto.RegisterType((*Network)(nil), "docker.swarmkit.v1.Network")
 	proto.RegisterType((*Cluster)(nil), "docker.swarmkit.v1.Cluster")
+	proto.RegisterType((*Secret)(nil), "docker.swarmkit.v1.Secret")
 }
 
 func (m *Meta) Copy() *Meta {
@@ -429,6 +455,23 @@ func (m *Cluster) Copy() *Cluster {
 	return o
 }
 
+func (m *Secret) Copy() *Secret {
+	if m == nil {
+		return nil
+	}
+
+	o := &Secret{
+		ID:         m.ID,
+		Meta:       *m.Meta.Copy(),
+		Spec:       *m.Spec.Copy(),
+		Digest:     m.Digest,
+		SecretSize: m.SecretSize,
+		Internal:   m.Internal,
+	}
+
+	return o
+}
+
 func (this *Meta) GoString() string {
 	if this == nil {
 		return "nil"
@@ -595,6 +638,21 @@ func (this *Cluster) GoString() string {
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
+func (this *Secret) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 10)
+	s = append(s, "&api.Secret{")
+	s = append(s, "ID: "+fmt.Sprintf("%#v", this.ID)+",\n")
+	s = append(s, "Meta: "+strings.Replace(this.Meta.GoString(), `&`, ``, 1)+",\n")
+	s = append(s, "Spec: "+strings.Replace(this.Spec.GoString(), `&`, ``, 1)+",\n")
+	s = append(s, "Digest: "+fmt.Sprintf("%#v", this.Digest)+",\n")
+	s = append(s, "SecretSize: "+fmt.Sprintf("%#v", this.SecretSize)+",\n")
+	s = append(s, "Internal: "+fmt.Sprintf("%#v", this.Internal)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
 func valueToGoStringObjects(v interface{}, typ string) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -1206,6 +1264,67 @@ func (m *Cluster) MarshalTo(data []byte) (int, error) {
 	return i, nil
 }
 
+func (m *Secret) Marshal() (data []byte, err error) {
+	size := m.Size()
+	data = make([]byte, size)
+	n, err := m.MarshalTo(data)
+	if err != nil {
+		return nil, err
+	}
+	return data[:n], nil
+}
+
+func (m *Secret) MarshalTo(data []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.ID) > 0 {
+		data[i] = 0xa
+		i++
+		i = encodeVarintObjects(data, i, uint64(len(m.ID)))
+		i += copy(data[i:], m.ID)
+	}
+	data[i] = 0x12
+	i++
+	i = encodeVarintObjects(data, i, uint64(m.Meta.Size()))
+	n32, err := m.Meta.MarshalTo(data[i:])
+	if err != nil {
+		return 0, err
+	}
+	i += n32
+	data[i] = 0x1a
+	i++
+	i = encodeVarintObjects(data, i, uint64(m.Spec.Size()))
+	n33, err := m.Spec.MarshalTo(data[i:])
+	if err != nil {
+		return 0, err
+	}
+	i += n33
+	if len(m.Digest) > 0 {
+		data[i] = 0x22
+		i++
+		i = encodeVarintObjects(data, i, uint64(len(m.Digest)))
+		i += copy(data[i:], m.Digest)
+	}
+	if m.SecretSize != 0 {
+		data[i] = 0x28
+		i++
+		i = encodeVarintObjects(data, i, uint64(m.SecretSize))
+	}
+	if m.Internal {
+		data[i] = 0x30
+		i++
+		if m.Internal {
+			data[i] = 1
+		} else {
+			data[i] = 0
+		}
+		i++
+	}
+	return i, nil
+}
+
 func encodeFixed64Objects(data []byte, offset int, v uint64) int {
 	data[offset] = uint8(v)
 	data[offset+1] = uint8(v >> 8)
@@ -1459,6 +1578,30 @@ func (m *Cluster) Size() (n int) {
 	return n
 }
 
+func (m *Secret) Size() (n int) {
+	var l int
+	_ = l
+	l = len(m.ID)
+	if l > 0 {
+		n += 1 + l + sovObjects(uint64(l))
+	}
+	l = m.Meta.Size()
+	n += 1 + l + sovObjects(uint64(l))
+	l = m.Spec.Size()
+	n += 1 + l + sovObjects(uint64(l))
+	l = len(m.Digest)
+	if l > 0 {
+		n += 1 + l + sovObjects(uint64(l))
+	}
+	if m.SecretSize != 0 {
+		n += 1 + sovObjects(uint64(m.SecretSize))
+	}
+	if m.Internal {
+		n += 2
+	}
+	return n
+}
+
 func sovObjects(x uint64) (n int) {
 	for {
 		n++
@@ -1602,6 +1745,21 @@ func (this *Cluster) String() string {
 	}, "")
 	return s
 }
+func (this *Secret) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Secret{`,
+		`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
+		`Meta:` + strings.Replace(strings.Replace(this.Meta.String(), "Meta", "Meta", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "SecretSpec", "SecretSpec", 1), `&`, ``, 1) + `,`,
+		`Digest:` + fmt.Sprintf("%v", this.Digest) + `,`,
+		`SecretSize:` + fmt.Sprintf("%v", this.SecretSize) + `,`,
+		`Internal:` + fmt.Sprintf("%v", this.Internal) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringObjects(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -3532,6 +3690,213 @@ func (m *Cluster) Unmarshal(data []byte) error {
 	}
 	return nil
 }
+func (m *Secret) Unmarshal(data []byte) error {
+	l := len(data)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowObjects
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := data[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Secret: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Secret: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ID = string(data[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Meta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Meta.Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Spec.Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthObjects
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Digest = string(data[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 5:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretSize", wireType)
+			}
+			m.SecretSize = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				m.SecretSize |= (uint32(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 6:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Internal", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowObjects
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				v |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Internal = bool(v != 0)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipObjects(data[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthObjects
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipObjects(data []byte) (n int, err error) {
 	l := len(data)
 	iNdEx := 0
@@ -3640,70 +4005,74 @@ var (
 func init() { proto.RegisterFile("objects.proto", fileDescriptorObjects) }
 
 var fileDescriptorObjects = []byte{
-	// 1029 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xbc, 0x56, 0x4d, 0x6f, 0x1b, 0x45,
-	0x18, 0xce, 0xda, 0x1b, 0xdb, 0xfb, 0x3a, 0x8e, 0xc4, 0x50, 0x55, 0xdb, 0x10, 0xec, 0xe0, 0x0a,
-	0xd4, 0x43, 0xe5, 0x8a, 0x52, 0x10, 0x15, 0xad, 0x90, 0xbf, 0x04, 0x56, 0x09, 0x44, 0xd3, 0x92,
-	0x1e, 0x57, 0x93, 0xdd, 0xa9, 0x59, 0x6c, 0xef, 0xac, 0x66, 0xc6, 0xae, 0x7c, 0x43, 0xfc, 0x00,
-	0x7e, 0x02, 0x7f, 0x85, 0x6b, 0x0e, 0x1c, 0xb8, 0xc1, 0xc9, 0x22, 0xbe, 0x71, 0x82, 0x9f, 0x80,
-	0x66, 0x76, 0xd6, 0xde, 0xc8, 0xeb, 0x90, 0x4a, 0x28, 0xb7, 0x99, 0x9d, 0xe7, 0x79, 0xde, 0xcf,
-	0x79, 0x77, 0xa0, 0xc6, 0xce, 0xbe, 0xa7, 0xbe, 0x14, 0xad, 0x98, 0x33, 0xc9, 0x10, 0x0a, 0x98,
-	0x3f, 0xa2, 0xbc, 0x25, 0x5e, 0x13, 0x3e, 0x19, 0x85, 0xb2, 0x35, 0xfb, 0xf0, 0xa0, 0x2a, 0xe7,
-	0x31, 0x35, 0x80, 0x83, 0xaa, 0x88, 0xa9, 0x9f, 0x6e, 0xee, 0xc8, 0x70, 0x42, 0x85, 0x24, 0x93,
-	0xf8, 0xc1, 0x6a, 0x65, 0x8e, 0x6e, 0x0d, 0xd9, 0x90, 0xe9, 0xe5, 0x03, 0xb5, 0x4a, 0xbe, 0x36,
-	0x7f, 0xb1, 0xc0, 0x3e, 0xa6, 0x92, 0xa0, 0xcf, 0xa0, 0x3c, 0xa3, 0x5c, 0x84, 0x2c, 0x72, 0xad,
-	0x23, 0xeb, 0x5e, 0xf5, 0xe1, 0x3b, 0xad, 0x4d, 0xcb, 0xad, 0xd3, 0x04, 0xd2, 0xb1, 0xcf, 0x17,
-	0x8d, 0x1d, 0x9c, 0x32, 0xd0, 0x13, 0x00, 0x9f, 0x53, 0x22, 0x69, 0xe0, 0x11, 0xe9, 0x16, 0x34,
-	0xff, 0xdd, 0x3c, 0xfe, 0x8b, 0xd4, 0x29, 0xec, 0x18, 0x42, 0x5b, 0x2a, 0xf6, 0x34, 0x0e, 0x52,
-	0x76, 0xf1, 0x5a, 0x6c, 0x43, 0x68, 0xcb, 0xe6, 0x5f, 0x45, 0xb0, 0xbf, 0x66, 0x01, 0x45, 0xb7,
-	0xa1, 0x10, 0x06, 0xda, 0x79, 0xa7, 0x53, 0x5a, 0x2e, 0x1a, 0x85, 0x41, 0x0f, 0x17, 0xc2, 0x00,
-	0x3d, 0x04, 0x7b, 0x42, 0x25, 0x31, 0x6e, 0xb9, 0x79, 0xc2, 0x2a, 0x03, 0x26, 0x26, 0x8d, 0x45,
-	0x9f, 0x80, 0xad, 0xd2, 0x6a, 0x9c, 0x39, 0xcc, 0xe3, 0x28, 0x9b, 0xcf, 0x63, 0xea, 0xa7, 0x3c,
-	0x85, 0x47, 0x7d, 0xa8, 0x06, 0x54, 0xf8, 0x3c, 0x8c, 0xa5, 0xca, 0xa4, 0xad, 0xe9, 0x77, 0xb7,
-	0xd1, 0x7b, 0x6b, 0x28, 0xce, 0xf2, 0xd0, 0x13, 0x28, 0x09, 0x49, 0xe4, 0x54, 0xb8, 0xbb, 0x5a,
-	0xa1, 0xbe, 0xd5, 0x01, 0x8d, 0x32, 0x2e, 0x18, 0x0e, 0xfa, 0x12, 0xf6, 0x27, 0x24, 0x22, 0x43,
-	0xca, 0x3d, 0xa3, 0x52, 0xd2, 0x2a, 0xef, 0xe5, 0x86, 0x9e, 0x20, 0x13, 0x21, 0x5c, 0x9b, 0x64,
-	0xb7, 0xa8, 0x0f, 0x40, 0xa4, 0x24, 0xfe, 0x77, 0x13, 0x1a, 0x49, 0xb7, 0xac, 0x55, 0xde, 0xcf,
-	0xf5, 0x85, 0xca, 0xd7, 0x8c, 0x8f, 0xda, 0x2b, 0x30, 0xce, 0x10, 0xd1, 0x17, 0x50, 0xf5, 0x29,
-	0x97, 0xe1, 0xab, 0xd0, 0x27, 0x92, 0xba, 0x15, 0xad, 0xd3, 0xc8, 0xd3, 0xe9, 0xae, 0x61, 0x26,
-	0xa8, 0x2c, 0xb3, 0xf9, 0x7b, 0x01, 0xca, 0xcf, 0x29, 0x9f, 0x85, 0xfe, 0xff, 0x5b, 0xee, 0xc7,
-	0x97, 0xca, 0x9d, 0xeb, 0x99, 0x31, 0xbb, 0x51, 0xf1, 0x4f, 0xa1, 0x42, 0xa3, 0x20, 0x66, 0x61,
-	0x24, 0x4d, 0xb9, 0x73, 0xbb, 0xa5, 0x6f, 0x30, 0x78, 0x85, 0x46, 0x7d, 0xa8, 0x25, 0x5d, 0xec,
-	0x5d, 0xaa, 0xf5, 0x51, 0x1e, 0xfd, 0x5b, 0x0d, 0x34, 0x45, 0xda, 0x9b, 0x66, 0x76, 0xa8, 0x07,
-	0xb5, 0x98, 0xd3, 0x59, 0xc8, 0xa6, 0xc2, 0xd3, 0x41, 0x94, 0xae, 0x15, 0x04, 0xde, 0x4b, 0x59,
-	0x6a, 0xd7, 0xfc, 0xb9, 0x00, 0x95, 0xd4, 0x47, 0xf4, 0xc8, 0xa4, 0xc3, 0xda, 0xee, 0x50, 0x8a,
-	0xd5, 0x52, 0x49, 0x26, 0x1e, 0xc1, 0x6e, 0xcc, 0xb8, 0x14, 0x6e, 0xe1, 0xa8, 0xb8, 0xad, 0x67,
-	0x4f, 0x18, 0x97, 0x5d, 0x16, 0xbd, 0x0a, 0x87, 0x38, 0x01, 0xa3, 0x97, 0x50, 0x9d, 0x85, 0x5c,
-	0x4e, 0xc9, 0xd8, 0x0b, 0x63, 0xe1, 0x16, 0x35, 0xf7, 0x83, 0xab, 0x4c, 0xb6, 0x4e, 0x13, 0xfc,
-	0xe0, 0xa4, 0xb3, 0xbf, 0x5c, 0x34, 0x60, 0xb5, 0x15, 0x18, 0x8c, 0xd4, 0x20, 0x16, 0x07, 0xc7,
-	0xe0, 0xac, 0x4e, 0xd0, 0x7d, 0x80, 0x28, 0x69, 0x51, 0x6f, 0xd5, 0x34, 0xb5, 0xe5, 0xa2, 0xe1,
-	0x98, 0xc6, 0x1d, 0xf4, 0xb0, 0x63, 0x00, 0x83, 0x00, 0x21, 0xb0, 0x49, 0x10, 0x70, 0xdd, 0x42,
-	0x0e, 0xd6, 0xeb, 0xe6, 0xaf, 0xbb, 0x60, 0xbf, 0x20, 0x62, 0x74, 0xd3, 0x63, 0x46, 0xd9, 0xdc,
-	0x68, 0xba, 0xfb, 0x00, 0x22, 0x29, 0xa5, 0x0a, 0xc7, 0x5e, 0x87, 0x63, 0x0a, 0xac, 0xc2, 0x31,
-	0x80, 0x24, 0x1c, 0x31, 0x66, 0x52, 0xf7, 0x97, 0x8d, 0xf5, 0x1a, 0xdd, 0x85, 0x72, 0xc4, 0x02,
-	0x4d, 0x2f, 0x69, 0x3a, 0x2c, 0x17, 0x8d, 0x92, 0x1a, 0x29, 0x83, 0x1e, 0x2e, 0xa9, 0xa3, 0x41,
-	0xa0, 0xee, 0x2d, 0x89, 0x22, 0x26, 0x89, 0x1a, 0x4a, 0xc2, 0xdc, 0xff, 0xdc, 0xc6, 0x6a, 0xaf,
-	0x61, 0xe9, 0xbd, 0xcd, 0x30, 0xd1, 0x29, 0xbc, 0x9d, 0xfa, 0x9b, 0x15, 0xac, 0xbc, 0x89, 0x20,
-	0x32, 0x0a, 0x99, 0x93, 0xcc, 0x9c, 0x74, 0xb6, 0xcf, 0x49, 0x9d, 0xc1, 0xbc, 0x39, 0xd9, 0x81,
-	0x5a, 0x40, 0x45, 0xc8, 0x69, 0xa0, 0x6f, 0x20, 0x75, 0xe1, 0xc8, 0xba, 0xb7, 0xbf, 0xe5, 0xd7,
-	0x63, 0x44, 0x28, 0xde, 0x33, 0x1c, 0xbd, 0x43, 0x6d, 0xa8, 0x98, 0xbe, 0x11, 0x6e, 0x55, 0xf7,
-	0xee, 0x35, 0xe7, 0xe3, 0x8a, 0x76, 0x69, 0x82, 0xec, 0xbd, 0xd1, 0x04, 0x79, 0x0c, 0x30, 0x66,
-	0x43, 0x2f, 0xe0, 0xe1, 0x8c, 0x72, 0xb7, 0xa6, 0xb9, 0x07, 0x79, 0xdc, 0x9e, 0x46, 0x60, 0x67,
-	0xcc, 0x86, 0xc9, 0xb2, 0xf9, 0xa3, 0x05, 0x6f, 0x6d, 0x38, 0x85, 0x3e, 0x86, 0xb2, 0x71, 0xeb,
-	0xaa, 0x47, 0x80, 0xe1, 0xe1, 0x14, 0x8b, 0x0e, 0xc1, 0x51, 0x77, 0x84, 0x0a, 0x41, 0x93, 0xdb,
-	0xef, 0xe0, 0xf5, 0x07, 0xe4, 0x42, 0x99, 0x8c, 0x43, 0xa2, 0xce, 0x8a, 0xfa, 0x2c, 0xdd, 0x36,
-	0x7f, 0x2a, 0x40, 0xd9, 0x88, 0xdd, 0xf4, 0x38, 0x37, 0x66, 0x37, 0x6e, 0xd6, 0x53, 0xd8, 0x4b,
-	0xd2, 0x69, 0x5a, 0xc2, 0xfe, 0xcf, 0xa4, 0x56, 0x13, 0x7c, 0xd2, 0x0e, 0x4f, 0xc1, 0x0e, 0x63,
-	0x32, 0x31, 0xa3, 0x3c, 0xd7, 0xf2, 0xe0, 0xa4, 0x7d, 0xfc, 0x4d, 0x9c, 0x74, 0x76, 0x65, 0xb9,
-	0x68, 0xd8, 0xea, 0x03, 0xd6, 0xb4, 0xe6, 0xdf, 0x05, 0x28, 0x77, 0xc7, 0x53, 0x21, 0x29, 0xbf,
-	0xe9, 0x84, 0x18, 0xb3, 0x1b, 0x09, 0xe9, 0x42, 0x99, 0x33, 0x26, 0x3d, 0x9f, 0x5c, 0x95, 0x0b,
-	0xcc, 0x98, 0xec, 0xb6, 0x3b, 0xfb, 0x8a, 0xa8, 0x06, 0x49, 0xb2, 0xc7, 0x25, 0x45, 0xed, 0x12,
-	0xf4, 0x12, 0x6e, 0xa7, 0xe3, 0xf7, 0x8c, 0x31, 0x29, 0x24, 0x27, 0xb1, 0x37, 0xa2, 0x73, 0xf5,
-	0xcf, 0x2b, 0x6e, 0x7b, 0x99, 0xf4, 0x23, 0x9f, 0xcf, 0x75, 0xa2, 0x9e, 0xd1, 0x39, 0xbe, 0x65,
-	0x04, 0x3a, 0x29, 0xff, 0x19, 0x9d, 0x0b, 0xf4, 0x39, 0x1c, 0xd2, 0x15, 0x4c, 0x29, 0x7a, 0x63,
-	0x32, 0x51, 0x3f, 0x16, 0xcf, 0x1f, 0x33, 0x7f, 0xa4, 0x67, 0x9b, 0x8d, 0xef, 0xd0, 0xac, 0xd4,
-	0x57, 0x09, 0xa2, 0xab, 0x00, 0x9d, 0xc3, 0xf3, 0x8b, 0xfa, 0xce, 0x1f, 0x17, 0xf5, 0x9d, 0x7f,
-	0x2e, 0xea, 0xd6, 0x0f, 0xcb, 0xba, 0x75, 0xbe, 0xac, 0x5b, 0xbf, 0x2d, 0xeb, 0xd6, 0x9f, 0xcb,
-	0xba, 0x75, 0x56, 0xd2, 0x8f, 0xe4, 0x8f, 0xfe, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x6a, 0xb2, 0x97,
-	0xcc, 0x94, 0x0b, 0x00, 0x00,
+	// 1101 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xbc, 0x57, 0x4f, 0x6f, 0x1b, 0xc5,
+	0x1b, 0xee, 0xda, 0x5b, 0xdb, 0xfb, 0x3a, 0x8e, 0xf4, 0x9b, 0x5f, 0x15, 0x6d, 0x43, 0xb0, 0x83,
+	0x2b, 0x50, 0x0f, 0x95, 0x2b, 0x4a, 0x41, 0xad, 0x68, 0x85, 0xfc, 0x27, 0x02, 0xab, 0x04, 0xa2,
+	0x49, 0x49, 0x8f, 0xab, 0xc9, 0xee, 0xd4, 0x0c, 0xb6, 0x77, 0x56, 0x33, 0x63, 0x57, 0xe9, 0x09,
+	0xf1, 0x01, 0xf8, 0x08, 0x7c, 0x15, 0xae, 0x39, 0x70, 0xe0, 0x06, 0x27, 0x8b, 0xf8, 0x80, 0xc4,
+	0x09, 0x3e, 0x02, 0x9a, 0xd9, 0x59, 0xc7, 0x91, 0xd7, 0x21, 0x95, 0xaa, 0xdc, 0xe6, 0xf5, 0x3c,
+	0xcf, 0xf3, 0xfe, 0x99, 0x77, 0xde, 0x59, 0x43, 0x8d, 0x1f, 0x7f, 0x47, 0x43, 0x25, 0x5b, 0x89,
+	0xe0, 0x8a, 0x23, 0x14, 0xf1, 0x70, 0x48, 0x45, 0x4b, 0xbe, 0x22, 0x62, 0x3c, 0x64, 0xaa, 0x35,
+	0xfd, 0x70, 0xbb, 0xaa, 0x4e, 0x12, 0x6a, 0x01, 0xdb, 0x55, 0x99, 0xd0, 0x30, 0x33, 0x6e, 0x2b,
+	0x36, 0xa6, 0x52, 0x91, 0x71, 0x72, 0x7f, 0xb1, 0xb2, 0x5b, 0xb7, 0x06, 0x7c, 0xc0, 0xcd, 0xf2,
+	0xbe, 0x5e, 0xa5, 0xbf, 0x36, 0x7f, 0x76, 0xc0, 0xdd, 0xa7, 0x8a, 0xa0, 0x4f, 0xa1, 0x3c, 0xa5,
+	0x42, 0x32, 0x1e, 0xfb, 0xce, 0xae, 0x73, 0xb7, 0xfa, 0xe0, 0x9d, 0xd6, 0xaa, 0xe7, 0xd6, 0x51,
+	0x0a, 0xe9, 0xb8, 0xa7, 0xb3, 0xc6, 0x0d, 0x9c, 0x31, 0xd0, 0x13, 0x80, 0x50, 0x50, 0xa2, 0x68,
+	0x14, 0x10, 0xe5, 0x17, 0x0c, 0xff, 0xdd, 0x3c, 0xfe, 0xf3, 0x2c, 0x28, 0xec, 0x59, 0x42, 0x5b,
+	0x69, 0xf6, 0x24, 0x89, 0x32, 0x76, 0xf1, 0x4a, 0x6c, 0x4b, 0x68, 0xab, 0xe6, 0x5f, 0x45, 0x70,
+	0xbf, 0xe2, 0x11, 0x45, 0x5b, 0x50, 0x60, 0x91, 0x09, 0xde, 0xeb, 0x94, 0xe6, 0xb3, 0x46, 0xa1,
+	0xdf, 0xc3, 0x05, 0x16, 0xa1, 0x07, 0xe0, 0x8e, 0xa9, 0x22, 0x36, 0x2c, 0x3f, 0x4f, 0x58, 0x57,
+	0xc0, 0xe6, 0x64, 0xb0, 0xe8, 0x13, 0x70, 0x75, 0x59, 0x6d, 0x30, 0x3b, 0x79, 0x1c, 0xed, 0xf3,
+	0x30, 0xa1, 0x61, 0xc6, 0xd3, 0x78, 0xb4, 0x07, 0xd5, 0x88, 0xca, 0x50, 0xb0, 0x44, 0xe9, 0x4a,
+	0xba, 0x86, 0x7e, 0x67, 0x1d, 0xbd, 0x77, 0x0e, 0xc5, 0xcb, 0x3c, 0xf4, 0x04, 0x4a, 0x52, 0x11,
+	0x35, 0x91, 0xfe, 0x4d, 0xa3, 0x50, 0x5f, 0x1b, 0x80, 0x41, 0xd9, 0x10, 0x2c, 0x07, 0x7d, 0x01,
+	0x9b, 0x63, 0x12, 0x93, 0x01, 0x15, 0x81, 0x55, 0x29, 0x19, 0x95, 0xf7, 0x72, 0x53, 0x4f, 0x91,
+	0xa9, 0x10, 0xae, 0x8d, 0x97, 0x4d, 0xb4, 0x07, 0x40, 0x94, 0x22, 0xe1, 0xb7, 0x63, 0x1a, 0x2b,
+	0xbf, 0x6c, 0x54, 0xde, 0xcf, 0x8d, 0x85, 0xaa, 0x57, 0x5c, 0x0c, 0xdb, 0x0b, 0x30, 0x5e, 0x22,
+	0xa2, 0xcf, 0xa1, 0x1a, 0x52, 0xa1, 0xd8, 0x4b, 0x16, 0x12, 0x45, 0xfd, 0x8a, 0xd1, 0x69, 0xe4,
+	0xe9, 0x74, 0xcf, 0x61, 0x36, 0xa9, 0x65, 0x66, 0xf3, 0xb7, 0x02, 0x94, 0x0f, 0xa9, 0x98, 0xb2,
+	0xf0, 0xed, 0x1e, 0xf7, 0xe3, 0x0b, 0xc7, 0x9d, 0x1b, 0x99, 0x75, 0xbb, 0x72, 0xe2, 0x8f, 0xa0,
+	0x42, 0xe3, 0x28, 0xe1, 0x2c, 0x56, 0xf6, 0xb8, 0x73, 0xbb, 0x65, 0xcf, 0x62, 0xf0, 0x02, 0x8d,
+	0xf6, 0xa0, 0x96, 0x76, 0x71, 0x70, 0xe1, 0xac, 0x77, 0xf3, 0xe8, 0xdf, 0x18, 0xa0, 0x3d, 0xa4,
+	0x8d, 0xc9, 0x92, 0x85, 0x7a, 0x50, 0x4b, 0x04, 0x9d, 0x32, 0x3e, 0x91, 0x81, 0x49, 0xa2, 0x74,
+	0xa5, 0x24, 0xf0, 0x46, 0xc6, 0xd2, 0x56, 0xf3, 0xa7, 0x02, 0x54, 0xb2, 0x18, 0xd1, 0x43, 0x5b,
+	0x0e, 0x67, 0x7d, 0x40, 0x19, 0xd6, 0x48, 0xa5, 0x95, 0x78, 0x08, 0x37, 0x13, 0x2e, 0x94, 0xf4,
+	0x0b, 0xbb, 0xc5, 0x75, 0x3d, 0x7b, 0xc0, 0x85, 0xea, 0xf2, 0xf8, 0x25, 0x1b, 0xe0, 0x14, 0x8c,
+	0x5e, 0x40, 0x75, 0xca, 0x84, 0x9a, 0x90, 0x51, 0xc0, 0x12, 0xe9, 0x17, 0x0d, 0xf7, 0x83, 0xcb,
+	0x5c, 0xb6, 0x8e, 0x52, 0x7c, 0xff, 0xa0, 0xb3, 0x39, 0x9f, 0x35, 0x60, 0x61, 0x4a, 0x0c, 0x56,
+	0xaa, 0x9f, 0xc8, 0xed, 0x7d, 0xf0, 0x16, 0x3b, 0xe8, 0x1e, 0x40, 0x9c, 0xb6, 0x68, 0xb0, 0x68,
+	0x9a, 0xda, 0x7c, 0xd6, 0xf0, 0x6c, 0xe3, 0xf6, 0x7b, 0xd8, 0xb3, 0x80, 0x7e, 0x84, 0x10, 0xb8,
+	0x24, 0x8a, 0x84, 0x69, 0x21, 0x0f, 0x9b, 0x75, 0xf3, 0x97, 0x9b, 0xe0, 0x3e, 0x27, 0x72, 0x78,
+	0xdd, 0x63, 0x46, 0xfb, 0x5c, 0x69, 0xba, 0x7b, 0x00, 0x32, 0x3d, 0x4a, 0x9d, 0x8e, 0x7b, 0x9e,
+	0x8e, 0x3d, 0x60, 0x9d, 0x8e, 0x05, 0xa4, 0xe9, 0xc8, 0x11, 0x57, 0xa6, 0xbf, 0x5c, 0x6c, 0xd6,
+	0xe8, 0x0e, 0x94, 0x63, 0x1e, 0x19, 0x7a, 0xc9, 0xd0, 0x61, 0x3e, 0x6b, 0x94, 0xf4, 0x48, 0xe9,
+	0xf7, 0x70, 0x49, 0x6f, 0xf5, 0x23, 0x7d, 0x6f, 0x49, 0x1c, 0x73, 0x45, 0xf4, 0x50, 0x92, 0xf6,
+	0xfe, 0xe7, 0x36, 0x56, 0xfb, 0x1c, 0x96, 0xdd, 0xdb, 0x25, 0x26, 0x3a, 0x82, 0xff, 0x67, 0xf1,
+	0x2e, 0x0b, 0x56, 0xde, 0x44, 0x10, 0x59, 0x85, 0xa5, 0x9d, 0xa5, 0x39, 0xe9, 0xad, 0x9f, 0x93,
+	0xa6, 0x82, 0x79, 0x73, 0xb2, 0x03, 0xb5, 0x88, 0x4a, 0x26, 0x68, 0x64, 0x6e, 0x20, 0xf5, 0x61,
+	0xd7, 0xb9, 0xbb, 0xb9, 0xe6, 0xe9, 0xb1, 0x22, 0x14, 0x6f, 0x58, 0x8e, 0xb1, 0x50, 0x1b, 0x2a,
+	0xb6, 0x6f, 0xa4, 0x5f, 0x35, 0xbd, 0x7b, 0xc5, 0xf9, 0xb8, 0xa0, 0x5d, 0x98, 0x20, 0x1b, 0x6f,
+	0x34, 0x41, 0x1e, 0x03, 0x8c, 0xf8, 0x20, 0x88, 0x04, 0x9b, 0x52, 0xe1, 0xd7, 0x0c, 0x77, 0x3b,
+	0x8f, 0xdb, 0x33, 0x08, 0xec, 0x8d, 0xf8, 0x20, 0x5d, 0x36, 0x7f, 0x70, 0xe0, 0x7f, 0x2b, 0x41,
+	0xa1, 0x8f, 0xa1, 0x6c, 0xc3, 0xba, 0xec, 0x23, 0xc0, 0xf2, 0x70, 0x86, 0x45, 0x3b, 0xe0, 0xe9,
+	0x3b, 0x42, 0xa5, 0xa4, 0xe9, 0xed, 0xf7, 0xf0, 0xf9, 0x0f, 0xc8, 0x87, 0x32, 0x19, 0x31, 0xa2,
+	0xf7, 0x8a, 0x66, 0x2f, 0x33, 0x9b, 0x3f, 0x16, 0xa0, 0x6c, 0xc5, 0xae, 0x7b, 0x9c, 0x5b, 0xb7,
+	0x2b, 0x37, 0xeb, 0x29, 0x6c, 0xa4, 0xe5, 0xb4, 0x2d, 0xe1, 0xfe, 0x67, 0x51, 0xab, 0x29, 0x3e,
+	0x6d, 0x87, 0xa7, 0xe0, 0xb2, 0x84, 0x8c, 0xed, 0x28, 0xcf, 0xf5, 0xdc, 0x3f, 0x68, 0xef, 0x7f,
+	0x9d, 0xa4, 0x9d, 0x5d, 0x99, 0xcf, 0x1a, 0xae, 0xfe, 0x01, 0x1b, 0x5a, 0xf3, 0xef, 0x02, 0x94,
+	0xbb, 0xa3, 0x89, 0x54, 0x54, 0x5c, 0x77, 0x41, 0xac, 0xdb, 0x95, 0x82, 0x74, 0xa1, 0x2c, 0x38,
+	0x57, 0x41, 0x48, 0x2e, 0xab, 0x05, 0xe6, 0x5c, 0x75, 0xdb, 0x9d, 0x4d, 0x4d, 0xd4, 0x83, 0x24,
+	0xb5, 0x71, 0x49, 0x53, 0xbb, 0x04, 0xbd, 0x80, 0xad, 0x6c, 0xfc, 0x1e, 0x73, 0xae, 0xa4, 0x12,
+	0x24, 0x09, 0x86, 0xf4, 0x44, 0xbf, 0x79, 0xc5, 0x75, 0x5f, 0x26, 0x7b, 0x71, 0x28, 0x4e, 0x4c,
+	0xa1, 0x9e, 0xd1, 0x13, 0x7c, 0xcb, 0x0a, 0x74, 0x32, 0xfe, 0x33, 0x7a, 0x22, 0xd1, 0x67, 0xb0,
+	0x43, 0x17, 0x30, 0xad, 0x18, 0x8c, 0xc8, 0x58, 0x3f, 0x2c, 0x41, 0x38, 0xe2, 0xe1, 0xd0, 0xcc,
+	0x36, 0x17, 0xdf, 0xa6, 0xcb, 0x52, 0x5f, 0xa6, 0x88, 0xae, 0x06, 0x34, 0xff, 0x74, 0xa0, 0x74,
+	0x48, 0x43, 0x41, 0xd5, 0x5b, 0x2d, 0xf8, 0xa3, 0x0b, 0x05, 0xaf, 0xe7, 0xbf, 0xc5, 0xda, 0xeb,
+	0x4a, 0xbd, 0xb7, 0xa0, 0x14, 0xb1, 0x01, 0x95, 0xe9, 0xd7, 0x84, 0x87, 0xad, 0x85, 0x9a, 0xe0,
+	0x4a, 0xf6, 0x9a, 0x9a, 0xce, 0xaa, 0xa5, 0x0f, 0x9f, 0x55, 0x60, 0xaf, 0x29, 0x36, 0x7b, 0x68,
+	0x1b, 0x2a, 0x2c, 0x56, 0x54, 0xc4, 0x64, 0x64, 0x32, 0xaf, 0xe0, 0x85, 0xdd, 0xd9, 0x39, 0x3d,
+	0xab, 0xdf, 0xf8, 0xfd, 0xac, 0x7e, 0xe3, 0x9f, 0xb3, 0xba, 0xf3, 0xfd, 0xbc, 0xee, 0x9c, 0xce,
+	0xeb, 0xce, 0xaf, 0xf3, 0xba, 0xf3, 0xc7, 0xbc, 0xee, 0x1c, 0x97, 0xcc, 0xbf, 0x81, 0x8f, 0xfe,
+	0x0d, 0x00, 0x00, 0xff, 0xff, 0xfd, 0x7d, 0x96, 0x72, 0x7d, 0x0c, 0x00, 0x00,
 }

vendor/src/github.com/docker/swarmkit/api/objects.proto

@@ -226,3 +226,29 @@ message Cluster {
 	// a new key is allocated on key rotation.
 	uint64 encryption_key_lamport_clock = 6;
 }
+
+// Secret represents a secret that should be passed to a container or a node,
+// and is immutable. It wraps the `spec` provided by the user with useful
+// information that is generated from the secret data in the `spec`, such as
+// the digest and size of the secret data.
+message Secret {
+	string id = 1 [(gogoproto.customname) = "ID"];
+
+	Meta meta = 2 [(gogoproto.nullable) = false];
+
+	// Spec contains the actual secret data, as well as any context around the
+	// secret data that the user provides.
+	SecretSpec spec = 3  [(gogoproto.nullable) = false];
+
+	// Digest represents the cryptographic digest of the secret data, and follows
+	// the form "<algorithm>:<digest>": for example "sha256:DEADBEEF...".  It
+	// is calculated from the data contained in `Secret.Spec.data`.
+	string digest = 4;
+
+	// Size represents the size (number of bytes) of the secret data, and is
+	// calculated from the data contained in `Secret.Spec.data`..
+	uint32 size = 5 [(gogoproto.customname) = "SecretSize"];
+
+	// Whether the secret is an internal secret (not set by a user) or not.
+	bool internal = 6;
+}

vendor/src/github.com/docker/swarmkit/api/raft.pb.go

@@ -173,6 +173,7 @@ type StoreAction struct {
 	//	*StoreAction_Task
 	//	*StoreAction_Network
 	//	*StoreAction_Cluster
+	//	*StoreAction_Secret
 	Target isStoreAction_Target `protobuf_oneof:"target"`
 }
 
@@ -201,12 +202,16 @@ type StoreAction_Network struct {
 type StoreAction_Cluster struct {
 	Cluster *Cluster `protobuf:"bytes,6,opt,name=cluster,oneof"`
 }
+type StoreAction_Secret struct {
+	Secret *Secret `protobuf:"bytes,7,opt,name=secret,oneof"`
+}
 
 func (*StoreAction_Node) isStoreAction_Target()    {}
 func (*StoreAction_Service) isStoreAction_Target() {}
 func (*StoreAction_Task) isStoreAction_Target()    {}
 func (*StoreAction_Network) isStoreAction_Target() {}
 func (*StoreAction_Cluster) isStoreAction_Target() {}
+func (*StoreAction_Secret) isStoreAction_Target()  {}
 
 func (m *StoreAction) GetTarget() isStoreAction_Target {
 	if m != nil {
@@ -250,6 +255,13 @@ func (m *StoreAction) GetCluster() *Cluster {
 	return nil
 }
 
+func (m *StoreAction) GetSecret() *Secret {
+	if x, ok := m.GetTarget().(*StoreAction_Secret); ok {
+		return x.Secret
+	}
+	return nil
+}
+
 // XXX_OneofFuncs is for the internal use of the proto package.
 func (*StoreAction) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
 	return _StoreAction_OneofMarshaler, _StoreAction_OneofUnmarshaler, _StoreAction_OneofSizer, []interface{}{
@@ -258,6 +270,7 @@ func (*StoreAction) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) e
 		(*StoreAction_Task)(nil),
 		(*StoreAction_Network)(nil),
 		(*StoreAction_Cluster)(nil),
+		(*StoreAction_Secret)(nil),
 	}
 }
 
@@ -290,6 +303,11 @@ func _StoreAction_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
 		if err := b.EncodeMessage(x.Cluster); err != nil {
 			return err
 		}
+	case *StoreAction_Secret:
+		_ = b.EncodeVarint(7<<3 | proto.WireBytes)
+		if err := b.EncodeMessage(x.Secret); err != nil {
+			return err
+		}
 	case nil:
 	default:
 		return fmt.Errorf("StoreAction.Target has unexpected type %T", x)
@@ -340,6 +358,14 @@ func _StoreAction_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Bu
 		err := b.DecodeMessage(msg)
 		m.Target = &StoreAction_Cluster{msg}
 		return true, err
+	case 7: // target.secret
+		if wire != proto.WireBytes {
+			return true, proto.ErrInternalBadWireType
+		}
+		msg := new(Secret)
+		err := b.DecodeMessage(msg)
+		m.Target = &StoreAction_Secret{msg}
+		return true, err
 	default:
 		return false, nil
 	}
@@ -374,6 +400,11 @@ func _StoreAction_OneofSizer(msg proto.Message) (n int) {
 		n += proto.SizeVarint(6<<3 | proto.WireBytes)
 		n += proto.SizeVarint(uint64(s))
 		n += s
+	case *StoreAction_Secret:
+		s := proto.Size(x.Secret)
+		n += proto.SizeVarint(7<<3 | proto.WireBytes)
+		n += proto.SizeVarint(uint64(s))
+		n += s
 	case nil:
 	default:
 		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
@@ -619,6 +650,12 @@ func (m *StoreAction) Copy() *StoreAction {
 			Cluster: m.GetCluster().Copy(),
 		}
 
+		o.Target = i
+	case *StoreAction_Secret:
+		i := &StoreAction_Secret{
+			Secret: m.GetSecret().Copy(),
+		}
+
 		o.Target = i
 	}
 
@@ -741,7 +778,7 @@ func (this *StoreAction) GoString() string {
 	if this == nil {
 		return "nil"
 	}
-	s := make([]string, 0, 10)
+	s := make([]string, 0, 11)
 	s = append(s, "&api.StoreAction{")
 	s = append(s, "Action: "+fmt.Sprintf("%#v", this.Action)+",\n")
 	if this.Target != nil {
@@ -790,6 +827,14 @@ func (this *StoreAction_Cluster) GoString() string {
 		`Cluster:` + fmt.Sprintf("%#v", this.Cluster) + `}`}, ", ")
 	return s
 }
+func (this *StoreAction_Secret) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&api.StoreAction_Secret{` +
+		`Secret:` + fmt.Sprintf("%#v", this.Secret) + `}`}, ", ")
+	return s
+}
 func valueToGoStringRaft(v interface{}, typ string) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -1412,6 +1457,20 @@ func (m *StoreAction_Cluster) MarshalTo(data []byte) (int, error) {
 	}
 	return i, nil
 }
+func (m *StoreAction_Secret) MarshalTo(data []byte) (int, error) {
+	i := 0
+	if m.Secret != nil {
+		data[i] = 0x3a
+		i++
+		i = encodeVarintRaft(data, i, uint64(m.Secret.Size()))
+		n10, err := m.Secret.MarshalTo(data[i:])
+		if err != nil {
+			return 0, err
+		}
+		i += n10
+	}
+	return i, nil
+}
 func encodeFixed64Raft(data []byte, offset int, v uint64) int {
 	data[offset] = uint8(v)
 	data[offset+1] = uint8(v >> 8)
@@ -1868,6 +1927,15 @@ func (m *StoreAction_Cluster) Size() (n int) {
 	}
 	return n
 }
+func (m *StoreAction_Secret) Size() (n int) {
+	var l int
+	_ = l
+	if m.Secret != nil {
+		l = m.Secret.Size()
+		n += 1 + l + sovRaft(uint64(l))
+	}
+	return n
+}
 
 func sovRaft(x uint64) (n int) {
 	for {
@@ -2047,6 +2115,16 @@ func (this *StoreAction_Cluster) String() string {
 	}, "")
 	return s
 }
+func (this *StoreAction_Secret) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&StoreAction_Secret{`,
+		`Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "Secret", "Secret", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringRaft(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -3133,6 +3211,38 @@ func (m *StoreAction) Unmarshal(data []byte) error {
 			}
 			m.Target = &StoreAction_Cluster{v}
 			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowRaft
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthRaft
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			v := &Secret{}
+			if err := v.Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			m.Target = &StoreAction_Secret{v}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipRaft(data[iNdEx:])
@@ -3262,60 +3372,61 @@ var (
 func init() { proto.RegisterFile("raft.proto", fileDescriptorRaft) }
 
 var fileDescriptorRaft = []byte{
-	// 868 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x95, 0x4f, 0x73, 0xdb, 0x44,
-	0x18, 0xc6, 0xb5, 0xb2, 0xaa, 0xc0, 0xeb, 0x26, 0xce, 0x6c, 0x48, 0x70, 0x45, 0x47, 0x51, 0x55,
-	0x66, 0xea, 0x76, 0x88, 0x3c, 0x88, 0x43, 0x19, 0xe0, 0x12, 0x27, 0x9e, 0xa9, 0x69, 0xeb, 0x74,
-	0x94, 0x04, 0x7a, 0x0b, 0xb2, 0xb4, 0x71, 0x85, 0x63, 0xad, 0xd9, 0x5d, 0x3b, 0xc3, 0x85, 0xe9,
-	0x91, 0xc9, 0x95, 0x19, 0xe0, 0xd2, 0x13, 0x9c, 0xfb, 0x01, 0xf8, 0x04, 0x19, 0x4e, 0xdc, 0xe0,
-	0x14, 0x88, 0x3f, 0x00, 0xf0, 0x11, 0x98, 0xd5, 0x9f, 0x24, 0x38, 0x8a, 0xe3, 0x8b, 0x2d, 0xef,
-	0xfe, 0x9e, 0xe7, 0xd9, 0x7d, 0x57, 0xef, 0x1a, 0x80, 0xf9, 0xfb, 0xc2, 0x19, 0x30, 0x2a, 0x28,
-	0xc6, 0x21, 0x0d, 0x7a, 0x84, 0x39, 0xfc, 0xd0, 0x67, 0xfd, 0x5e, 0x24, 0x9c, 0xd1, 0xfb, 0xc6,
-	0x3c, 0xed, 0x7c, 0x49, 0x02, 0xc1, 0x53, 0xc4, 0x28, 0x8b, 0xaf, 0x07, 0x24, 0xff, 0xb1, 0xd6,
-	0x8d, 0xc4, 0x8b, 0x61, 0xc7, 0x09, 0x68, 0xbf, 0x1e, 0x50, 0x46, 0x28, 0xaf, 0x13, 0x11, 0x84,
-	0x75, 0x69, 0x99, 0x7c, 0x0c, 0x3a, 0xf5, 0x73, 0x7b, 0xe3, 0xad, 0x2e, 0xed, 0xd2, 0xe4, 0xb1,
-	0x2e, 0x9f, 0xb2, 0xd1, 0xa5, 0xc1, 0xc1, 0xb0, 0x1b, 0xc5, 0xf5, 0xf4, 0x2b, 0x1d, 0xb4, 0x5f,
-	0x23, 0x00, 0xcf, 0xdf, 0x17, 0x4f, 0x49, 0xbf, 0x43, 0x18, 0xbe, 0x0b, 0x73, 0xd2, 0x67, 0x2f,
-	0x0a, 0xab, 0xc8, 0x42, 0x35, 0xad, 0x01, 0xe3, 0x93, 0x55, 0x5d, 0x02, 0xad, 0x4d, 0x4f, 0x97,
-	0x53, 0xad, 0x50, 0x42, 0x31, 0x0d, 0x89, 0x84, 0x54, 0x0b, 0xd5, 0xde, 0x4c, 0xa1, 0x36, 0x0d,
-	0x89, 0x84, 0xe4, 0x54, 0x2b, 0xc4, 0x18, 0x34, 0x3f, 0x0c, 0x59, 0xb5, 0x24, 0x09, 0x2f, 0x79,
-	0xc6, 0x0d, 0xd0, 0xb9, 0xf0, 0xc5, 0x90, 0x57, 0x35, 0x0b, 0xd5, 0xca, 0xee, 0xbb, 0xce, 0xe5,
-	0x3a, 0x38, 0xe7, 0xab, 0xd9, 0x4e, 0xd8, 0x86, 0x76, 0x7c, 0xb2, 0xaa, 0x78, 0x99, 0xd2, 0xbe,
-	0x03, 0xe5, 0x4f, 0x69, 0x14, 0x7b, 0xe4, 0xab, 0x21, 0xe1, 0xe2, 0x2c, 0x06, 0x9d, 0xc7, 0xd8,
-	0xdf, 0x23, 0xb8, 0x99, 0x32, 0x7c, 0x40, 0x63, 0x4e, 0x66, 0xdb, 0xd5, 0x87, 0x30, 0xd7, 0x4f,
-	0x62, 0x79, 0x55, 0xb5, 0x4a, 0xb5, 0xb2, 0x6b, 0x4e, 0x5f, 0x9d, 0x97, 0xe3, 0xf8, 0x1e, 0x54,
-	0x18, 0xe9, 0xd3, 0x11, 0x09, 0xf7, 0x72, 0x87, 0x92, 0x55, 0xaa, 0x69, 0xde, 0x42, 0x36, 0x9c,
-	0x0a, 0xb8, 0xdd, 0x80, 0x9b, 0x4f, 0x88, 0x3f, 0x22, 0xf9, 0xe2, 0x5d, 0xd0, 0x64, 0xb5, 0x92,
-	0x45, 0x5d, 0x9f, 0x97, 0xb0, 0x76, 0x05, 0xe6, 0x33, 0x8f, 0x74, 0x73, 0xf6, 0x13, 0xb8, 0xf5,
-	0x8c, 0xd1, 0x80, 0x70, 0x9e, 0xb2, 0x9c, 0xfb, 0xdd, 0xb3, 0x84, 0xfb, 0x72, 0x53, 0xc9, 0x48,
-	0x16, 0x52, 0x71, 0xd2, 0xd7, 0xc5, 0xc9, 0xc1, 0x7c, 0xfe, 0x23, 0xed, 0xe5, 0x0f, 0xb6, 0x62,
-	0xdf, 0x06, 0xa3, 0xc8, 0x2d, 0xcb, 0xfa, 0x04, 0x96, 0x3d, 0xc2, 0xe9, 0xc1, 0x88, 0xac, 0x87,
-	0x21, 0x93, 0x50, 0x96, 0x33, 0x4b, 0x85, 0xed, 0xf7, 0x60, 0x65, 0x52, 0x9d, 0x1d, 0x50, 0xd1,
-	0x29, 0xee, 0xc3, 0x52, 0x2b, 0x16, 0x84, 0xc5, 0xfe, 0x81, 0xf4, 0xc9, 0x93, 0x56, 0x40, 0x3d,
-	0x0b, 0xd1, 0xc7, 0x27, 0xab, 0x6a, 0x6b, 0xd3, 0x53, 0xa3, 0x10, 0x3f, 0x04, 0xdd, 0x0f, 0x44,
-	0x44, 0xe3, 0xec, 0xf4, 0x56, 0x8b, 0xaa, 0xb9, 0x2d, 0x28, 0x23, 0xeb, 0x09, 0xe6, 0x65, 0xb8,
-	0xfd, 0xa7, 0x0a, 0xe5, 0x0b, 0xe3, 0xf8, 0xe3, 0x33, 0x23, 0x19, 0xb2, 0xe0, 0xde, 0xbd, 0xc6,
-	0xe8, 0x71, 0x14, 0x87, 0xb9, 0x19, 0x76, 0xb2, 0x13, 0x55, 0x93, 0x62, 0x57, 0x8b, 0xa4, 0xb2,
-	0x4f, 0x1e, 0x29, 0xe9, 0x69, 0xe2, 0x87, 0x30, 0xc7, 0x09, 0x1b, 0x45, 0x01, 0x49, 0x1a, 0xa5,
-	0xec, 0xbe, 0x53, 0x98, 0x96, 0x22, 0x8f, 0x14, 0x2f, 0xa7, 0x65, 0x90, 0xf0, 0x79, 0x2f, 0x6b,
-	0xa4, 0xc2, 0xa0, 0x1d, 0x9f, 0xf7, 0x64, 0x90, 0xe4, 0x64, 0x50, 0x4c, 0xc4, 0x21, 0x65, 0xbd,
-	0xea, 0x8d, 0xab, 0x83, 0xda, 0x29, 0x22, 0x83, 0x32, 0x5a, 0x0a, 0x83, 0x83, 0x21, 0x17, 0x84,
-	0x55, 0xf5, 0xab, 0x85, 0x1b, 0x29, 0x22, 0x85, 0x19, 0xdd, 0x78, 0x03, 0x74, 0xe1, 0xb3, 0x2e,
-	0x11, 0x0f, 0xfe, 0x41, 0x50, 0x99, 0x28, 0x18, 0xbe, 0x07, 0x73, 0xbb, 0xed, 0xc7, 0xed, 0xad,
-	0xcf, 0xdb, 0x8b, 0x8a, 0x61, 0x1c, 0xbd, 0xb2, 0x56, 0x26, 0x88, 0xdd, 0xb8, 0x17, 0xd3, 0xc3,
-	0x18, 0xbb, 0xb0, 0xb4, 0xbd, 0xb3, 0xe5, 0x35, 0xf7, 0xd6, 0x37, 0x76, 0x5a, 0x5b, 0xed, 0xbd,
-	0x0d, 0xaf, 0xb9, 0xbe, 0xd3, 0x5c, 0x44, 0xc6, 0xad, 0xa3, 0x57, 0xd6, 0xf2, 0x84, 0x68, 0x83,
-	0x11, 0x5f, 0x90, 0x4b, 0x9a, 0xdd, 0x67, 0x9b, 0x52, 0xa3, 0x16, 0x6a, 0x76, 0x07, 0x61, 0x91,
-	0xc6, 0x6b, 0x3e, 0xdd, 0xfa, 0xac, 0xb9, 0x58, 0x2a, 0xd4, 0x78, 0x49, 0x5f, 0x1b, 0x6f, 0x7f,
-	0xfb, 0x93, 0xa9, 0xfc, 0xf2, 0xb3, 0x39, 0xb9, 0x3b, 0xf7, 0x3b, 0x15, 0x34, 0xf9, 0xd2, 0xe2,
-	0x23, 0x04, 0xf8, 0x72, 0x3f, 0xe1, 0xb5, 0xa2, 0x1a, 0x5e, 0xd9, 0xc5, 0x86, 0x33, 0x2b, 0x9e,
-	0xb5, 0xe9, 0xf2, 0xaf, 0xaf, 0xff, 0xfe, 0x51, 0xad, 0xc0, 0x7c, 0xc2, 0xaf, 0xf5, 0xfd, 0xd8,
-	0xef, 0x12, 0x86, 0xbf, 0x81, 0x85, 0xff, 0xf7, 0x1f, 0xbe, 0x5f, 0x78, 0xe5, 0x14, 0x75, 0xb8,
-	0xf1, 0x60, 0x16, 0x74, 0x6a, 0xbe, 0xfb, 0x3b, 0x82, 0x85, 0xf3, 0xfb, 0x8c, 0xbf, 0x88, 0x06,
-	0xf8, 0x0b, 0xd0, 0xe4, 0x4d, 0x8d, 0x0b, 0xbb, 0xf5, 0xc2, 0x3d, 0x6f, 0x58, 0x57, 0x03, 0xd3,
-	0x37, 0x1d, 0xc0, 0x8d, 0xe4, 0xbe, 0xc4, 0x85, 0x0e, 0x17, 0xaf, 0x63, 0xe3, 0xce, 0x14, 0x62,
-	0x6a, 0x48, 0xe3, 0xf6, 0xf1, 0xa9, 0xa9, 0xfc, 0x71, 0x6a, 0x2a, 0xff, 0x9e, 0x9a, 0xe8, 0xe5,
-	0xd8, 0x44, 0xc7, 0x63, 0x13, 0xfd, 0x36, 0x36, 0xd1, 0x5f, 0x63, 0x13, 0x3d, 0x2f, 0x3d, 0xd7,
-	0x3a, 0x7a, 0xf2, 0x77, 0xfb, 0xc1, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xd7, 0x61, 0x3c, 0x43,
-	0x06, 0x08, 0x00, 0x00,
+	// 890 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x95, 0xcf, 0x73, 0xdb, 0x44,
+	0x14, 0xc7, 0xbd, 0xb2, 0x2a, 0xc3, 0x73, 0x13, 0x67, 0x36, 0x24, 0xb8, 0xa2, 0xa3, 0xb8, 0x2a,
+	0x33, 0x75, 0x3b, 0x44, 0x1e, 0x0c, 0x33, 0x65, 0x80, 0x4b, 0x9c, 0x78, 0x26, 0xa6, 0xad, 0xd3,
+	0x51, 0x12, 0xe8, 0x2d, 0xc8, 0xd2, 0xc6, 0x15, 0x8e, 0xb5, 0x66, 0x77, 0xed, 0x0c, 0x17, 0xa6,
+	0x47, 0x26, 0x57, 0x86, 0x1f, 0x97, 0x9e, 0xe0, 0xdc, 0x3f, 0x80, 0xbf, 0x20, 0xc3, 0x89, 0x1b,
+	0x9c, 0x32, 0xc4, 0x7f, 0x00, 0xf0, 0x27, 0x30, 0xbb, 0x92, 0x92, 0xd4, 0x51, 0x1c, 0x5f, 0x92,
+	0xf5, 0xea, 0xf3, 0x7d, 0xdf, 0x7d, 0x6f, 0xf5, 0x9e, 0x00, 0x98, 0xb7, 0x2f, 0x9c, 0x01, 0xa3,
+	0x82, 0x62, 0x1c, 0x50, 0xbf, 0x47, 0x98, 0xc3, 0x0f, 0x3d, 0xd6, 0xef, 0x85, 0xc2, 0x19, 0xbd,
+	0x6f, 0xce, 0xd1, 0xce, 0x57, 0xc4, 0x17, 0x3c, 0x46, 0xcc, 0xa2, 0xf8, 0x66, 0x40, 0xd2, 0x1f,
+	0xab, 0xdd, 0x50, 0x3c, 0x1f, 0x76, 0x1c, 0x9f, 0xf6, 0x6b, 0x3e, 0x65, 0x84, 0xf2, 0x1a, 0x11,
+	0x7e, 0x50, 0x93, 0x21, 0xd5, 0x9f, 0x41, 0xa7, 0x76, 0x1e, 0xde, 0x7c, 0xab, 0x4b, 0xbb, 0x54,
+	0x2d, 0x6b, 0x72, 0x95, 0xec, 0x2e, 0x0e, 0x0e, 0x86, 0xdd, 0x30, 0xaa, 0xc5, 0xff, 0xe2, 0x4d,
+	0xfb, 0x15, 0x02, 0x70, 0xbd, 0x7d, 0xf1, 0x84, 0xf4, 0x3b, 0x84, 0xe1, 0xbb, 0x50, 0x90, 0x71,
+	0xf6, 0xc2, 0xa0, 0x8c, 0x2a, 0xa8, 0xaa, 0x37, 0x60, 0x7c, 0xb2, 0x62, 0x48, 0xa0, 0xb5, 0xe1,
+	0x1a, 0xf2, 0x51, 0x2b, 0x90, 0x50, 0x44, 0x03, 0x22, 0x21, 0xad, 0x82, 0xaa, 0x6f, 0xc6, 0x50,
+	0x9b, 0x06, 0x44, 0x42, 0xf2, 0x51, 0x2b, 0xc0, 0x18, 0x74, 0x2f, 0x08, 0x58, 0x39, 0x2f, 0x09,
+	0x57, 0xad, 0x71, 0x03, 0x0c, 0x2e, 0x3c, 0x31, 0xe4, 0x65, 0xbd, 0x82, 0xaa, 0xc5, 0xfa, 0xbb,
+	0xce, 0xe5, 0x3a, 0x38, 0xe7, 0xa7, 0xd9, 0x56, 0x6c, 0x43, 0x3f, 0x3e, 0x59, 0xc9, 0xb9, 0x89,
+	0xd2, 0xbe, 0x03, 0xc5, 0xcf, 0x68, 0x18, 0xb9, 0xe4, 0xeb, 0x21, 0xe1, 0xe2, 0xcc, 0x06, 0x9d,
+	0xdb, 0xd8, 0x3f, 0x22, 0xb8, 0x19, 0x33, 0x7c, 0x40, 0x23, 0x4e, 0x66, 0xcb, 0xea, 0x23, 0x28,
+	0xf4, 0x95, 0x2d, 0x2f, 0x6b, 0x95, 0x7c, 0xb5, 0x58, 0xb7, 0xa6, 0x9f, 0xce, 0x4d, 0x71, 0x7c,
+	0x0f, 0x4a, 0x8c, 0xf4, 0xe9, 0x88, 0x04, 0x7b, 0x69, 0x84, 0x7c, 0x25, 0x5f, 0xd5, 0xdd, 0xf9,
+	0x64, 0x3b, 0x16, 0x70, 0xbb, 0x01, 0x37, 0x1f, 0x13, 0x6f, 0x44, 0xd2, 0xc3, 0xd7, 0x41, 0x97,
+	0xd5, 0x52, 0x87, 0xba, 0xde, 0x4f, 0xb1, 0x76, 0x09, 0xe6, 0x92, 0x18, 0x71, 0x72, 0xf6, 0x63,
+	0xb8, 0xf5, 0x94, 0x51, 0x9f, 0x70, 0x1e, 0xb3, 0x9c, 0x7b, 0xdd, 0x33, 0x87, 0xfb, 0x32, 0x29,
+	0xb5, 0x93, 0x98, 0x94, 0x9c, 0xf8, 0x75, 0x71, 0x52, 0x30, 0x7d, 0xfe, 0xb1, 0xfe, 0xe2, 0x27,
+	0x3b, 0x67, 0xdf, 0x06, 0x33, 0x2b, 0x5a, 0xe2, 0xf5, 0x29, 0x2c, 0xb9, 0x84, 0xd3, 0x83, 0x11,
+	0x59, 0x0b, 0x02, 0x26, 0xa1, 0xc4, 0x67, 0x96, 0x0a, 0xdb, 0xef, 0xc1, 0xf2, 0xa4, 0x3a, 0xb9,
+	0xa0, 0xac, 0x5b, 0xdc, 0x87, 0xc5, 0x56, 0x24, 0x08, 0x8b, 0xbc, 0x03, 0x19, 0x27, 0x75, 0x5a,
+	0x06, 0xed, 0xcc, 0xc4, 0x18, 0x9f, 0xac, 0x68, 0xad, 0x0d, 0x57, 0x0b, 0x03, 0xfc, 0x10, 0x0c,
+	0xcf, 0x17, 0x21, 0x8d, 0x92, 0xdb, 0x5b, 0xc9, 0xaa, 0xe6, 0xb6, 0xa0, 0x8c, 0xac, 0x29, 0xcc,
+	0x4d, 0x70, 0xfb, 0x87, 0x3c, 0x14, 0x2f, 0xec, 0xe3, 0x4f, 0xce, 0x02, 0x49, 0x93, 0xf9, 0xfa,
+	0xdd, 0x6b, 0x02, 0x3d, 0x0a, 0xa3, 0x20, 0x0d, 0x86, 0x9d, 0xe4, 0x46, 0x35, 0x55, 0xec, 0x72,
+	0x96, 0x54, 0xf6, 0xc9, 0x66, 0x2e, 0xbe, 0x4d, 0xfc, 0x10, 0x0a, 0x9c, 0xb0, 0x51, 0xe8, 0x13,
+	0xd5, 0x28, 0xc5, 0xfa, 0x3b, 0x99, 0x6e, 0x31, 0xb2, 0x99, 0x73, 0x53, 0x5a, 0x1a, 0x09, 0x8f,
+	0xf7, 0x92, 0x46, 0xca, 0x34, 0xda, 0xf1, 0x78, 0x4f, 0x1a, 0x49, 0x4e, 0x1a, 0x45, 0x44, 0x1c,
+	0x52, 0xd6, 0x2b, 0xdf, 0xb8, 0xda, 0xa8, 0x1d, 0x23, 0xd2, 0x28, 0xa1, 0xa5, 0xd0, 0x3f, 0x18,
+	0x72, 0x41, 0x58, 0xd9, 0xb8, 0x5a, 0xb8, 0x1e, 0x23, 0x52, 0x98, 0xd0, 0xf8, 0x43, 0x30, 0x38,
+	0xf1, 0x19, 0x11, 0xe5, 0x82, 0xd2, 0x99, 0xd9, 0x99, 0x49, 0x62, 0x53, 0xb6, 0xb7, 0x5a, 0x35,
+	0xde, 0x00, 0x43, 0x78, 0xac, 0x4b, 0xc4, 0x83, 0x7f, 0x11, 0x94, 0x26, 0xca, 0x8c, 0xef, 0x41,
+	0x61, 0xb7, 0xfd, 0xa8, 0xbd, 0xf5, 0x45, 0x7b, 0x21, 0x67, 0x9a, 0x47, 0x2f, 0x2b, 0xcb, 0x13,
+	0xc4, 0x6e, 0xd4, 0x8b, 0xe8, 0x61, 0x84, 0xeb, 0xb0, 0xb8, 0xbd, 0xb3, 0xe5, 0x36, 0xf7, 0xd6,
+	0xd6, 0x77, 0x5a, 0x5b, 0xed, 0xbd, 0x75, 0xb7, 0xb9, 0xb6, 0xd3, 0x5c, 0x40, 0xe6, 0xad, 0xa3,
+	0x97, 0x95, 0xa5, 0x09, 0xd1, 0x3a, 0x23, 0x9e, 0x20, 0x97, 0x34, 0xbb, 0x4f, 0x37, 0xa4, 0x46,
+	0xcb, 0xd4, 0xec, 0x0e, 0x82, 0x2c, 0x8d, 0xdb, 0x7c, 0xb2, 0xf5, 0x79, 0x73, 0x21, 0x9f, 0xa9,
+	0x71, 0xd5, 0x34, 0x30, 0xdf, 0xfe, 0xee, 0x17, 0x2b, 0xf7, 0xdb, 0xaf, 0xd6, 0x64, 0x76, 0xf5,
+	0xef, 0x35, 0xd0, 0xe5, 0xab, 0x8e, 0x8f, 0x10, 0xe0, 0xcb, 0x5d, 0x88, 0x57, 0xb3, 0x2a, 0x78,
+	0x65, 0xef, 0x9b, 0xce, 0xac, 0x78, 0xd2, 0xdc, 0x4b, 0xbf, 0xbf, 0xfa, 0xe7, 0x67, 0xad, 0x04,
+	0x73, 0x8a, 0x5f, 0xed, 0x7b, 0x91, 0xd7, 0x25, 0x0c, 0x7f, 0x0b, 0xf3, 0xaf, 0x77, 0x2d, 0xbe,
+	0x9f, 0x39, 0xa8, 0xb2, 0xe6, 0x82, 0xf9, 0x60, 0x16, 0x74, 0xaa, 0x7f, 0xfd, 0x4f, 0x04, 0xf3,
+	0xe7, 0x53, 0x90, 0x3f, 0x0f, 0x07, 0xf8, 0x4b, 0xd0, 0xe5, 0x7c, 0xc7, 0x99, 0x3d, 0x7e, 0xe1,
+	0xeb, 0x60, 0x56, 0xae, 0x06, 0xa6, 0x27, 0xed, 0xc3, 0x0d, 0x35, 0x65, 0x71, 0x66, 0x84, 0x8b,
+	0x43, 0xdc, 0xbc, 0x33, 0x85, 0x98, 0x6a, 0xd2, 0xb8, 0x7d, 0x7c, 0x6a, 0xe5, 0xfe, 0x3a, 0xb5,
+	0x72, 0xff, 0x9d, 0x5a, 0xe8, 0xc5, 0xd8, 0x42, 0xc7, 0x63, 0x0b, 0xfd, 0x31, 0xb6, 0xd0, 0xdf,
+	0x63, 0x0b, 0x3d, 0xcb, 0x3f, 0xd3, 0x3b, 0x86, 0xfa, 0x48, 0x7f, 0xf0, 0x7f, 0x00, 0x00, 0x00,
+	0xff, 0xff, 0x53, 0x4c, 0x9e, 0xad, 0x3c, 0x08, 0x00, 0x00,
 }

vendor/src/github.com/docker/swarmkit/api/raft.proto

@@ -124,5 +124,6 @@ message StoreAction {
 		Task task = 4;
 		Network network = 5;
 		Cluster cluster = 6;
+		Secret secret = 7;
 	}
 }

vendor/src/github.com/docker/swarmkit/api/snapshot.pb.go

@@ -49,6 +49,7 @@ type StoreSnapshot struct {
 	Networks []*Network `protobuf:"bytes,3,rep,name=networks" json:"networks,omitempty"`
 	Tasks    []*Task    `protobuf:"bytes,4,rep,name=tasks" json:"tasks,omitempty"`
 	Clusters []*Cluster `protobuf:"bytes,5,rep,name=clusters" json:"clusters,omitempty"`
+	Secrets  []*Secret  `protobuf:"bytes,6,rep,name=secrets" json:"secrets,omitempty"`
 }
 
 func (m *StoreSnapshot) Reset()                    { *m = StoreSnapshot{} }
@@ -124,6 +125,13 @@ func (m *StoreSnapshot) Copy() *StoreSnapshot {
 		}
 	}
 
+	if m.Secrets != nil {
+		o.Secrets = make([]*Secret, 0, len(m.Secrets))
+		for _, v := range m.Secrets {
+			o.Secrets = append(o.Secrets, v.Copy())
+		}
+	}
+
 	return o
 }
 
@@ -169,7 +177,7 @@ func (this *StoreSnapshot) GoString() string {
 	if this == nil {
 		return "nil"
 	}
-	s := make([]string, 0, 9)
+	s := make([]string, 0, 10)
 	s = append(s, "&api.StoreSnapshot{")
 	if this.Nodes != nil {
 		s = append(s, "Nodes: "+fmt.Sprintf("%#v", this.Nodes)+",\n")
@@ -186,6 +194,9 @@ func (this *StoreSnapshot) GoString() string {
 	if this.Clusters != nil {
 		s = append(s, "Clusters: "+fmt.Sprintf("%#v", this.Clusters)+",\n")
 	}
+	if this.Secrets != nil {
+		s = append(s, "Secrets: "+fmt.Sprintf("%#v", this.Secrets)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -315,6 +326,18 @@ func (m *StoreSnapshot) MarshalTo(data []byte) (int, error) {
 			i += n
 		}
 	}
+	if len(m.Secrets) > 0 {
+		for _, msg := range m.Secrets {
+			data[i] = 0x32
+			i++
+			i = encodeVarintSnapshot(data, i, uint64(msg.Size()))
+			n, err := msg.MarshalTo(data[i:])
+			if err != nil {
+				return 0, err
+			}
+			i += n
+		}
+	}
 	return i, nil
 }
 
@@ -455,6 +478,12 @@ func (m *StoreSnapshot) Size() (n int) {
 			n += 1 + l + sovSnapshot(uint64(l))
 		}
 	}
+	if len(m.Secrets) > 0 {
+		for _, e := range m.Secrets {
+			l = e.Size()
+			n += 1 + l + sovSnapshot(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -511,6 +540,7 @@ func (this *StoreSnapshot) String() string {
 		`Networks:` + strings.Replace(fmt.Sprintf("%v", this.Networks), "Network", "Network", 1) + `,`,
 		`Tasks:` + strings.Replace(fmt.Sprintf("%v", this.Tasks), "Task", "Task", 1) + `,`,
 		`Clusters:` + strings.Replace(fmt.Sprintf("%v", this.Clusters), "Cluster", "Cluster", 1) + `,`,
+		`Secrets:` + strings.Replace(fmt.Sprintf("%v", this.Secrets), "Secret", "Secret", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -730,6 +760,37 @@ func (m *StoreSnapshot) Unmarshal(data []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Secrets", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSnapshot
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthSnapshot
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Secrets = append(m.Secrets, &Secret{})
+			if err := m.Secrets[len(m.Secrets)-1].Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSnapshot(data[iNdEx:])
@@ -1089,30 +1150,31 @@ var (
 func init() { proto.RegisterFile("snapshot.proto", fileDescriptorSnapshot) }
 
 var fileDescriptorSnapshot = []byte{
-	// 396 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x7c, 0x92, 0xbd, 0x6e, 0xdb, 0x30,
-	0x14, 0x85, 0x45, 0xf9, 0x47, 0x06, 0x0d, 0xbb, 0x2d, 0xd1, 0x81, 0x70, 0x0b, 0xd6, 0x55, 0x3b,
-	0x78, 0x52, 0x5b, 0x77, 0x68, 0x97, 0x76, 0x70, 0xa6, 0x0c, 0xf1, 0x40, 0x07, 0x46, 0x56, 0x59,
-	0xa2, 0x6d, 0x45, 0x91, 0x68, 0x90, 0x8c, 0xbc, 0xe6, 0x39, 0xf2, 0x44, 0x1e, 0x33, 0x66, 0x0a,
-	0x62, 0x2d, 0x59, 0xf3, 0x08, 0x81, 0x44, 0x49, 0x30, 0x10, 0x39, 0x1b, 0x75, 0xf1, 0x9d, 0x73,
-	0xae, 0x2e, 0x0e, 0xec, 0xcb, 0xd8, 0xdd, 0xc8, 0x35, 0x57, 0xce, 0x46, 0x70, 0xc5, 0x11, 0xf2,
-	0xb9, 0x17, 0x32, 0xe1, 0xc8, 0xad, 0x2b, 0xa2, 0x30, 0x50, 0x4e, 0xf2, 0x6b, 0xd0, 0xe3, 0x8b,
-	0x4b, 0xe6, 0x29, 0xa9, 0x91, 0x01, 0x14, 0xee, 0xb2, 0xc0, 0x07, 0x1f, 0x57, 0x7c, 0xc5, 0xf3,
-	0xe7, 0x8f, 0xec, 0xa5, 0xa7, 0xf6, 0xad, 0x09, 0x7b, 0x33, 0xc5, 0x05, 0x9b, 0x15, 0xe6, 0xc8,
-	0x81, 0xad, 0x98, 0xfb, 0x4c, 0x62, 0x30, 0x6c, 0x8c, 0xba, 0x63, 0xec, 0xbc, 0x8e, 0x71, 0xa6,
-	0xdc, 0x67, 0x54, 0x63, 0xe8, 0x0f, 0xec, 0x48, 0x26, 0x92, 0xc0, 0x63, 0x12, 0x9b, 0xb9, 0xe4,
-	0x53, 0x9d, 0x64, 0xa6, 0x19, 0x5a, 0xc1, 0x99, 0x30, 0x66, 0x6a, 0xcb, 0x45, 0x28, 0x71, 0xe3,
-	0xb8, 0x70, 0xaa, 0x19, 0x5a, 0xc1, 0xd9, 0x86, 0xca, 0x95, 0xa1, 0xc4, 0xcd, 0xe3, 0x1b, 0x9e,
-	0xbb, 0x32, 0xa4, 0x1a, 0xcb, 0x82, 0xbc, 0xab, 0x6b, 0xa9, 0x98, 0x90, 0xb8, 0x75, 0x3c, 0xe8,
-	0x44, 0x33, 0xb4, 0x82, 0x6d, 0x06, 0xdf, 0x15, 0xc3, 0xea, 0x3a, 0x7f, 0xa1, 0x15, 0xb1, 0x68,
-	0x91, 0x59, 0xe9, 0xfb, 0x90, 0x3a, 0x2b, 0xea, 0x2e, 0xd5, 0x59, 0x8e, 0xd1, 0x12, 0x47, 0x18,
-	0x5a, 0x82, 0x45, 0x3c, 0x61, 0x7e, 0x7e, 0xa6, 0x26, 0x2d, 0x3f, 0xed, 0x27, 0x00, 0x3b, 0x55,
-	0xc0, 0x7f, 0x68, 0x25, 0x4c, 0xc8, 0x80, 0xc7, 0x18, 0x0c, 0xc1, 0xa8, 0x3f, 0xfe, 0x5e, 0x7b,
-	0xcd, 0xb2, 0x0a, 0x73, 0xcd, 0xd2, 0x52, 0x84, 0x4e, 0x21, 0x2c, 0x12, 0xd7, 0xc1, 0x06, 0x9b,
-	0x43, 0x30, 0xea, 0x8e, 0xbf, 0xbd, 0xf1, 0xbb, 0xa5, 0xd3, 0xa4, 0xb9, 0x7b, 0xf8, 0x62, 0xd0,
-	0x03, 0x31, 0xfa, 0x07, 0x5b, 0x32, 0xab, 0x06, 0x6e, 0xe4, 0x2e, 0x5f, 0x6b, 0x17, 0x39, 0xec,
-	0x4e, 0xe1, 0xa1, 0x55, 0xf6, 0x07, 0x68, 0x15, 0xdb, 0xa1, 0x36, 0x34, 0xe7, 0x3f, 0xdf, 0x1b,
-	0x93, 0xcf, 0xbb, 0x3d, 0x31, 0xee, 0xf7, 0xc4, 0x78, 0xde, 0x13, 0x70, 0x93, 0x12, 0xb0, 0x4b,
-	0x09, 0xb8, 0x4b, 0x09, 0x78, 0x4c, 0x09, 0xb8, 0x30, 0x17, 0xed, 0xbc, 0x94, 0xbf, 0x5f, 0x02,
-	0x00, 0x00, 0xff, 0xff, 0xc9, 0xd9, 0x1a, 0xd9, 0xeb, 0x02, 0x00, 0x00,
+	// 409 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x7c, 0x92, 0xbf, 0x6f, 0xd3, 0x40,
+	0x14, 0xc7, 0x73, 0xce, 0x0f, 0x57, 0xaf, 0x6a, 0x81, 0x13, 0xc3, 0x29, 0xa0, 0x23, 0x04, 0x86,
+	0x4c, 0x06, 0x02, 0x12, 0x2c, 0x30, 0x94, 0x89, 0x81, 0x0e, 0x17, 0x54, 0xb1, 0x3a, 0xf6, 0x6b,
+	0x6b, 0x8c, 0x7d, 0xd1, 0xbd, 0xc3, 0x5d, 0xf9, 0xf3, 0x32, 0x76, 0x64, 0x42, 0xc4, 0x0b, 0x2b,
+	0x7f, 0x02, 0xb2, 0xcf, 0xb6, 0x22, 0xe1, 0xb0, 0x3d, 0x5b, 0x9f, 0xef, 0x8f, 0x7b, 0x7a, 0x70,
+	0x4a, 0x79, 0xb8, 0xa1, 0x6b, 0x6d, 0x83, 0x8d, 0xd1, 0x56, 0x73, 0x1e, 0xeb, 0x28, 0x45, 0x13,
+	0xd0, 0x4d, 0x68, 0xb2, 0x34, 0xb1, 0x41, 0xf1, 0x62, 0x7a, 0xa2, 0xd7, 0x5f, 0x30, 0xb2, 0xe4,
+	0x90, 0x29, 0x98, 0xf0, 0xb2, 0xc1, 0xa7, 0xf7, 0xaf, 0xf4, 0x95, 0xae, 0xc7, 0x67, 0xd5, 0xe4,
+	0xfe, 0xce, 0x6f, 0x3d, 0x38, 0x59, 0x59, 0x6d, 0x70, 0xd5, 0x98, 0xf3, 0x00, 0xc6, 0xb9, 0x8e,
+	0x91, 0x04, 0x9b, 0x0d, 0x17, 0xc7, 0x4b, 0x11, 0xfc, 0x1b, 0x13, 0x9c, 0xeb, 0x18, 0x95, 0xc3,
+	0xf8, 0x6b, 0x38, 0x22, 0x34, 0x45, 0x12, 0x21, 0x09, 0xaf, 0x96, 0x3c, 0xe8, 0x93, 0xac, 0x1c,
+	0xa3, 0x3a, 0xb8, 0x12, 0xe6, 0x68, 0x6f, 0xb4, 0x49, 0x49, 0x0c, 0x0f, 0x0b, 0xcf, 0x1d, 0xa3,
+	0x3a, 0xb8, 0x6a, 0x68, 0x43, 0x4a, 0x49, 0x8c, 0x0e, 0x37, 0xfc, 0x14, 0x52, 0xaa, 0x1c, 0x56,
+	0x05, 0x45, 0x5f, 0xbf, 0x91, 0x45, 0x43, 0x62, 0x7c, 0x38, 0xe8, 0xbd, 0x63, 0x54, 0x07, 0xf3,
+	0x57, 0xe0, 0x13, 0x46, 0x06, 0x2d, 0x89, 0x49, 0xad, 0x9b, 0xf6, 0xbf, 0xac, 0x42, 0x54, 0x8b,
+	0xce, 0x11, 0xee, 0x34, 0x56, 0xdd, 0x4e, 0xdf, 0x80, 0x9f, 0x61, 0xb6, 0xae, 0x0a, 0xb8, 0xad,
+	0xca, 0x3e, 0x23, 0x15, 0x5e, 0xda, 0x8f, 0x35, 0xa6, 0x5a, 0x9c, 0x0b, 0xf0, 0x0d, 0x66, 0xba,
+	0xc0, 0xb8, 0x5e, 0xee, 0x48, 0xb5, 0x9f, 0xf3, 0xdf, 0x0c, 0x8e, 0xba, 0x80, 0x77, 0xe0, 0x17,
+	0x68, 0x28, 0xd1, 0xb9, 0x60, 0x33, 0xb6, 0x38, 0x5d, 0x3e, 0xed, 0x6d, 0xda, 0x1e, 0xd0, 0x85,
+	0x63, 0x55, 0x2b, 0xe2, 0x1f, 0x00, 0x9a, 0xc4, 0xeb, 0x64, 0x23, 0xbc, 0x19, 0x5b, 0x1c, 0x2f,
+	0x9f, 0xfc, 0x67, 0x49, 0xad, 0xd3, 0xd9, 0x68, 0xfb, 0xf3, 0xd1, 0x40, 0xed, 0x89, 0xf9, 0x5b,
+	0x18, 0x53, 0x75, 0x50, 0x62, 0x58, 0xbb, 0x3c, 0xee, 0x2d, 0xb2, 0x7f, 0x71, 0x8d, 0x87, 0x53,
+	0xcd, 0xef, 0x81, 0xdf, 0xb4, 0xe3, 0x13, 0xf0, 0x2e, 0x9e, 0xdf, 0x1d, 0x9c, 0x3d, 0xdc, 0xee,
+	0xe4, 0xe0, 0xc7, 0x4e, 0x0e, 0xfe, 0xec, 0x24, 0xfb, 0x5e, 0x4a, 0xb6, 0x2d, 0x25, 0xbb, 0x2d,
+	0x25, 0xfb, 0x55, 0x4a, 0xf6, 0xd9, 0x5b, 0x4f, 0xea, 0x53, 0x7e, 0xf9, 0x37, 0x00, 0x00, 0xff,
+	0xff, 0x48, 0xfb, 0x27, 0x26, 0x21, 0x03, 0x00, 0x00,
 }

vendor/src/github.com/docker/swarmkit/api/snapshot.proto

@@ -19,6 +19,7 @@ message StoreSnapshot {
 	repeated Network networks = 3;
 	repeated Task tasks = 4;
 	repeated Cluster clusters = 5;
+	repeated Secret secrets = 6;
 }
 
 // ClusterSnapshot stores cluster membership information in snapshots.

vendor/src/github.com/docker/swarmkit/api/specs.pb.go

@@ -473,6 +473,9 @@ type ContainerSpec struct {
 	StopGracePeriod *docker_swarmkit_v11.Duration `protobuf:"bytes,9,opt,name=stop_grace_period,json=stopGracePeriod" json:"stop_grace_period,omitempty"`
 	// PullOptions parameterize the behavior of image pulls.
 	PullOptions *ContainerSpec_PullOptions `protobuf:"bytes,10,opt,name=pull_options,json=pullOptions" json:"pull_options,omitempty"`
+	// Secrets contains references to zero or more secrets that
+	// will be exposed to the container.
+	Secrets []*SecretReference `protobuf:"bytes,12,rep,name=secrets" json:"secrets,omitempty"`
 }
 
 func (m *ContainerSpec) Reset()                    { *m = ContainerSpec{} }
@@ -555,6 +558,17 @@ func (m *ClusterSpec) Reset()                    { *m = ClusterSpec{} }
 func (*ClusterSpec) ProtoMessage()               {}
 func (*ClusterSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{9} }
 
+// SecretSpec specifies a user-provided secret.
+type SecretSpec struct {
+	Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"`
+	// Data is the secret payload - the maximum size is 500KB (that is, 500*1024 bytes)
+	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+}
+
+func (m *SecretSpec) Reset()                    { *m = SecretSpec{} }
+func (*SecretSpec) ProtoMessage()               {}
+func (*SecretSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{10} }
+
 func init() {
 	proto.RegisterType((*NodeSpec)(nil), "docker.swarmkit.v1.NodeSpec")
 	proto.RegisterType((*ServiceSpec)(nil), "docker.swarmkit.v1.ServiceSpec")
@@ -567,6 +581,7 @@ func init() {
 	proto.RegisterType((*EndpointSpec)(nil), "docker.swarmkit.v1.EndpointSpec")
 	proto.RegisterType((*NetworkSpec)(nil), "docker.swarmkit.v1.NetworkSpec")
 	proto.RegisterType((*ClusterSpec)(nil), "docker.swarmkit.v1.ClusterSpec")
+	proto.RegisterType((*SecretSpec)(nil), "docker.swarmkit.v1.SecretSpec")
 	proto.RegisterEnum("docker.swarmkit.v1.NodeSpec_Membership", NodeSpec_Membership_name, NodeSpec_Membership_value)
 	proto.RegisterEnum("docker.swarmkit.v1.NodeSpec_Availability", NodeSpec_Availability_name, NodeSpec_Availability_value)
 	proto.RegisterEnum("docker.swarmkit.v1.EndpointSpec_ResolutionMode", EndpointSpec_ResolutionMode_name, EndpointSpec_ResolutionMode_value)
@@ -750,6 +765,13 @@ func (m *ContainerSpec) Copy() *ContainerSpec {
 		}
 	}
 
+	if m.Secrets != nil {
+		o.Secrets = make([]*SecretReference, 0, len(m.Secrets))
+		for _, v := range m.Secrets {
+			o.Secrets = append(o.Secrets, v.Copy())
+		}
+	}
+
 	return o
 }
 
@@ -819,6 +841,19 @@ func (m *ClusterSpec) Copy() *ClusterSpec {
 	return o
 }
 
+func (m *SecretSpec) Copy() *SecretSpec {
+	if m == nil {
+		return nil
+	}
+
+	o := &SecretSpec{
+		Annotations: *m.Annotations.Copy(),
+		Data:        m.Data,
+	}
+
+	return o
+}
+
 func (this *NodeSpec) GoString() string {
 	if this == nil {
 		return "nil"
@@ -947,7 +982,7 @@ func (this *ContainerSpec) GoString() string {
 	if this == nil {
 		return "nil"
 	}
-	s := make([]string, 0, 15)
+	s := make([]string, 0, 16)
 	s = append(s, "&api.ContainerSpec{")
 	s = append(s, "Image: "+fmt.Sprintf("%#v", this.Image)+",\n")
 	keysForLabels := make([]string, 0, len(this.Labels))
@@ -978,6 +1013,9 @@ func (this *ContainerSpec) GoString() string {
 	if this.PullOptions != nil {
 		s = append(s, "PullOptions: "+fmt.Sprintf("%#v", this.PullOptions)+",\n")
 	}
+	if this.Secrets != nil {
+		s = append(s, "Secrets: "+fmt.Sprintf("%#v", this.Secrets)+",\n")
+	}
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -1039,6 +1077,17 @@ func (this *ClusterSpec) GoString() string {
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
+func (this *SecretSpec) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 6)
+	s = append(s, "&api.SecretSpec{")
+	s = append(s, "Annotations: "+strings.Replace(this.Annotations.GoString(), `&`, ``, 1)+",\n")
+	s = append(s, "Data: "+fmt.Sprintf("%#v", this.Data)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
 func valueToGoStringSpecs(v interface{}, typ string) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -1519,6 +1568,18 @@ func (m *ContainerSpec) MarshalTo(data []byte) (int, error) {
 			i += copy(data[i:], s)
 		}
 	}
+	if len(m.Secrets) > 0 {
+		for _, msg := range m.Secrets {
+			data[i] = 0x62
+			i++
+			i = encodeVarintSpecs(data, i, uint64(msg.Size()))
+			n, err := msg.MarshalTo(data[i:])
+			if err != nil {
+				return 0, err
+			}
+			i += n
+		}
+	}
 	return i, nil
 }
 
@@ -1733,6 +1794,38 @@ func (m *ClusterSpec) MarshalTo(data []byte) (int, error) {
 	return i, nil
 }
 
+func (m *SecretSpec) Marshal() (data []byte, err error) {
+	size := m.Size()
+	data = make([]byte, size)
+	n, err := m.MarshalTo(data)
+	if err != nil {
+		return nil, err
+	}
+	return data[:n], nil
+}
+
+func (m *SecretSpec) MarshalTo(data []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	data[i] = 0xa
+	i++
+	i = encodeVarintSpecs(data, i, uint64(m.Annotations.Size()))
+	n28, err := m.Annotations.MarshalTo(data[i:])
+	if err != nil {
+		return 0, err
+	}
+	i += n28
+	if len(m.Data) > 0 {
+		data[i] = 0x12
+		i++
+		i = encodeVarintSpecs(data, i, uint64(len(m.Data)))
+		i += copy(data[i:], m.Data)
+	}
+	return i, nil
+}
+
 func encodeFixed64Specs(data []byte, offset int, v uint64) int {
 	data[offset] = uint8(v)
 	data[offset+1] = uint8(v >> 8)
@@ -1958,6 +2051,12 @@ func (m *ContainerSpec) Size() (n int) {
 			n += 1 + l + sovSpecs(uint64(l))
 		}
 	}
+	if len(m.Secrets) > 0 {
+		for _, e := range m.Secrets {
+			l = e.Size()
+			n += 1 + l + sovSpecs(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -2031,6 +2130,18 @@ func (m *ClusterSpec) Size() (n int) {
 	return n
 }
 
+func (m *SecretSpec) Size() (n int) {
+	var l int
+	_ = l
+	l = m.Annotations.Size()
+	n += 1 + l + sovSpecs(uint64(l))
+	l = len(m.Data)
+	if l > 0 {
+		n += 1 + l + sovSpecs(uint64(l))
+	}
+	return n
+}
+
 func sovSpecs(x uint64) (n int) {
 	for {
 		n++
@@ -2182,6 +2293,7 @@ func (this *ContainerSpec) String() string {
 		`StopGracePeriod:` + strings.Replace(fmt.Sprintf("%v", this.StopGracePeriod), "Duration", "docker_swarmkit_v11.Duration", 1) + `,`,
 		`PullOptions:` + strings.Replace(fmt.Sprintf("%v", this.PullOptions), "ContainerSpec_PullOptions", "ContainerSpec_PullOptions", 1) + `,`,
 		`Groups:` + fmt.Sprintf("%v", this.Groups) + `,`,
+		`Secrets:` + strings.Replace(fmt.Sprintf("%v", this.Secrets), "SecretReference", "SecretReference", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2238,6 +2350,17 @@ func (this *ClusterSpec) String() string {
 	}, "")
 	return s
 }
+func (this *SecretSpec) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SecretSpec{`,
+		`Annotations:` + strings.Replace(strings.Replace(this.Annotations.String(), "Annotations", "Annotations", 1), `&`, ``, 1) + `,`,
+		`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringSpecs(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -3574,6 +3697,37 @@ func (m *ContainerSpec) Unmarshal(data []byte) error {
 			}
 			m.Groups = append(m.Groups, string(data[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 12:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Secrets", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Secrets = append(m.Secrets, &SecretReference{})
+			if err := m.Secrets[len(m.Secrets)-1].Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipSpecs(data[iNdEx:])
@@ -4240,6 +4394,117 @@ func (m *ClusterSpec) Unmarshal(data []byte) error {
 	}
 	return nil
 }
+func (m *SecretSpec) Unmarshal(data []byte) error {
+	l := len(data)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowSpecs
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := data[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SecretSpec: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SecretSpec: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Annotations.Unmarshal(data[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
+			}
+			var byteLen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowSpecs
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				byteLen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if byteLen < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			postIndex := iNdEx + byteLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Data = append(m.Data[:0], data[iNdEx:postIndex]...)
+			if m.Data == nil {
+				m.Data = []byte{}
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipSpecs(data[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthSpecs
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipSpecs(data []byte) (n int, err error) {
 	l := len(data)
 	iNdEx := 0
@@ -4348,93 +4613,96 @@ var (
 func init() { proto.RegisterFile("specs.proto", fileDescriptorSpecs) }
 
 var fileDescriptorSpecs = []byte{
-	// 1397 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x57, 0x4f, 0x6f, 0xdb, 0xc6,
-	0x12, 0x17, 0x6d, 0x5a, 0x96, 0x86, 0x72, 0xa2, 0x2c, 0xf2, 0x87, 0x51, 0xf2, 0x64, 0x45, 0x2f,
-	0x2f, 0xcf, 0x79, 0x0f, 0xb5, 0x5b, 0xb5, 0x48, 0x93, 0xa6, 0x45, 0x2b, 0x4b, 0xaa, 0xa3, 0xba,
-	0x76, 0x84, 0x75, 0x12, 0xa0, 0x27, 0x61, 0x4d, 0xae, 0x65, 0xc2, 0x14, 0x97, 0x5d, 0x2e, 0x15,
-	0xf8, 0xd6, 0x63, 0xe0, 0x43, 0xbf, 0x81, 0x4f, 0x05, 0x7a, 0xec, 0xad, 0xdf, 0x21, 0xc7, 0x1e,
-	0x7b, 0x32, 0x6a, 0x5f, 0x7b, 0x29, 0xd0, 0x2f, 0x50, 0xec, 0x72, 0x25, 0x51, 0x0d, 0x9d, 0x04,
-	0x68, 0x6e, 0xbb, 0xc3, 0xdf, 0x6f, 0x76, 0x34, 0xf3, 0xdb, 0x99, 0x15, 0x58, 0x51, 0x48, 0x9d,
-	0x68, 0x35, 0xe4, 0x4c, 0x30, 0x84, 0x5c, 0xe6, 0x1c, 0x50, 0xbe, 0x1a, 0x3d, 0x27, 0x7c, 0x78,
-	0xe0, 0x89, 0xd5, 0xd1, 0x07, 0x15, 0x4b, 0x1c, 0x86, 0x54, 0x03, 0x2a, 0x97, 0x07, 0x6c, 0xc0,
-	0xd4, 0x72, 0x4d, 0xae, 0xb4, 0xf5, 0x9a, 0x1b, 0x73, 0x22, 0x3c, 0x16, 0xac, 0x8d, 0x17, 0xc9,
-	0x87, 0xfa, 0xf7, 0x26, 0x14, 0xb6, 0x99, 0x4b, 0x77, 0x42, 0xea, 0xa0, 0x0d, 0xb0, 0x48, 0x10,
-	0x30, 0xa1, 0x00, 0x91, 0x6d, 0xd4, 0x8c, 0x15, 0xab, 0xb1, 0xbc, 0xfa, 0xea, 0x91, 0xab, 0xcd,
-	0x29, 0x6c, 0xdd, 0x7c, 0x79, 0xb2, 0x9c, 0xc3, 0x69, 0x26, 0x7a, 0x1f, 0x4c, 0xce, 0x7c, 0x6a,
-	0xcf, 0xd5, 0x8c, 0x95, 0x0b, 0x8d, 0x9b, 0x59, 0x1e, 0xe4, 0xa1, 0x98, 0xf9, 0x14, 0x2b, 0x24,
-	0xda, 0x00, 0x18, 0xd2, 0xe1, 0x2e, 0xe5, 0xd1, 0xbe, 0x17, 0xda, 0xf3, 0x8a, 0xf7, 0xdf, 0xf3,
-	0x78, 0x32, 0xd8, 0xd5, 0xad, 0x09, 0x1c, 0xa7, 0xa8, 0x68, 0x0b, 0x4a, 0x64, 0x44, 0x3c, 0x9f,
-	0xec, 0x7a, 0xbe, 0x27, 0x0e, 0x6d, 0x53, 0xb9, 0xba, 0xfb, 0x5a, 0x57, 0xcd, 0x14, 0x01, 0xcf,
-	0xd0, 0xeb, 0x2e, 0xc0, 0xf4, 0x20, 0x74, 0x07, 0x16, 0x7b, 0x9d, 0xed, 0x76, 0x77, 0x7b, 0xa3,
-	0x9c, 0xab, 0x5c, 0x3f, 0x3a, 0xae, 0x5d, 0x91, 0x3e, 0xa6, 0x80, 0x1e, 0x0d, 0x5c, 0x2f, 0x18,
-	0xa0, 0x15, 0x28, 0x34, 0x5b, 0xad, 0x4e, 0xef, 0x49, 0xa7, 0x5d, 0x36, 0x2a, 0x95, 0xa3, 0xe3,
-	0xda, 0xd5, 0x59, 0x60, 0xd3, 0x71, 0x68, 0x28, 0xa8, 0x5b, 0x31, 0x5f, 0xfc, 0x50, 0xcd, 0xd5,
-	0x5f, 0x18, 0x50, 0x4a, 0x07, 0x81, 0xee, 0x40, 0xbe, 0xd9, 0x7a, 0xd2, 0x7d, 0xd6, 0x29, 0xe7,
-	0xa6, 0xf4, 0x34, 0xa2, 0xe9, 0x08, 0x6f, 0x44, 0xd1, 0x6d, 0x58, 0xe8, 0x35, 0x9f, 0xee, 0x74,
-	0xca, 0xc6, 0x34, 0x9c, 0x34, 0xac, 0x47, 0xe2, 0x48, 0xa1, 0xda, 0xb8, 0xd9, 0xdd, 0x2e, 0xcf,
-	0x65, 0xa3, 0xda, 0x9c, 0x78, 0x81, 0x0e, 0xe5, 0x74, 0x1e, 0xac, 0x1d, 0xca, 0x47, 0x9e, 0xf3,
-	0x8e, 0x35, 0x71, 0x0f, 0x4c, 0x41, 0xa2, 0x03, 0xa5, 0x09, 0x2b, 0x5b, 0x13, 0x4f, 0x48, 0x74,
-	0x20, 0x0f, 0xd5, 0x74, 0x85, 0x97, 0xca, 0xe0, 0x34, 0xf4, 0x3d, 0x87, 0x08, 0xea, 0x2a, 0x65,
-	0x58, 0x8d, 0xff, 0x64, 0xb1, 0xf1, 0x04, 0xa5, 0xe3, 0x7f, 0x94, 0xc3, 0x29, 0x2a, 0x7a, 0x08,
-	0xf9, 0x81, 0xcf, 0x76, 0x89, 0xaf, 0x34, 0x61, 0x35, 0x6e, 0x65, 0x39, 0xd9, 0x50, 0x88, 0xa9,
-	0x03, 0x4d, 0x41, 0xf7, 0x21, 0x1f, 0x87, 0x2e, 0x11, 0xd4, 0xce, 0x2b, 0x72, 0x2d, 0x8b, 0xfc,
-	0x54, 0x21, 0x5a, 0x2c, 0xd8, 0xf3, 0x06, 0x58, 0xe3, 0xd1, 0x26, 0x14, 0x02, 0x2a, 0x9e, 0x33,
-	0x7e, 0x10, 0xd9, 0x8b, 0xb5, 0xf9, 0x15, 0xab, 0xf1, 0xff, 0x4c, 0x31, 0x26, 0x98, 0xa6, 0x10,
-	0xc4, 0xd9, 0x1f, 0xd2, 0x40, 0x24, 0x6e, 0xd6, 0xe7, 0x6c, 0x03, 0x4f, 0x1c, 0xa0, 0x4f, 0xa1,
-	0x40, 0x03, 0x37, 0x64, 0x5e, 0x20, 0xec, 0xc2, 0xf9, 0x81, 0x74, 0x34, 0x46, 0x26, 0x13, 0x4f,
-	0x18, 0xeb, 0x79, 0x30, 0x87, 0xcc, 0xa5, 0xf5, 0x35, 0xb8, 0xf4, 0x4a, 0xb2, 0x50, 0x05, 0x0a,
-	0x3a, 0x59, 0x49, 0x95, 0x4d, 0x3c, 0xd9, 0xd7, 0x2f, 0xc2, 0xd2, 0x4c, 0x62, 0xea, 0xbf, 0xcf,
-	0x43, 0x61, 0x5c, 0x2d, 0xd4, 0x84, 0xa2, 0xc3, 0x02, 0x41, 0xbc, 0x80, 0x72, 0x2d, 0x90, 0xcc,
-	0xdc, 0xb6, 0xc6, 0x20, 0xc9, 0x7a, 0x94, 0xc3, 0x53, 0x16, 0xfa, 0x12, 0x8a, 0x9c, 0x46, 0x2c,
-	0xe6, 0x0e, 0x8d, 0xb4, 0x42, 0x56, 0xb2, 0x6b, 0x9c, 0x80, 0x30, 0xfd, 0x36, 0xf6, 0x38, 0x95,
-	0x79, 0x8a, 0xf0, 0x94, 0x8a, 0x1e, 0xc2, 0x22, 0xa7, 0x91, 0x20, 0x5c, 0xbc, 0xae, 0xc8, 0x38,
-	0x81, 0xf4, 0x98, 0xef, 0x39, 0x87, 0x78, 0xcc, 0x40, 0x0f, 0xa1, 0x18, 0xfa, 0xc4, 0x51, 0x5e,
-	0xed, 0x05, 0x45, 0xff, 0x57, 0x16, 0xbd, 0x37, 0x06, 0xe1, 0x29, 0x1e, 0x3d, 0x00, 0xf0, 0xd9,
-	0xa0, 0xef, 0x72, 0x6f, 0x44, 0xb9, 0x16, 0x49, 0x25, 0x8b, 0xdd, 0x56, 0x08, 0x5c, 0xf4, 0xd9,
-	0x20, 0x59, 0xa2, 0x8d, 0x7f, 0xa4, 0x90, 0x94, 0x3a, 0x36, 0x01, 0xc8, 0xe4, 0xab, 0xd6, 0xc7,
-	0xdd, 0xb7, 0x72, 0xa5, 0x2b, 0x92, 0xa2, 0xaf, 0x17, 0x61, 0x91, 0xc7, 0x81, 0xf0, 0x86, 0xb4,
-	0xbe, 0x09, 0x57, 0x32, 0x19, 0xa8, 0x01, 0xa5, 0x49, 0x0d, 0xfb, 0x9e, 0xab, 0x8a, 0x5f, 0x5c,
-	0xbf, 0x78, 0x76, 0xb2, 0x6c, 0x4d, 0x8a, 0xdd, 0x6d, 0x63, 0x6b, 0x02, 0xea, 0xba, 0xf5, 0x9f,
-	0x4c, 0x58, 0x9a, 0x51, 0x02, 0xba, 0x0c, 0x0b, 0xde, 0x90, 0x0c, 0x68, 0x42, 0xc7, 0xc9, 0x06,
-	0x75, 0x20, 0xef, 0x93, 0x5d, 0xea, 0x4b, 0x3d, 0xc8, 0x9c, 0xbc, 0xf7, 0x46, 0x49, 0xad, 0x7e,
-	0xad, 0xf0, 0x9d, 0x40, 0xf0, 0x43, 0xac, 0xc9, 0xc8, 0x86, 0x45, 0x87, 0x0d, 0x87, 0x24, 0x90,
-	0xbd, 0x63, 0x7e, 0xa5, 0x88, 0xc7, 0x5b, 0x84, 0xc0, 0x24, 0x7c, 0x10, 0xd9, 0xa6, 0x32, 0xab,
-	0x35, 0x2a, 0xc3, 0x3c, 0x0d, 0x46, 0xf6, 0x82, 0x32, 0xc9, 0xa5, 0xb4, 0xb8, 0x5e, 0x52, 0xd0,
-	0x22, 0x96, 0x4b, 0xc9, 0x8b, 0x23, 0xca, 0xed, 0x45, 0x65, 0x52, 0x6b, 0xf4, 0x31, 0xe4, 0x87,
-	0x2c, 0x0e, 0x44, 0x64, 0x17, 0x54, 0xb0, 0xd7, 0xb3, 0x82, 0xdd, 0x92, 0x08, 0xdd, 0xdb, 0x34,
-	0x1c, 0x3d, 0x82, 0x4b, 0x91, 0x60, 0x61, 0x7f, 0xc0, 0x89, 0x43, 0xfb, 0x21, 0xe5, 0x1e, 0x73,
-	0xed, 0xe2, 0xf9, 0x2d, 0xb2, 0xad, 0xc7, 0x37, 0xbe, 0x28, 0x69, 0x1b, 0x92, 0xd5, 0x53, 0x24,
-	0xd4, 0x83, 0x52, 0x18, 0xfb, 0x7e, 0x9f, 0x85, 0x49, 0xa7, 0x06, 0xe5, 0xe4, 0x2d, 0xb2, 0xd6,
-	0x8b, 0x7d, 0xff, 0x71, 0x42, 0xc2, 0x56, 0x38, 0xdd, 0xa0, 0xab, 0x90, 0x1f, 0x70, 0x16, 0x87,
-	0x91, 0x6d, 0xa9, 0x7c, 0xe8, 0x5d, 0xe5, 0x01, 0x58, 0xa9, 0x4c, 0xcb, 0x0c, 0x1d, 0xd0, 0x43,
-	0x5d, 0x3c, 0xb9, 0x94, 0x05, 0x1d, 0x11, 0x3f, 0x4e, 0xe6, 0x7f, 0x11, 0x27, 0x9b, 0x4f, 0xe6,
-	0xee, 0x1b, 0x95, 0x06, 0x58, 0xa9, 0xe3, 0xd0, 0xbf, 0x61, 0x89, 0xd3, 0x81, 0x17, 0x09, 0x7e,
-	0xd8, 0x27, 0xb1, 0xd8, 0xb7, 0xbf, 0x50, 0x84, 0xd2, 0xd8, 0xd8, 0x8c, 0xc5, 0x7e, 0xfd, 0x4f,
-	0x03, 0x4a, 0xe9, 0x86, 0x86, 0x5a, 0x49, 0x1b, 0x53, 0x27, 0x5e, 0x68, 0xac, 0xbd, 0xa9, 0x01,
-	0xaa, 0xa6, 0xe1, 0xc7, 0xf2, 0xc4, 0x2d, 0xf9, 0xe8, 0x50, 0x64, 0xf4, 0x11, 0x2c, 0x84, 0x8c,
-	0x8b, 0xb1, 0xba, 0xaa, 0x99, 0x17, 0x9d, 0xf1, 0xf1, 0x25, 0x4b, 0xc0, 0xf5, 0x7d, 0xb8, 0x30,
-	0xeb, 0x0d, 0xdd, 0x86, 0xf9, 0x67, 0xdd, 0x5e, 0x39, 0x57, 0xb9, 0x71, 0x74, 0x5c, 0xbb, 0x36,
-	0xfb, 0xf1, 0x99, 0xc7, 0x45, 0x4c, 0xfc, 0x6e, 0x0f, 0xfd, 0x0f, 0x16, 0xda, 0xdb, 0x3b, 0x18,
-	0x97, 0x8d, 0xca, 0xf2, 0xd1, 0x71, 0xed, 0xc6, 0x2c, 0x4e, 0x7e, 0x62, 0x71, 0xe0, 0x62, 0xb6,
-	0x3b, 0x99, 0xc3, 0x3f, 0xcf, 0x81, 0xa5, 0x2f, 0xdd, 0xbb, 0x9d, 0xc3, 0x9f, 0xc3, 0x52, 0xd2,
-	0xa4, 0xfa, 0x8e, 0xfa, 0x69, 0xba, 0xdd, 0xbe, 0xae, 0x57, 0x95, 0x12, 0x42, 0x92, 0x0a, 0x74,
-	0x0b, 0x4a, 0x5e, 0x38, 0xba, 0xd7, 0xa7, 0x01, 0xd9, 0xf5, 0xf5, 0x48, 0x2e, 0x60, 0x4b, 0xda,
-	0x3a, 0x89, 0x49, 0xce, 0x12, 0x2f, 0x10, 0x94, 0x07, 0x7a, 0xd8, 0x16, 0xf0, 0x64, 0x8f, 0x3e,
-	0x03, 0xd3, 0x0b, 0xc9, 0x50, 0x37, 0xd8, 0xcc, 0x5f, 0xd0, 0xed, 0x35, 0xb7, 0xb4, 0x44, 0xd6,
-	0x0b, 0x67, 0x27, 0xcb, 0xa6, 0x34, 0x60, 0x45, 0x43, 0xd5, 0x71, 0x8f, 0x93, 0x27, 0xa9, 0x6b,
-	0x59, 0xc0, 0x29, 0x4b, 0xfd, 0x47, 0x13, 0xac, 0x96, 0x1f, 0x47, 0x42, 0x37, 0x97, 0x77, 0x96,
-	0xb7, 0x6f, 0xe0, 0x12, 0x51, 0xaf, 0x36, 0x12, 0xc8, 0x9b, 0xaa, 0x66, 0x87, 0xce, 0xdd, 0xed,
-	0x4c, 0x77, 0x13, 0x70, 0x32, 0x67, 0xd6, 0xf3, 0xd2, 0xa7, 0x6d, 0xe0, 0x32, 0xf9, 0xdb, 0x17,
-	0xb4, 0x03, 0x4b, 0x8c, 0x3b, 0xfb, 0x34, 0x12, 0xc9, 0xe5, 0xd6, 0xaf, 0x9c, 0xcc, 0xf7, 0xef,
-	0xe3, 0x34, 0x50, 0xbf, 0x11, 0x92, 0x68, 0x67, 0x7d, 0xa0, 0xfb, 0x60, 0x72, 0xb2, 0x37, 0x9e,
-	0x83, 0x99, 0xfa, 0xc6, 0x64, 0x4f, 0xcc, 0xb8, 0x50, 0x0c, 0xf4, 0x15, 0x80, 0xeb, 0x45, 0x21,
-	0x11, 0xce, 0x3e, 0xe5, 0xba, 0x4e, 0x99, 0x3f, 0xb1, 0x3d, 0x41, 0xcd, 0x78, 0x49, 0xb1, 0xd1,
-	0x26, 0x14, 0x1d, 0x32, 0x56, 0x5a, 0xfe, 0xfc, 0xbe, 0xd6, 0x6a, 0x6a, 0x17, 0x65, 0xe9, 0xe2,
-	0xec, 0x64, 0xb9, 0x30, 0xb6, 0xe0, 0x82, 0x43, 0xb4, 0xf2, 0x36, 0x61, 0x49, 0x3e, 0x09, 0xfb,
-	0x2e, 0xdd, 0x23, 0xb1, 0x2f, 0x22, 0xd5, 0x82, 0xcf, 0x79, 0x02, 0xc9, 0xd7, 0x49, 0x5b, 0xe3,
-	0x74, 0x5c, 0x25, 0x91, 0xb6, 0xdd, 0x7c, 0x79, 0x5a, 0xcd, 0xfd, 0x7a, 0x5a, 0xcd, 0xfd, 0x71,
-	0x5a, 0x35, 0xbe, 0x3b, 0xab, 0x1a, 0x2f, 0xcf, 0xaa, 0xc6, 0x2f, 0x67, 0x55, 0xe3, 0xb7, 0xb3,
-	0xaa, 0xb1, 0x9b, 0x57, 0x7f, 0x8f, 0x3e, 0xfc, 0x2b, 0x00, 0x00, 0xff, 0xff, 0x70, 0x4c, 0x36,
-	0xfc, 0x7d, 0x0d, 0x00, 0x00,
+	// 1443 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x57, 0xcd, 0x6e, 0x1b, 0xc9,
+	0x11, 0xe6, 0x48, 0x23, 0x8a, 0xac, 0xa1, 0x6c, 0xba, 0xe1, 0x9f, 0x31, 0xed, 0x50, 0x34, 0xed,
+	0x38, 0x72, 0x82, 0x48, 0x09, 0x13, 0x38, 0x76, 0x1c, 0x23, 0xe1, 0x5f, 0x64, 0x46, 0x91, 0x4c,
+	0xb4, 0x6c, 0x03, 0x39, 0x11, 0xad, 0x99, 0x16, 0x35, 0xd0, 0x70, 0x7a, 0xd2, 0xd3, 0x43, 0x43,
+	0xb7, 0x1c, 0x0d, 0x1d, 0xf2, 0x06, 0x3a, 0x2d, 0xb0, 0x6f, 0xb0, 0xef, 0xe0, 0xe3, 0x1e, 0xf7,
+	0x24, 0xac, 0x74, 0x5d, 0x2c, 0xb0, 0xc0, 0xbe, 0xc0, 0xa2, 0x7b, 0x9a, 0xe4, 0x70, 0x3d, 0xb2,
+	0x0d, 0xac, 0x6e, 0xd5, 0xd5, 0xdf, 0x57, 0x5d, 0xac, 0xfa, 0xa6, 0xba, 0x09, 0x56, 0x14, 0x52,
+	0x27, 0x5a, 0x0f, 0x39, 0x13, 0x0c, 0x21, 0x97, 0x39, 0x87, 0x94, 0xaf, 0x47, 0x6f, 0x09, 0x1f,
+	0x1d, 0x7a, 0x62, 0x7d, 0xfc, 0xc7, 0x8a, 0x25, 0x8e, 0x42, 0xaa, 0x01, 0x95, 0xeb, 0x43, 0x36,
+	0x64, 0xca, 0xdc, 0x90, 0x96, 0xf6, 0xde, 0x72, 0x63, 0x4e, 0x84, 0xc7, 0x82, 0x8d, 0x89, 0x91,
+	0x6c, 0xd4, 0xff, 0x6f, 0x42, 0x61, 0x87, 0xb9, 0x74, 0x37, 0xa4, 0x0e, 0xda, 0x04, 0x8b, 0x04,
+	0x01, 0x13, 0x0a, 0x10, 0xd9, 0x46, 0xcd, 0x58, 0xb3, 0x1a, 0xab, 0xeb, 0x1f, 0x1e, 0xb9, 0xde,
+	0x9c, 0xc1, 0x5a, 0xe6, 0xfb, 0xd3, 0xd5, 0x1c, 0x4e, 0x33, 0xd1, 0x1f, 0xc0, 0xe4, 0xcc, 0xa7,
+	0xf6, 0x42, 0xcd, 0x58, 0xbb, 0xd2, 0xb8, 0x9b, 0x15, 0x41, 0x1e, 0x8a, 0x99, 0x4f, 0xb1, 0x42,
+	0xa2, 0x4d, 0x80, 0x11, 0x1d, 0xed, 0x51, 0x1e, 0x1d, 0x78, 0xa1, 0xbd, 0xa8, 0x78, 0xbf, 0xb9,
+	0x88, 0x27, 0x93, 0x5d, 0xdf, 0x9e, 0xc2, 0x71, 0x8a, 0x8a, 0xb6, 0xa1, 0x44, 0xc6, 0xc4, 0xf3,
+	0xc9, 0x9e, 0xe7, 0x7b, 0xe2, 0xc8, 0x36, 0x55, 0xa8, 0x47, 0x1f, 0x0d, 0xd5, 0x4c, 0x11, 0xf0,
+	0x1c, 0xbd, 0xee, 0x02, 0xcc, 0x0e, 0x42, 0x0f, 0x61, 0xb9, 0xdf, 0xdd, 0xe9, 0xf4, 0x76, 0x36,
+	0xcb, 0xb9, 0xca, 0xed, 0xe3, 0x93, 0xda, 0x0d, 0x19, 0x63, 0x06, 0xe8, 0xd3, 0xc0, 0xf5, 0x82,
+	0x21, 0x5a, 0x83, 0x42, 0xb3, 0xdd, 0xee, 0xf6, 0x5f, 0x75, 0x3b, 0x65, 0xa3, 0x52, 0x39, 0x3e,
+	0xa9, 0xdd, 0x9c, 0x07, 0x36, 0x1d, 0x87, 0x86, 0x82, 0xba, 0x15, 0xf3, 0xdd, 0x17, 0xd5, 0x5c,
+	0xfd, 0x9d, 0x01, 0xa5, 0x74, 0x12, 0xe8, 0x21, 0xe4, 0x9b, 0xed, 0x57, 0xbd, 0x37, 0xdd, 0x72,
+	0x6e, 0x46, 0x4f, 0x23, 0x9a, 0x8e, 0xf0, 0xc6, 0x14, 0x3d, 0x80, 0xa5, 0x7e, 0xf3, 0xf5, 0x6e,
+	0xb7, 0x6c, 0xcc, 0xd2, 0x49, 0xc3, 0xfa, 0x24, 0x8e, 0x14, 0xaa, 0x83, 0x9b, 0xbd, 0x9d, 0xf2,
+	0x42, 0x36, 0xaa, 0xc3, 0x89, 0x17, 0xe8, 0x54, 0xce, 0x16, 0xc1, 0xda, 0xa5, 0x7c, 0xec, 0x39,
+	0x97, 0xac, 0x89, 0xc7, 0x60, 0x0a, 0x12, 0x1d, 0x2a, 0x4d, 0x58, 0xd9, 0x9a, 0x78, 0x45, 0xa2,
+	0x43, 0x79, 0xa8, 0xa6, 0x2b, 0xbc, 0x54, 0x06, 0xa7, 0xa1, 0xef, 0x39, 0x44, 0x50, 0x57, 0x29,
+	0xc3, 0x6a, 0xfc, 0x3a, 0x8b, 0x8d, 0xa7, 0x28, 0x9d, 0xff, 0x8b, 0x1c, 0x4e, 0x51, 0xd1, 0x33,
+	0xc8, 0x0f, 0x7d, 0xb6, 0x47, 0x7c, 0xa5, 0x09, 0xab, 0x71, 0x2f, 0x2b, 0xc8, 0xa6, 0x42, 0xcc,
+	0x02, 0x68, 0x0a, 0x7a, 0x02, 0xf9, 0x38, 0x74, 0x89, 0xa0, 0x76, 0x5e, 0x91, 0x6b, 0x59, 0xe4,
+	0xd7, 0x0a, 0xd1, 0x66, 0xc1, 0xbe, 0x37, 0xc4, 0x1a, 0x8f, 0xb6, 0xa0, 0x10, 0x50, 0xf1, 0x96,
+	0xf1, 0xc3, 0xc8, 0x5e, 0xae, 0x2d, 0xae, 0x59, 0x8d, 0xdf, 0x65, 0x8a, 0x31, 0xc1, 0x34, 0x85,
+	0x20, 0xce, 0xc1, 0x88, 0x06, 0x22, 0x09, 0xd3, 0x5a, 0xb0, 0x0d, 0x3c, 0x0d, 0x80, 0xfe, 0x06,
+	0x05, 0x1a, 0xb8, 0x21, 0xf3, 0x02, 0x61, 0x17, 0x2e, 0x4e, 0xa4, 0xab, 0x31, 0xb2, 0x98, 0x78,
+	0xca, 0x68, 0xe5, 0xc1, 0x1c, 0x31, 0x97, 0xd6, 0x37, 0xe0, 0xda, 0x07, 0xc5, 0x42, 0x15, 0x28,
+	0xe8, 0x62, 0x25, 0x5d, 0x36, 0xf1, 0x74, 0x5d, 0xbf, 0x0a, 0x2b, 0x73, 0x85, 0xa9, 0x7f, 0xb7,
+	0x08, 0x85, 0x49, 0xb7, 0x50, 0x13, 0x8a, 0x0e, 0x0b, 0x04, 0xf1, 0x02, 0xca, 0xb5, 0x40, 0x32,
+	0x6b, 0xdb, 0x9e, 0x80, 0x24, 0xeb, 0x45, 0x0e, 0xcf, 0x58, 0xe8, 0x9f, 0x50, 0xe4, 0x34, 0x62,
+	0x31, 0x77, 0x68, 0xa4, 0x15, 0xb2, 0x96, 0xdd, 0xe3, 0x04, 0x84, 0xe9, 0x7f, 0x63, 0x8f, 0x53,
+	0x59, 0xa7, 0x08, 0xcf, 0xa8, 0xe8, 0x19, 0x2c, 0x73, 0x1a, 0x09, 0xc2, 0xc5, 0xc7, 0x9a, 0x8c,
+	0x13, 0x48, 0x9f, 0xf9, 0x9e, 0x73, 0x84, 0x27, 0x0c, 0xf4, 0x0c, 0x8a, 0xa1, 0x4f, 0x1c, 0x15,
+	0xd5, 0x5e, 0x52, 0xf4, 0x5f, 0x65, 0xd1, 0xfb, 0x13, 0x10, 0x9e, 0xe1, 0xd1, 0x53, 0x00, 0x9f,
+	0x0d, 0x07, 0x2e, 0xf7, 0xc6, 0x94, 0x6b, 0x91, 0x54, 0xb2, 0xd8, 0x1d, 0x85, 0xc0, 0x45, 0x9f,
+	0x0d, 0x13, 0x13, 0x6d, 0xfe, 0x22, 0x85, 0xa4, 0xd4, 0xb1, 0x05, 0x40, 0xa6, 0xbb, 0x5a, 0x1f,
+	0x8f, 0x3e, 0x2b, 0x94, 0xee, 0x48, 0x8a, 0xde, 0x2a, 0xc2, 0x32, 0x8f, 0x03, 0xe1, 0x8d, 0x68,
+	0x7d, 0x0b, 0x6e, 0x64, 0x32, 0x50, 0x03, 0x4a, 0xd3, 0x1e, 0x0e, 0x3c, 0x57, 0x35, 0xbf, 0xd8,
+	0xba, 0x7a, 0x7e, 0xba, 0x6a, 0x4d, 0x9b, 0xdd, 0xeb, 0x60, 0x6b, 0x0a, 0xea, 0xb9, 0xf5, 0xef,
+	0x4d, 0x58, 0x99, 0x53, 0x02, 0xba, 0x0e, 0x4b, 0xde, 0x88, 0x0c, 0x69, 0x42, 0xc7, 0xc9, 0x02,
+	0x75, 0x21, 0xef, 0x93, 0x3d, 0xea, 0x4b, 0x3d, 0xc8, 0x9a, 0xfc, 0xfe, 0x93, 0x92, 0x5a, 0xff,
+	0xb7, 0xc2, 0x77, 0x03, 0xc1, 0x8f, 0xb0, 0x26, 0x23, 0x1b, 0x96, 0x1d, 0x36, 0x1a, 0x91, 0x40,
+	0xce, 0x8e, 0xc5, 0xb5, 0x22, 0x9e, 0x2c, 0x11, 0x02, 0x93, 0xf0, 0x61, 0x64, 0x9b, 0xca, 0xad,
+	0x6c, 0x54, 0x86, 0x45, 0x1a, 0x8c, 0xed, 0x25, 0xe5, 0x92, 0xa6, 0xf4, 0xb8, 0x5e, 0xd2, 0xd0,
+	0x22, 0x96, 0xa6, 0xe4, 0xc5, 0x11, 0xe5, 0xf6, 0xb2, 0x72, 0x29, 0x1b, 0xfd, 0x05, 0xf2, 0x23,
+	0x16, 0x07, 0x22, 0xb2, 0x0b, 0x2a, 0xd9, 0xdb, 0x59, 0xc9, 0x6e, 0x4b, 0x84, 0x9e, 0x6d, 0x1a,
+	0x8e, 0x5e, 0xc0, 0xb5, 0x48, 0xb0, 0x70, 0x30, 0xe4, 0xc4, 0xa1, 0x83, 0x90, 0x72, 0x8f, 0xb9,
+	0x76, 0xf1, 0xe2, 0x11, 0xd9, 0xd1, 0xd7, 0x37, 0xbe, 0x2a, 0x69, 0x9b, 0x92, 0xd5, 0x57, 0x24,
+	0xd4, 0x87, 0x52, 0x18, 0xfb, 0xfe, 0x80, 0x85, 0xc9, 0xa4, 0x06, 0x15, 0xe4, 0x33, 0xaa, 0xd6,
+	0x8f, 0x7d, 0xff, 0x65, 0x42, 0xc2, 0x56, 0x38, 0x5b, 0xa0, 0x9b, 0x90, 0x1f, 0x72, 0x16, 0x87,
+	0x91, 0x6d, 0xa9, 0x7a, 0xe8, 0x15, 0x7a, 0x0e, 0xcb, 0x11, 0x75, 0x38, 0x15, 0x91, 0x5d, 0x52,
+	0xbf, 0xf6, 0x7e, 0xd6, 0x21, 0xbb, 0x0a, 0x82, 0xe9, 0x3e, 0xe5, 0x34, 0x70, 0x28, 0x9e, 0x70,
+	0x2a, 0x4f, 0xc1, 0x4a, 0x35, 0x4a, 0x16, 0xf8, 0x90, 0x1e, 0xe9, 0xde, 0x4b, 0x53, 0xea, 0x61,
+	0x4c, 0xfc, 0x38, 0x79, 0x3e, 0x14, 0x71, 0xb2, 0xf8, 0xeb, 0xc2, 0x13, 0xa3, 0xd2, 0x00, 0x2b,
+	0x95, 0x2d, 0xba, 0x0f, 0x2b, 0x9c, 0x0e, 0xbd, 0x48, 0xf0, 0xa3, 0x01, 0x89, 0xc5, 0x81, 0xfd,
+	0x0f, 0x45, 0x28, 0x4d, 0x9c, 0xcd, 0x58, 0x1c, 0xd4, 0x7f, 0x34, 0xa0, 0x94, 0x9e, 0x87, 0xa8,
+	0x9d, 0x4c, 0x41, 0x75, 0xe2, 0x95, 0xc6, 0xc6, 0xa7, 0xe6, 0xa7, 0x9a, 0x39, 0x7e, 0x2c, 0x4f,
+	0xdc, 0x96, 0x6f, 0x16, 0x45, 0x46, 0x7f, 0x86, 0xa5, 0x90, 0x71, 0x31, 0x11, 0x67, 0x35, 0x73,
+	0x4e, 0x30, 0x3e, 0xf9, 0x46, 0x13, 0x70, 0xfd, 0x00, 0xae, 0xcc, 0x47, 0x43, 0x0f, 0x60, 0xf1,
+	0x4d, 0xaf, 0x5f, 0xce, 0x55, 0xee, 0x1c, 0x9f, 0xd4, 0x6e, 0xcd, 0x6f, 0xbe, 0xf1, 0xb8, 0x88,
+	0x89, 0xdf, 0xeb, 0xa3, 0xdf, 0xc2, 0x52, 0x67, 0x67, 0x17, 0xe3, 0xb2, 0x51, 0x59, 0x3d, 0x3e,
+	0xa9, 0xdd, 0x99, 0xc7, 0xc9, 0x2d, 0x16, 0x07, 0x2e, 0x66, 0x7b, 0xd3, 0x6b, 0xfc, 0xab, 0x05,
+	0xb0, 0xf4, 0x37, 0x7b, 0xb9, 0xd7, 0xf8, 0xdf, 0x61, 0x25, 0x99, 0x71, 0x03, 0x47, 0xfd, 0x34,
+	0x3d, 0xad, 0x3f, 0x36, 0xea, 0x4a, 0x09, 0x21, 0x29, 0x05, 0xba, 0x07, 0x25, 0x2f, 0x1c, 0x3f,
+	0x1e, 0xd0, 0x80, 0xec, 0xf9, 0xfa, 0x46, 0x2f, 0x60, 0x4b, 0xfa, 0xba, 0x89, 0x4b, 0x5e, 0x45,
+	0x5e, 0x20, 0x28, 0x0f, 0xf4, 0x5d, 0x5d, 0xc0, 0xd3, 0x35, 0x7a, 0x0e, 0xa6, 0x17, 0x92, 0x91,
+	0x9e, 0xcf, 0x99, 0xbf, 0xa0, 0xd7, 0x6f, 0x6e, 0x6b, 0x89, 0xb4, 0x0a, 0xe7, 0xa7, 0xab, 0xa6,
+	0x74, 0x60, 0x45, 0x43, 0xd5, 0xc9, 0x88, 0x94, 0x27, 0xa9, 0xaf, 0xba, 0x80, 0x53, 0x9e, 0xfa,
+	0x97, 0x26, 0x58, 0x6d, 0x3f, 0x8e, 0x84, 0x9e, 0x4d, 0x97, 0x56, 0xb7, 0xff, 0xc0, 0x35, 0xa2,
+	0x1e, 0x7d, 0x24, 0x90, 0x1f, 0xba, 0xba, 0x7a, 0x74, 0xed, 0x1e, 0x64, 0x86, 0x9b, 0x82, 0x93,
+	0x6b, 0xaa, 0x95, 0x97, 0x31, 0x6d, 0x03, 0x97, 0xc9, 0xcf, 0x76, 0xd0, 0x2e, 0xac, 0x30, 0xee,
+	0x1c, 0xd0, 0x48, 0x24, 0xb3, 0x41, 0x3f, 0x92, 0x32, 0x9f, 0xcf, 0x2f, 0xd3, 0x40, 0xfd, 0xc4,
+	0x48, 0xb2, 0x9d, 0x8f, 0x81, 0x9e, 0x80, 0xc9, 0xc9, 0xfe, 0xe4, 0x1a, 0xcd, 0xd4, 0x37, 0x26,
+	0xfb, 0x62, 0x2e, 0x84, 0x62, 0xa0, 0x7f, 0x01, 0xb8, 0x5e, 0x14, 0x12, 0xe1, 0x1c, 0x50, 0xae,
+	0xfb, 0x94, 0xf9, 0x13, 0x3b, 0x53, 0xd4, 0x5c, 0x94, 0x14, 0x1b, 0x6d, 0x41, 0xd1, 0x21, 0x13,
+	0xa5, 0xe5, 0x2f, 0x1e, 0x8b, 0xed, 0xa6, 0x0e, 0x51, 0x96, 0x21, 0xce, 0x4f, 0x57, 0x0b, 0x13,
+	0x0f, 0x2e, 0x38, 0x44, 0x2b, 0x6f, 0x0b, 0x56, 0xe4, 0x8b, 0x72, 0xe0, 0xd2, 0x7d, 0x12, 0xfb,
+	0x22, 0x52, 0x13, 0xfc, 0x82, 0x17, 0x94, 0x7c, 0xdc, 0x74, 0x34, 0x4e, 0xe7, 0x55, 0x12, 0x29,
+	0x5f, 0xdd, 0x03, 0x48, 0x26, 0xdc, 0xe5, 0xca, 0x04, 0x81, 0xe9, 0x12, 0x41, 0x94, 0x32, 0x4a,
+	0x58, 0xd9, 0xad, 0xbb, 0xef, 0xcf, 0xaa, 0xb9, 0x6f, 0xce, 0xaa, 0xb9, 0x1f, 0xce, 0xaa, 0xc6,
+	0xff, 0xce, 0xab, 0xc6, 0xfb, 0xf3, 0xaa, 0xf1, 0xf5, 0x79, 0xd5, 0xf8, 0xf6, 0xbc, 0x6a, 0xec,
+	0xe5, 0xd5, 0x1f, 0xb9, 0x3f, 0xfd, 0x14, 0x00, 0x00, 0xff, 0xff, 0xc3, 0xfc, 0x45, 0x4e, 0x27,
+	0x0e, 0x00, 0x00,
 }

vendor/src/github.com/docker/swarmkit/api/specs.proto

@@ -188,6 +188,10 @@ message ContainerSpec {
 
 	// PullOptions parameterize the behavior of image pulls.
 	PullOptions pull_options = 10;
+
+	// Secrets contains references to zero or more secrets that
+	// will be exposed to the container.
+	repeated SecretReference secrets = 12;
 }
 
 // EndpointSpec defines the properties that can be configured to
@@ -271,3 +275,11 @@ message ClusterSpec {
 	// TaskDefaults specifies the default values to use for task creation.
 	TaskDefaults task_defaults = 7 [(gogoproto.nullable) = false];
 }
+
+// SecretSpec specifies a user-provided secret.
+message SecretSpec {
+	Annotations annotations = 1 [(gogoproto.nullable) = false];
+
+	// Data is the secret payload - the maximum size is 500KB (that is, 500*1024 bytes)
+	bytes data = 2;
+}

vendor/src/github.com/docker/swarmkit/api/types.pb.go

@@ -56,6 +56,7 @@
 		Certificate
 		EncryptionKey
 		ManagerStatus
+		SecretReference
 		NodeSpec
 		ServiceSpec
 		ReplicatedService
@@ -66,6 +67,7 @@
 		EndpointSpec
 		NetworkSpec
 		ClusterSpec
+		SecretSpec
 		Meta
 		Node
 		Service
@@ -74,6 +76,7 @@
 		NetworkAttachment
 		Network
 		Cluster
+		Secret
 		GetNodeRequest
 		GetNodeResponse
 		ListNodesRequest
@@ -113,6 +116,14 @@
 		JoinTokenRotation
 		UpdateClusterRequest
 		UpdateClusterResponse
+		GetSecretRequest
+		GetSecretResponse
+		ListSecretsRequest
+		ListSecretsResponse
+		CreateSecretRequest
+		CreateSecretResponse
+		RemoveSecretRequest
+		RemoveSecretResponse
 		SessionRequest
 		SessionMessage
 		HeartbeatRequest
@@ -597,6 +608,35 @@ func (EncryptionKey_Algorithm) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptorTypes, []int{36, 0}
 }
 
+// Mode specifies how this secret should be exposed to the task.
+type SecretReference_Mode int32
+
+const (
+	// SYSTEM means that it is not exposed inside to a task at all, but
+	// only available via direct access, usually at the agent-level
+	SecretReference_SYSTEM SecretReference_Mode = 0
+	// FILE means that it will be exposed to the task as a file
+	SecretReference_FILE SecretReference_Mode = 1
+	// ENV means that it will be exposed to the task as an environment variable
+	SecretReference_ENV SecretReference_Mode = 2
+)
+
+var SecretReference_Mode_name = map[int32]string{
+	0: "SYSTEM",
+	1: "FILE",
+	2: "ENV",
+}
+var SecretReference_Mode_value = map[string]int32{
+	"SYSTEM": 0,
+	"FILE":   1,
+	"ENV":    2,
+}
+
+func (x SecretReference_Mode) String() string {
+	return proto.EnumName(SecretReference_Mode_name, int32(x))
+}
+func (SecretReference_Mode) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{38, 0} }
+
 // Version tracks the last time an object in the store was updated.
 type Version struct {
 	Index uint64 `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
@@ -834,26 +874,26 @@ type UpdateConfig struct {
 	// count as a failure. If Monitor is unspecified, a default value will
 	// be used.
 	Monitor *docker_swarmkit_v11.Duration `protobuf:"bytes,4,opt,name=monitor" json:"monitor,omitempty"`
-	// AllowedFailureFraction is the fraction of tasks that may fail during
+	// MaxFailureRatio is the fraction of tasks that may fail during
 	// an update before the failure action is invoked. Any task created by
 	// the current update which ends up in one of the states REJECTED,
 	// COMPLETED or FAILED within Monitor from its creation counts as a
 	// failure. The number of failures is divided by the number of tasks
 	// being updated, and if this fraction is greater than
-	// AllowedFailureFraction, the failure action is invoked.
+	// MaxFailureRatio, the failure action is invoked.
 	//
 	// If the failure action is CONTINUE, there is no effect.
 	// If the failure action is PAUSE, no more tasks will be updated until
 	// another update is started.
 	// If the failure action is ROLLBACK, the orchestrator will attempt to
-	// roll back to the previous service spec. If the AllowedFailureFraction
+	// roll back to the previous service spec. If the MaxFailureRatio
 	// threshold is hit during the rollback, the rollback will pause.
 	//
 	// TODO(aaronl): Should there be a separate failure threshold for
 	// rollbacks? Should there be a failure action for rollbacks (to allow
 	// them to do something other than pause when the rollback encounters
 	// errors)?
-	AllowedFailureFraction float32 `protobuf:"fixed32,5,opt,name=allowed_failure_fraction,json=allowedFailureFraction,proto3" json:"allowed_failure_fraction,omitempty"`
+	MaxFailureRatio float32 `protobuf:"fixed32,5,opt,name=max_failure_ratio,json=maxFailureRatio,proto3" json:"max_failure_ratio,omitempty"`
 }
 
 func (m *UpdateConfig) Reset()                    { *m = UpdateConfig{} }
@@ -1335,6 +1375,25 @@ func (m *ManagerStatus) Reset()                    { *m = ManagerStatus{} }
 func (*ManagerStatus) ProtoMessage()               {}
 func (*ManagerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{37} }
 
+// SecretReference is the linkage between a service and a secret that it uses.
+type SecretReference struct {
+	// SecretID represents the ID of the specific Secret that we're
+	// referencing. This identifier exists so that SecretReferences don't leak
+	// any information about the secret contents.
+	SecretID string `protobuf:"bytes,1,opt,name=secret_id,json=secretId,proto3" json:"secret_id,omitempty"`
+	// Mode is the way the secret should be presented.
+	Mode SecretReference_Mode `protobuf:"varint,2,opt,name=mode,proto3,enum=docker.swarmkit.v1.SecretReference_Mode" json:"mode,omitempty"`
+	// Target is the name by which the image accesses the secret.
+	Target string `protobuf:"bytes,3,opt,name=target,proto3" json:"target,omitempty"`
+	// SecretName is the name of the secret that this references, but this is just provided for
+	// lookup/display purposes.  The secret in the reference will be identified by its ID.
+	SecretName string `protobuf:"bytes,4,opt,name=secret_name,json=secretName,proto3" json:"secret_name,omitempty"`
+}
+
+func (m *SecretReference) Reset()                    { *m = SecretReference{} }
+func (*SecretReference) ProtoMessage()               {}
+func (*SecretReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{38} }
+
 func init() {
 	proto.RegisterType((*Version)(nil), "docker.swarmkit.v1.Version")
 	proto.RegisterType((*Annotations)(nil), "docker.swarmkit.v1.Annotations")
@@ -1379,6 +1438,7 @@ func init() {
 	proto.RegisterType((*Certificate)(nil), "docker.swarmkit.v1.Certificate")
 	proto.RegisterType((*EncryptionKey)(nil), "docker.swarmkit.v1.EncryptionKey")
 	proto.RegisterType((*ManagerStatus)(nil), "docker.swarmkit.v1.ManagerStatus")
+	proto.RegisterType((*SecretReference)(nil), "docker.swarmkit.v1.SecretReference")
 	proto.RegisterEnum("docker.swarmkit.v1.TaskState", TaskState_name, TaskState_value)
 	proto.RegisterEnum("docker.swarmkit.v1.NodeRole", NodeRole_name, NodeRole_value)
 	proto.RegisterEnum("docker.swarmkit.v1.RaftMemberStatus_Reachability", RaftMemberStatus_Reachability_name, RaftMemberStatus_Reachability_value)
@@ -1393,6 +1453,7 @@ func init() {
 	proto.RegisterEnum("docker.swarmkit.v1.IssuanceStatus_State", IssuanceStatus_State_name, IssuanceStatus_State_value)
 	proto.RegisterEnum("docker.swarmkit.v1.ExternalCA_CAProtocol", ExternalCA_CAProtocol_name, ExternalCA_CAProtocol_value)
 	proto.RegisterEnum("docker.swarmkit.v1.EncryptionKey_Algorithm", EncryptionKey_Algorithm_name, EncryptionKey_Algorithm_value)
+	proto.RegisterEnum("docker.swarmkit.v1.SecretReference_Mode", SecretReference_Mode_name, SecretReference_Mode_value)
 }
 
 func (m *Version) Copy() *Version {
@@ -1642,11 +1703,11 @@ func (m *UpdateConfig) Copy() *UpdateConfig {
 	}
 
 	o := &UpdateConfig{
-		Parallelism:            m.Parallelism,
-		Delay:                  *m.Delay.Copy(),
-		FailureAction:          m.FailureAction,
-		Monitor:                m.Monitor.Copy(),
-		AllowedFailureFraction: m.AllowedFailureFraction,
+		Parallelism:     m.Parallelism,
+		Delay:           *m.Delay.Copy(),
+		FailureAction:   m.FailureAction,
+		Monitor:         m.Monitor.Copy(),
+		MaxFailureRatio: m.MaxFailureRatio,
 	}
 
 	return o
@@ -2071,6 +2132,21 @@ func (m *ManagerStatus) Copy() *ManagerStatus {
 	return o
 }
 
+func (m *SecretReference) Copy() *SecretReference {
+	if m == nil {
+		return nil
+	}
+
+	o := &SecretReference{
+		SecretID:   m.SecretID,
+		Mode:       m.Mode,
+		Target:     m.Target,
+		SecretName: m.SecretName,
+	}
+
+	return o
+}
+
 func (this *Version) GoString() string {
 	if this == nil {
 		return "nil"
@@ -2328,7 +2404,7 @@ func (this *UpdateConfig) GoString() string {
 	if this.Monitor != nil {
 		s = append(s, "Monitor: "+fmt.Sprintf("%#v", this.Monitor)+",\n")
 	}
-	s = append(s, "AllowedFailureFraction: "+fmt.Sprintf("%#v", this.AllowedFailureFraction)+",\n")
+	s = append(s, "MaxFailureRatio: "+fmt.Sprintf("%#v", this.MaxFailureRatio)+",\n")
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
@@ -2709,6 +2785,19 @@ func (this *ManagerStatus) GoString() string {
 	s = append(s, "}")
 	return strings.Join(s, "")
 }
+func (this *SecretReference) GoString() string {
+	if this == nil {
+		return "nil"
+	}
+	s := make([]string, 0, 8)
+	s = append(s, "&api.SecretReference{")
+	s = append(s, "SecretID: "+fmt.Sprintf("%#v", this.SecretID)+",\n")
+	s = append(s, "Mode: "+fmt.Sprintf("%#v", this.Mode)+",\n")
+	s = append(s, "Target: "+fmt.Sprintf("%#v", this.Target)+",\n")
+	s = append(s, "SecretName: "+fmt.Sprintf("%#v", this.SecretName)+",\n")
+	s = append(s, "}")
+	return strings.Join(s, "")
+}
 func valueToGoStringTypes(v interface{}, typ string) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -3396,10 +3485,10 @@ func (m *UpdateConfig) MarshalTo(data []byte) (int, error) {
 		}
 		i += n13
 	}
-	if m.AllowedFailureFraction != 0 {
+	if m.MaxFailureRatio != 0 {
 		data[i] = 0x2d
 		i++
-		i = encodeFixed32Types(data, i, uint32(math.Float32bits(float32(m.AllowedFailureFraction))))
+		i = encodeFixed32Types(data, i, uint32(math.Float32bits(float32(m.MaxFailureRatio))))
 	}
 	return i, nil
 }
@@ -4428,6 +4517,47 @@ func (m *ManagerStatus) MarshalTo(data []byte) (int, error) {
 	return i, nil
 }
 
+func (m *SecretReference) Marshal() (data []byte, err error) {
+	size := m.Size()
+	data = make([]byte, size)
+	n, err := m.MarshalTo(data)
+	if err != nil {
+		return nil, err
+	}
+	return data[:n], nil
+}
+
+func (m *SecretReference) MarshalTo(data []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.SecretID) > 0 {
+		data[i] = 0xa
+		i++
+		i = encodeVarintTypes(data, i, uint64(len(m.SecretID)))
+		i += copy(data[i:], m.SecretID)
+	}
+	if m.Mode != 0 {
+		data[i] = 0x10
+		i++
+		i = encodeVarintTypes(data, i, uint64(m.Mode))
+	}
+	if len(m.Target) > 0 {
+		data[i] = 0x1a
+		i++
+		i = encodeVarintTypes(data, i, uint64(len(m.Target)))
+		i += copy(data[i:], m.Target)
+	}
+	if len(m.SecretName) > 0 {
+		data[i] = 0x22
+		i++
+		i = encodeVarintTypes(data, i, uint64(len(m.SecretName)))
+		i += copy(data[i:], m.SecretName)
+	}
+	return i, nil
+}
+
 func encodeFixed64Types(data []byte, offset int, v uint64) int {
 	data[offset] = uint8(v)
 	data[offset+1] = uint8(v >> 8)
@@ -4731,7 +4861,7 @@ func (m *UpdateConfig) Size() (n int) {
 		l = m.Monitor.Size()
 		n += 1 + l + sovTypes(uint64(l))
 	}
-	if m.AllowedFailureFraction != 0 {
+	if m.MaxFailureRatio != 0 {
 		n += 5
 	}
 	return n
@@ -5188,6 +5318,27 @@ func (m *ManagerStatus) Size() (n int) {
 	return n
 }
 
+func (m *SecretReference) Size() (n int) {
+	var l int
+	_ = l
+	l = len(m.SecretID)
+	if l > 0 {
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	if m.Mode != 0 {
+		n += 1 + sovTypes(uint64(m.Mode))
+	}
+	l = len(m.Target)
+	if l > 0 {
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	l = len(m.SecretName)
+	if l > 0 {
+		n += 1 + l + sovTypes(uint64(l))
+	}
+	return n
+}
+
 func sovTypes(x uint64) (n int) {
 	for {
 		n++
@@ -5425,7 +5576,7 @@ func (this *UpdateConfig) String() string {
 		`Delay:` + strings.Replace(strings.Replace(this.Delay.String(), "Duration", "docker_swarmkit_v11.Duration", 1), `&`, ``, 1) + `,`,
 		`FailureAction:` + fmt.Sprintf("%v", this.FailureAction) + `,`,
 		`Monitor:` + strings.Replace(fmt.Sprintf("%v", this.Monitor), "Duration", "docker_swarmkit_v11.Duration", 1) + `,`,
-		`AllowedFailureFraction:` + fmt.Sprintf("%v", this.AllowedFailureFraction) + `,`,
+		`MaxFailureRatio:` + fmt.Sprintf("%v", this.MaxFailureRatio) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -5777,6 +5928,19 @@ func (this *ManagerStatus) String() string {
 	}, "")
 	return s
 }
+func (this *SecretReference) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SecretReference{`,
+		`SecretID:` + fmt.Sprintf("%v", this.SecretID) + `,`,
+		`Mode:` + fmt.Sprintf("%v", this.Mode) + `,`,
+		`Target:` + fmt.Sprintf("%v", this.Target) + `,`,
+		`SecretName:` + fmt.Sprintf("%v", this.SecretName) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringTypes(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -8076,7 +8240,7 @@ func (m *UpdateConfig) Unmarshal(data []byte) error {
 			iNdEx = postIndex
 		case 5:
 			if wireType != 5 {
-				return fmt.Errorf("proto: wrong wireType = %d for field AllowedFailureFraction", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxFailureRatio", wireType)
 			}
 			var v uint32
 			if (iNdEx + 4) > l {
@@ -8087,7 +8251,7 @@ func (m *UpdateConfig) Unmarshal(data []byte) error {
 			v |= uint32(data[iNdEx-3]) << 8
 			v |= uint32(data[iNdEx-2]) << 16
 			v |= uint32(data[iNdEx-1]) << 24
-			m.AllowedFailureFraction = float32(math.Float32frombits(v))
+			m.MaxFailureRatio = float32(math.Float32frombits(v))
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTypes(data[iNdEx:])
@@ -11598,6 +11762,162 @@ func (m *ManagerStatus) Unmarshal(data []byte) error {
 	}
 	return nil
 }
+func (m *SecretReference) Unmarshal(data []byte) error {
+	l := len(data)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowTypes
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := data[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SecretReference: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SecretReference: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretID", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.SecretID = string(data[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
+			}
+			m.Mode = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				m.Mode |= (SecretReference_Mode(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Target", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Target = string(data[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SecretName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTypes
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := data[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTypes
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.SecretName = string(data[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipTypes(data[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthTypes
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipTypes(data []byte) (n int, err error) {
 	l := len(data)
 	iNdEx := 0
@@ -11706,225 +12026,231 @@ var (
 func init() { proto.RegisterFile("types.proto", fileDescriptorTypes) }
 
 var fileDescriptorTypes = []byte{
-	// 3518 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x59, 0x4d, 0x6c, 0x23, 0x47,
-	0x76, 0x16, 0x7f, 0x45, 0x3e, 0x52, 0x9a, 0x9e, 0x9a, 0xd9, 0xb1, 0x86, 0x1e, 0x4b, 0x74, 0x8f,
-	0x67, 0x3d, 0xeb, 0x75, 0x68, 0x5b, 0xde, 0x18, 0xb3, 0x9e, 0x64, 0xed, 0x16, 0x49, 0xcd, 0x70,
-	0x47, 0xa2, 0x88, 0xa2, 0x38, 0x03, 0x23, 0x40, 0x1a, 0xa5, 0xee, 0x12, 0xd5, 0x56, 0xb3, 0x8b,
-	0xe9, 0x2e, 0x4a, 0xc3, 0x04, 0x01, 0x26, 0x39, 0x24, 0x81, 0x4e, 0xb9, 0x07, 0xc2, 0x22, 0x48,
-	0x90, 0x5b, 0xce, 0x01, 0x72, 0xf2, 0xd1, 0xc7, 0x0d, 0x02, 0x04, 0x8b, 0x04, 0x10, 0x62, 0xe5,
-	0x98, 0xcb, 0x02, 0x41, 0xb0, 0x87, 0xe4, 0x10, 0xd4, 0x4f, 0x37, 0x7f, 0x86, 0x23, 0x8f, 0xb3,
-	0x7b, 0x62, 0xd7, 0xab, 0xef, 0xbd, 0x7a, 0x55, 0xf5, 0xea, 0xd5, 0xf7, 0x8a, 0x50, 0xe2, 0xe3,
-	0x21, 0x8d, 0x6a, 0xc3, 0x90, 0x71, 0x86, 0x90, 0xcb, 0x9c, 0x63, 0x1a, 0xd6, 0xa2, 0x53, 0x12,
-	0x0e, 0x8e, 0x3d, 0x5e, 0x3b, 0xf9, 0xa8, 0x72, 0x9b, 0x7b, 0x03, 0x1a, 0x71, 0x32, 0x18, 0x7e,
-	0x90, 0x7c, 0x29, 0x78, 0xe5, 0x0d, 0x77, 0x14, 0x12, 0xee, 0xb1, 0xe0, 0x83, 0xf8, 0x43, 0x77,
-	0xdc, 0xec, 0xb3, 0x3e, 0x93, 0x9f, 0x1f, 0x88, 0x2f, 0x25, 0x35, 0x37, 0x60, 0xf9, 0x29, 0x0d,
-	0x23, 0x8f, 0x05, 0xe8, 0x26, 0xe4, 0xbc, 0xc0, 0xa5, 0xcf, 0xd7, 0x52, 0xd5, 0xd4, 0xfd, 0x2c,
-	0x56, 0x0d, 0xf3, 0xaf, 0x53, 0x50, 0xb2, 0x82, 0x80, 0x71, 0x69, 0x2b, 0x42, 0x08, 0xb2, 0x01,
-	0x19, 0x50, 0x09, 0x2a, 0x62, 0xf9, 0x8d, 0xea, 0x90, 0xf7, 0xc9, 0x01, 0xf5, 0xa3, 0xb5, 0x74,
-	0x35, 0x73, 0xbf, 0xb4, 0xf9, 0xc3, 0xda, 0xcb, 0x3e, 0xd7, 0xa6, 0x8c, 0xd4, 0x76, 0x24, 0xba,
-	0x19, 0xf0, 0x70, 0x8c, 0xb5, 0x6a, 0xe5, 0xc7, 0x50, 0x9a, 0x12, 0x23, 0x03, 0x32, 0xc7, 0x74,
-	0xac, 0x87, 0x11, 0x9f, 0xc2, 0xbf, 0x13, 0xe2, 0x8f, 0xe8, 0x5a, 0x5a, 0xca, 0x54, 0xe3, 0xd3,
-	0xf4, 0x83, 0x94, 0xf9, 0x05, 0x14, 0x31, 0x8d, 0xd8, 0x28, 0x74, 0x68, 0x84, 0x7e, 0x00, 0xc5,
-	0x80, 0x04, 0xcc, 0x76, 0x86, 0xa3, 0x48, 0xaa, 0x67, 0xb6, 0xca, 0x97, 0x17, 0x1b, 0x85, 0x36,
-	0x09, 0x58, 0xbd, 0xd3, 0x8b, 0x70, 0x41, 0x74, 0xd7, 0x87, 0xa3, 0x08, 0xbd, 0x0d, 0xe5, 0x01,
-	0x1d, 0xb0, 0x70, 0x6c, 0x1f, 0x8c, 0x39, 0x8d, 0xa4, 0xe1, 0x0c, 0x2e, 0x29, 0xd9, 0x96, 0x10,
-	0x99, 0x7f, 0x99, 0x82, 0x9b, 0xb1, 0x6d, 0x4c, 0xff, 0x60, 0xe4, 0x85, 0x74, 0x40, 0x03, 0x1e,
-	0xa1, 0xdf, 0x86, 0xbc, 0xef, 0x0d, 0x3c, 0xae, 0xc6, 0x28, 0x6d, 0xbe, 0xb5, 0x68, 0xce, 0x89,
-	0x57, 0x58, 0x83, 0x91, 0x05, 0xe5, 0x90, 0x46, 0x34, 0x3c, 0x51, 0x2b, 0x21, 0x87, 0xfc, 0x56,
-	0xe5, 0x19, 0x15, 0x73, 0x1b, 0x0a, 0x1d, 0x9f, 0xf0, 0x43, 0x16, 0x0e, 0x90, 0x09, 0x65, 0x12,
-	0x3a, 0x47, 0x1e, 0xa7, 0x0e, 0x1f, 0x85, 0xf1, 0xae, 0xcc, 0xc8, 0xd0, 0x2d, 0x48, 0x33, 0x35,
-	0x50, 0x71, 0x2b, 0x7f, 0x79, 0xb1, 0x91, 0xde, 0xeb, 0xe2, 0x34, 0x8b, 0xcc, 0x87, 0x70, 0xbd,
-	0xe3, 0x8f, 0xfa, 0x5e, 0xd0, 0xa0, 0x91, 0x13, 0x7a, 0x43, 0x61, 0x5d, 0x6c, 0xaf, 0x08, 0xbe,
-	0x78, 0x7b, 0xc5, 0x77, 0xb2, 0xe5, 0xe9, 0xc9, 0x96, 0x9b, 0x7f, 0x9e, 0x86, 0xeb, 0xcd, 0xa0,
-	0xef, 0x05, 0x74, 0x5a, 0xfb, 0x1e, 0xac, 0x52, 0x29, 0xb4, 0x4f, 0x54, 0x50, 0x69, 0x3b, 0x2b,
-	0x4a, 0x1a, 0x47, 0x5a, 0x6b, 0x2e, 0x5e, 0x3e, 0x5a, 0x34, 0xfd, 0x97, 0xac, 0x2f, 0x8a, 0x1a,
-	0xd4, 0x84, 0xe5, 0xa1, 0x9c, 0x44, 0xb4, 0x96, 0x91, 0xb6, 0xee, 0x2d, 0xb2, 0xf5, 0xd2, 0x3c,
-	0xb7, 0xb2, 0x5f, 0x5f, 0x6c, 0x2c, 0xe1, 0x58, 0xf7, 0xd7, 0x09, 0xbe, 0xff, 0x48, 0xc1, 0xb5,
-	0x36, 0x73, 0x67, 0xd6, 0xa1, 0x02, 0x85, 0x23, 0x16, 0xf1, 0xa9, 0x83, 0x92, 0xb4, 0xd1, 0x03,
-	0x28, 0x0c, 0xf5, 0xf6, 0xe9, 0xdd, 0xbf, 0xb3, 0xd8, 0x65, 0x85, 0xc1, 0x09, 0x1a, 0x3d, 0x84,
-	0x62, 0x18, 0xc7, 0xc4, 0x5a, 0xe6, 0x75, 0x02, 0x67, 0x82, 0x47, 0xbf, 0x0b, 0x79, 0xb5, 0x09,
-	0x6b, 0x59, 0xa9, 0x79, 0xef, 0xb5, 0xd6, 0x1c, 0x6b, 0x25, 0xf3, 0x17, 0x29, 0x30, 0x30, 0x39,
-	0xe4, 0xbb, 0x74, 0x70, 0x40, 0xc3, 0x2e, 0x27, 0x7c, 0x14, 0xa1, 0x5b, 0x90, 0xf7, 0x29, 0x71,
-	0x69, 0x28, 0x27, 0x59, 0xc0, 0xba, 0x85, 0x7a, 0x22, 0xc8, 0x89, 0x73, 0x44, 0x0e, 0x3c, 0xdf,
-	0xe3, 0x63, 0x39, 0xcd, 0xd5, 0xc5, 0xbb, 0x3c, 0x6f, 0xb3, 0x86, 0xa7, 0x14, 0xf1, 0x8c, 0x19,
-	0xb4, 0x06, 0xcb, 0x03, 0x1a, 0x45, 0xa4, 0x4f, 0xe5, 0xec, 0x8b, 0x38, 0x6e, 0x9a, 0x0f, 0xa1,
-	0x3c, 0xad, 0x87, 0x4a, 0xb0, 0xdc, 0x6b, 0x3f, 0x69, 0xef, 0x3d, 0x6b, 0x1b, 0x4b, 0xe8, 0x1a,
-	0x94, 0x7a, 0x6d, 0xdc, 0xb4, 0xea, 0x8f, 0xad, 0xad, 0x9d, 0xa6, 0x91, 0x42, 0x2b, 0x50, 0x9c,
-	0x34, 0xd3, 0xe6, 0xcf, 0x52, 0x00, 0x62, 0x03, 0xf5, 0xa4, 0x3e, 0x85, 0x5c, 0xc4, 0x09, 0x57,
-	0x1b, 0xb7, 0xba, 0xf9, 0xce, 0x22, 0xaf, 0x27, 0xf0, 0x9a, 0xf8, 0xa1, 0x58, 0xa9, 0x4c, 0x7b,
-	0x98, 0x9e, 0xf7, 0x30, 0x27, 0x91, 0xb3, 0xae, 0x15, 0x20, 0xdb, 0x10, 0x5f, 0x29, 0x54, 0x84,
-	0x1c, 0x6e, 0x5a, 0x8d, 0x2f, 0x8c, 0x34, 0x32, 0xa0, 0xdc, 0x68, 0x75, 0xeb, 0x7b, 0xed, 0x76,
-	0xb3, 0xbe, 0xdf, 0x6c, 0x18, 0x19, 0xf3, 0x1e, 0xe4, 0x5a, 0x03, 0xd2, 0xa7, 0xe8, 0x8e, 0x88,
-	0x80, 0x43, 0x1a, 0xd2, 0xc0, 0x89, 0x03, 0x6b, 0x22, 0x30, 0x7f, 0x5e, 0x84, 0xdc, 0x2e, 0x1b,
-	0x05, 0x1c, 0x6d, 0x4e, 0x9d, 0xe2, 0xd5, 0xcd, 0xf5, 0x45, 0x53, 0x90, 0xc0, 0xda, 0xfe, 0x78,
-	0x48, 0xf5, 0x29, 0xbf, 0x05, 0x79, 0x15, 0x2b, 0xda, 0x75, 0xdd, 0x12, 0x72, 0x4e, 0xc2, 0x3e,
-	0xe5, 0x7a, 0xd1, 0x75, 0x0b, 0xdd, 0x87, 0x42, 0x48, 0x89, 0xcb, 0x02, 0x7f, 0x2c, 0x43, 0xaa,
-	0xa0, 0xd2, 0x2c, 0xa6, 0xc4, 0xdd, 0x0b, 0xfc, 0x31, 0x4e, 0x7a, 0xd1, 0x63, 0x28, 0x1f, 0x78,
-	0x81, 0x6b, 0xb3, 0xa1, 0xca, 0x79, 0xb9, 0x57, 0x07, 0xa0, 0xf2, 0x6a, 0xcb, 0x0b, 0xdc, 0x3d,
-	0x05, 0xc6, 0xa5, 0x83, 0x49, 0x03, 0xb5, 0x61, 0xf5, 0x84, 0xf9, 0xa3, 0x01, 0x4d, 0x6c, 0xe5,
-	0xa5, 0xad, 0x77, 0x5f, 0x6d, 0xeb, 0xa9, 0xc4, 0xc7, 0xd6, 0x56, 0x4e, 0xa6, 0x9b, 0xe8, 0x09,
-	0xac, 0xf0, 0xc1, 0xf0, 0x30, 0x4a, 0xcc, 0x2d, 0x4b, 0x73, 0xdf, 0xbf, 0x62, 0xc1, 0x04, 0x3c,
-	0xb6, 0x56, 0xe6, 0x53, 0xad, 0xca, 0x9f, 0x66, 0xa0, 0x34, 0xe5, 0x39, 0xea, 0x42, 0x69, 0x18,
-	0xb2, 0x21, 0xe9, 0xcb, 0xbc, 0xad, 0xf7, 0xe2, 0xa3, 0xd7, 0x9a, 0x75, 0xad, 0x33, 0x51, 0xc4,
-	0xd3, 0x56, 0xcc, 0xf3, 0x34, 0x94, 0xa6, 0x3a, 0xd1, 0x7b, 0x50, 0xc0, 0x1d, 0xdc, 0x7a, 0x6a,
-	0xed, 0x37, 0x8d, 0xa5, 0xca, 0x9d, 0xb3, 0xf3, 0xea, 0x9a, 0xb4, 0x36, 0x6d, 0xa0, 0x13, 0x7a,
-	0x27, 0x22, 0xf4, 0xee, 0xc3, 0x72, 0x0c, 0x4d, 0x55, 0xde, 0x3c, 0x3b, 0xaf, 0xbe, 0x31, 0x0f,
-	0x9d, 0x42, 0xe2, 0xee, 0x63, 0x0b, 0x37, 0x1b, 0x46, 0x7a, 0x31, 0x12, 0x77, 0x8f, 0x48, 0x48,
-	0x5d, 0xf4, 0x7d, 0xc8, 0x6b, 0x60, 0xa6, 0x52, 0x39, 0x3b, 0xaf, 0xde, 0x9a, 0x07, 0x4e, 0x70,
-	0xb8, 0xbb, 0x63, 0x3d, 0x6d, 0x1a, 0xd9, 0xc5, 0x38, 0xdc, 0xf5, 0xc9, 0x09, 0x45, 0xef, 0x40,
-	0x4e, 0xc1, 0x72, 0x95, 0xdb, 0x67, 0xe7, 0xd5, 0xef, 0xbd, 0x64, 0x4e, 0xa0, 0x2a, 0x6b, 0x7f,
-	0xf1, 0x37, 0xeb, 0x4b, 0xff, 0xf8, 0xb7, 0xeb, 0xc6, 0x7c, 0x77, 0xe5, 0x7f, 0x53, 0xb0, 0x32,
-	0xb3, 0xe5, 0xc8, 0x84, 0x7c, 0xc0, 0x1c, 0x36, 0x54, 0xe9, 0xbc, 0xb0, 0x05, 0x97, 0x17, 0x1b,
-	0xf9, 0x36, 0xab, 0xb3, 0xe1, 0x18, 0xeb, 0x1e, 0xf4, 0x64, 0xee, 0x42, 0xfa, 0xf8, 0x35, 0xe3,
-	0x69, 0xe1, 0x95, 0xf4, 0x19, 0xac, 0xb8, 0xa1, 0x77, 0x42, 0x43, 0xdb, 0x61, 0xc1, 0xa1, 0xd7,
-	0xd7, 0xa9, 0xba, 0xb2, 0xc8, 0x66, 0x43, 0x02, 0x71, 0x59, 0x29, 0xd4, 0x25, 0xfe, 0xd7, 0xb8,
-	0x8c, 0x2a, 0x4f, 0xa1, 0x3c, 0x1d, 0xa1, 0xe8, 0x2d, 0x80, 0xc8, 0xfb, 0x43, 0xaa, 0xf9, 0x8d,
-	0x64, 0x43, 0xb8, 0x28, 0x24, 0x92, 0xdd, 0xa0, 0x77, 0x21, 0x3b, 0x60, 0xae, 0xb2, 0x93, 0xdb,
-	0xba, 0x21, 0xee, 0xc4, 0x7f, 0xbd, 0xd8, 0x28, 0xb1, 0xa8, 0xb6, 0xed, 0xf9, 0x74, 0x97, 0xb9,
-	0x14, 0x4b, 0x80, 0x79, 0x02, 0x59, 0x91, 0x2a, 0xd0, 0x9b, 0x90, 0xdd, 0x6a, 0xb5, 0x1b, 0xc6,
-	0x52, 0xe5, 0xfa, 0xd9, 0x79, 0x75, 0x45, 0x2e, 0x89, 0xe8, 0x10, 0xb1, 0x8b, 0x36, 0x20, 0xff,
-	0x74, 0x6f, 0xa7, 0xb7, 0x2b, 0xc2, 0xeb, 0xc6, 0xd9, 0x79, 0xf5, 0x5a, 0xd2, 0xad, 0x16, 0x0d,
-	0xbd, 0x05, 0xb9, 0xfd, 0xdd, 0xce, 0x76, 0xd7, 0x48, 0x57, 0xd0, 0xd9, 0x79, 0x75, 0x35, 0xe9,
-	0x97, 0x3e, 0x57, 0xae, 0xeb, 0x5d, 0x2d, 0x26, 0x72, 0xf3, 0x7f, 0xd2, 0xb0, 0x82, 0x05, 0xbf,
-	0x0d, 0x79, 0x87, 0xf9, 0x9e, 0x33, 0x46, 0x1d, 0x28, 0x3a, 0x2c, 0x70, 0xbd, 0xa9, 0x33, 0xb5,
-	0xf9, 0x8a, 0x4b, 0x70, 0xa2, 0x15, 0xb7, 0xea, 0xb1, 0x26, 0x9e, 0x18, 0x41, 0x9b, 0x90, 0x73,
-	0xa9, 0x4f, 0xc6, 0x57, 0xdd, 0xc6, 0x0d, 0xcd, 0xa5, 0xb1, 0x82, 0x4a, 0xe6, 0x48, 0x9e, 0xdb,
-	0x84, 0x73, 0x3a, 0x18, 0x72, 0x75, 0x1b, 0x67, 0x71, 0x69, 0x40, 0x9e, 0x5b, 0x5a, 0x84, 0x7e,
-	0x04, 0xf9, 0x53, 0x2f, 0x70, 0xd9, 0xa9, 0xbe, 0x70, 0xaf, 0xb6, 0xab, 0xb1, 0xe6, 0x99, 0xb8,
-	0x67, 0xe7, 0x9c, 0x15, 0xab, 0xde, 0xde, 0x6b, 0x37, 0xe3, 0x55, 0xd7, 0xfd, 0x7b, 0x41, 0x9b,
-	0x05, 0xe2, 0xc4, 0xc0, 0x5e, 0xdb, 0xde, 0xb6, 0x5a, 0x3b, 0x3d, 0x2c, 0x56, 0xfe, 0xe6, 0xd9,
-	0x79, 0xd5, 0x48, 0x20, 0xdb, 0xc4, 0xf3, 0x05, 0x09, 0xbc, 0x0d, 0x19, 0xab, 0xfd, 0x85, 0x91,
-	0xae, 0x18, 0x67, 0xe7, 0xd5, 0x72, 0xd2, 0x6d, 0x05, 0xe3, 0xc9, 0x61, 0x9a, 0x1f, 0xd7, 0xfc,
-	0xcf, 0x34, 0x94, 0x7b, 0x43, 0x97, 0x70, 0xaa, 0x22, 0x13, 0x55, 0xa1, 0x34, 0x24, 0x21, 0xf1,
-	0x7d, 0xea, 0x7b, 0xd1, 0x40, 0x17, 0x0a, 0xd3, 0x22, 0xf4, 0xe0, 0x3b, 0x2c, 0xa6, 0x26, 0x61,
-	0x7a, 0x49, 0x7b, 0xb0, 0x7a, 0xa8, 0x9c, 0xb5, 0x89, 0x23, 0x77, 0x37, 0x23, 0x77, 0xb7, 0xb6,
-	0xc8, 0xc4, 0xb4, 0x57, 0x35, 0x3d, 0x47, 0x4b, 0x6a, 0xe1, 0x95, 0xc3, 0xe9, 0x26, 0xfa, 0x04,
-	0x96, 0x07, 0x2c, 0xf0, 0x38, 0x0b, 0x5f, 0x6b, 0x1f, 0x62, 0x30, 0x7a, 0x00, 0x6b, 0xc4, 0xf7,
-	0xd9, 0x29, 0x75, 0xed, 0xd8, 0xad, 0xc3, 0x50, 0x3b, 0x26, 0x2e, 0xb0, 0x34, 0xbe, 0xa5, 0xfb,
-	0xf5, 0xf0, 0xdb, 0xba, 0xd7, 0xfc, 0x04, 0x56, 0x66, 0x3c, 0x12, 0x77, 0x7b, 0xc7, 0xea, 0x75,
-	0x9b, 0xc6, 0x12, 0x2a, 0x43, 0xa1, 0xbe, 0xd7, 0xde, 0x6f, 0xb5, 0x7b, 0x82, 0x88, 0x94, 0xa1,
-	0x80, 0xf7, 0x76, 0x76, 0xb6, 0xac, 0xfa, 0x13, 0x23, 0x6d, 0xfe, 0x77, 0xb2, 0xda, 0x9a, 0x89,
-	0x6c, 0xcd, 0x32, 0x91, 0xf7, 0x5f, 0xbd, 0x10, 0x9a, 0x8b, 0x4c, 0x1a, 0x09, 0x23, 0xf9, 0x1d,
-	0x00, 0xb9, 0xa9, 0xd4, 0xb5, 0x09, 0xbf, 0xaa, 0xda, 0xd8, 0x8f, 0xeb, 0x48, 0x5c, 0xd4, 0x0a,
-	0x16, 0x47, 0x9f, 0x43, 0xd9, 0x61, 0x83, 0xa1, 0x4f, 0xb5, 0x7e, 0xe6, 0x75, 0xf4, 0x4b, 0x89,
-	0x8a, 0xc5, 0xa7, 0x19, 0x51, 0x76, 0x96, 0x11, 0xfd, 0x59, 0x0a, 0x4a, 0x53, 0x0e, 0xcf, 0x12,
-	0xa3, 0x32, 0x14, 0x7a, 0x9d, 0x86, 0xb5, 0xdf, 0x6a, 0x3f, 0x32, 0x52, 0x08, 0x20, 0x2f, 0x17,
-	0xb0, 0x61, 0xa4, 0x05, 0x79, 0xab, 0xef, 0xed, 0x76, 0x76, 0x9a, 0x92, 0x1a, 0xa1, 0x9b, 0x60,
-	0xc4, 0x4b, 0x68, 0x77, 0xf7, 0x2d, 0x2c, 0xa4, 0x59, 0x74, 0x03, 0xae, 0x25, 0x52, 0xad, 0x99,
-	0x43, 0xb7, 0x00, 0x25, 0xc2, 0x89, 0x89, 0xbc, 0xf9, 0xc7, 0x70, 0xad, 0xce, 0x02, 0x4e, 0xbc,
-	0x20, 0x21, 0xb6, 0x9b, 0x62, 0xde, 0x5a, 0x64, 0x7b, 0xae, 0xca, 0xbd, 0x5b, 0xd7, 0x2e, 0x2f,
-	0x36, 0x4a, 0x09, 0xb4, 0xd5, 0x10, 0x33, 0x8d, 0x1b, 0xae, 0x38, 0x61, 0x43, 0xcf, 0xd5, 0xa9,
-	0x74, 0xf9, 0xf2, 0x62, 0x23, 0xd3, 0x69, 0x35, 0xb0, 0x90, 0xa1, 0x37, 0xa1, 0x48, 0x9f, 0x7b,
-	0xdc, 0x76, 0x44, 0xae, 0x15, 0x6b, 0x98, 0xc3, 0x05, 0x21, 0xa8, 0x8b, 0xd4, 0xfa, 0x27, 0x69,
-	0x80, 0x7d, 0x12, 0x1d, 0xeb, 0xa1, 0x1f, 0x42, 0x31, 0x29, 0xe9, 0xaf, 0x2a, 0x2d, 0xa7, 0xf6,
-	0x2b, 0xc1, 0xa3, 0x8f, 0xe3, 0x88, 0x51, 0x8c, 0x7b, 0xb1, 0xa2, 0x1e, 0x6b, 0x11, 0x69, 0x9d,
-	0xa5, 0xd5, 0xe2, 0xe6, 0xa1, 0x61, 0xa8, 0x37, 0x4e, 0x7c, 0xa2, 0xba, 0xcc, 0xbe, 0x6a, 0xce,
-	0x9a, 0xc7, 0xdd, 0x5d, 0x34, 0xc8, 0xdc, 0x82, 0x3e, 0x5e, 0xc2, 0x13, 0xbd, 0x2d, 0x03, 0x56,
-	0xc3, 0x51, 0x20, 0xbc, 0xb6, 0x23, 0xd9, 0x6d, 0x7a, 0xf0, 0x46, 0x9b, 0xf2, 0x53, 0x16, 0x1e,
-	0x5b, 0x9c, 0x13, 0xe7, 0x48, 0x94, 0xd8, 0x3a, 0xe5, 0x4c, 0xe8, 0x67, 0x6a, 0x86, 0x7e, 0xae,
-	0xc1, 0x32, 0xf1, 0x3d, 0x12, 0x51, 0x75, 0x67, 0x17, 0x71, 0xdc, 0x14, 0x24, 0x99, 0xb8, 0x6e,
-	0x48, 0xa3, 0x88, 0xaa, 0xa2, 0xb0, 0x88, 0x27, 0x02, 0xf3, 0x9f, 0xd3, 0x00, 0xad, 0x8e, 0xb5,
-	0xab, 0xcd, 0x37, 0x20, 0x7f, 0x48, 0x06, 0x9e, 0x3f, 0xbe, 0xea, 0x90, 0x4d, 0xf0, 0x35, 0x4b,
-	0x19, 0xda, 0x96, 0x3a, 0x58, 0xeb, 0x4a, 0xee, 0x3c, 0x3a, 0x08, 0x28, 0x4f, 0xb8, 0xb3, 0x6c,
-	0x89, 0x8b, 0x3a, 0x24, 0x41, 0xb2, 0xb0, 0xaa, 0x21, 0x5c, 0xef, 0x13, 0x4e, 0x4f, 0xc9, 0x38,
-	0x3e, 0x13, 0xba, 0x89, 0x1e, 0x0b, 0x4e, 0x2d, 0x4a, 0x7d, 0xea, 0xae, 0xe5, 0x24, 0x13, 0xf9,
-	0x36, 0x7f, 0xb0, 0x86, 0x2b, 0x0a, 0x92, 0x68, 0x57, 0x1e, 0xca, 0x7b, 0x73, 0xd2, 0xf5, 0x9d,
-	0x4a, 0xda, 0x0f, 0x61, 0x65, 0x66, 0x9e, 0x2f, 0x15, 0x2d, 0xad, 0xce, 0xd3, 0x1f, 0x19, 0x59,
-	0xfd, 0xf5, 0x89, 0x91, 0x37, 0xff, 0x2b, 0x05, 0xd0, 0x61, 0x61, 0xbc, 0x69, 0x8b, 0x1f, 0x89,
-	0x0a, 0xf2, 0xc9, 0xc9, 0x61, 0xbe, 0x0e, 0xcf, 0x85, 0xac, 0x7d, 0x62, 0x45, 0x90, 0x60, 0x09,
-	0xc7, 0x89, 0x22, 0xda, 0x80, 0x92, 0xda, 0x7f, 0x7b, 0xc8, 0x42, 0x95, 0x8f, 0x56, 0x30, 0x28,
-	0x91, 0xd0, 0x44, 0xf7, 0x60, 0x75, 0x38, 0x3a, 0xf0, 0xbd, 0xe8, 0x88, 0xba, 0x0a, 0x93, 0x95,
-	0x98, 0x95, 0x44, 0x2a, 0x60, 0x66, 0x03, 0x0a, 0xb1, 0x75, 0xb4, 0x06, 0x99, 0xfd, 0x7a, 0xc7,
-	0x58, 0xaa, 0x5c, 0x3b, 0x3b, 0xaf, 0x96, 0x62, 0xf1, 0x7e, 0xbd, 0x23, 0x7a, 0x7a, 0x8d, 0x8e,
-	0x91, 0x9a, 0xed, 0xe9, 0x35, 0x3a, 0x95, 0xac, 0xb8, 0x33, 0xcd, 0xbf, 0x4a, 0x41, 0x5e, 0x31,
-	0xb8, 0x85, 0x33, 0xb6, 0x60, 0x39, 0xae, 0x2b, 0x14, 0xad, 0x7c, 0xf7, 0xd5, 0x14, 0xb0, 0xa6,
-	0x19, 0x9b, 0xda, 0xc7, 0x58, 0xaf, 0xf2, 0x29, 0x94, 0xa7, 0x3b, 0xbe, 0xd3, 0x2e, 0xfe, 0x11,
-	0x94, 0x44, 0xa0, 0xc4, 0x54, 0x70, 0x13, 0xf2, 0x8a, 0x65, 0xea, 0xac, 0x72, 0x15, 0x1f, 0xd5,
-	0x48, 0xf4, 0x00, 0x96, 0x15, 0x87, 0x8d, 0x5f, 0x57, 0xd6, 0xaf, 0x0e, 0x47, 0x1c, 0xc3, 0xcd,
-	0xcf, 0x20, 0xdb, 0xa1, 0x34, 0x44, 0x77, 0x61, 0x39, 0x60, 0x2e, 0x9d, 0x24, 0x51, 0x4d, 0xbf,
-	0x5d, 0xda, 0x6a, 0x08, 0xfa, 0xed, 0xd2, 0x96, 0x2b, 0x16, 0x4f, 0x1c, 0xd0, 0xf8, 0x81, 0x49,
-	0x7c, 0x9b, 0xfb, 0x50, 0x7e, 0x46, 0xbd, 0xfe, 0x11, 0xa7, 0xae, 0x34, 0xf4, 0x3e, 0x64, 0x87,
-	0x34, 0x71, 0x7e, 0x6d, 0x61, 0xe8, 0x50, 0x1a, 0x62, 0x89, 0x12, 0x07, 0xf2, 0x54, 0x6a, 0xeb,
-	0x37, 0x3d, 0xdd, 0x32, 0xff, 0x3e, 0x0d, 0xab, 0xad, 0x28, 0x1a, 0x91, 0xc0, 0x89, 0x6f, 0xd9,
-	0x9f, 0xcc, 0xde, 0xb2, 0xf7, 0x17, 0xce, 0x70, 0x46, 0x65, 0xb6, 0xe6, 0xd7, 0x49, 0x32, 0x9d,
-	0x24, 0x49, 0xf3, 0xeb, 0x54, 0x5c, 0xec, 0xdf, 0x9b, 0x3a, 0x37, 0x95, 0xb5, 0xb3, 0xf3, 0xea,
-	0xcd, 0x69, 0x4b, 0xb4, 0x17, 0x1c, 0x07, 0xec, 0x34, 0x40, 0x6f, 0x8b, 0xe2, 0xbf, 0xdd, 0x7c,
-	0x66, 0xa4, 0x2a, 0xb7, 0xce, 0xce, 0xab, 0x68, 0x06, 0x84, 0x69, 0x40, 0x4f, 0x85, 0xa5, 0x4e,
-	0xb3, 0xdd, 0x10, 0xf7, 0x61, 0x7a, 0x81, 0xa5, 0x0e, 0x0d, 0x5c, 0x2f, 0xe8, 0xa3, 0xbb, 0x90,
-	0x6f, 0x75, 0xbb, 0x3d, 0x59, 0x8e, 0xbd, 0x71, 0x76, 0x5e, 0xbd, 0x31, 0x83, 0x12, 0x0d, 0xea,
-	0x0a, 0x90, 0xa0, 0x8b, 0xe2, 0xa6, 0x5c, 0x00, 0x12, 0xdc, 0x85, 0xba, 0x3a, 0xc2, 0xff, 0x2d,
-	0x0d, 0x86, 0xe5, 0x38, 0x74, 0xc8, 0x45, 0xbf, 0xa6, 0xe0, 0xfb, 0x50, 0x18, 0x8a, 0x2f, 0x4f,
-	0x96, 0x14, 0x22, 0x2c, 0x1e, 0x2c, 0x7c, 0xf0, 0x9d, 0xd3, 0xab, 0x61, 0xe6, 0x53, 0xcb, 0x1d,
-	0x78, 0x51, 0x24, 0x4a, 0x4d, 0x29, 0xc3, 0x89, 0xa5, 0xca, 0x2f, 0x53, 0x70, 0x63, 0x01, 0x02,
-	0x7d, 0x08, 0xd9, 0x90, 0xf9, 0xf1, 0xf6, 0xdc, 0x79, 0xd5, 0x73, 0x8c, 0x50, 0xc5, 0x12, 0x89,
-	0xd6, 0x01, 0xc8, 0x88, 0x33, 0x22, 0xc7, 0x97, 0x1b, 0x53, 0xc0, 0x53, 0x12, 0xf4, 0x0c, 0xf2,
-	0x11, 0x75, 0x42, 0x1a, 0xf3, 0x99, 0xcf, 0xfe, 0xbf, 0xde, 0xd7, 0xba, 0xd2, 0x0c, 0xd6, 0xe6,
-	0x2a, 0x35, 0xc8, 0x2b, 0x89, 0x88, 0x68, 0x97, 0x70, 0x22, 0x9d, 0x2e, 0x63, 0xf9, 0x2d, 0x02,
-	0x85, 0xf8, 0xfd, 0x38, 0x50, 0x88, 0xdf, 0x37, 0x7f, 0x96, 0x06, 0x68, 0x3e, 0xe7, 0x34, 0x0c,
-	0x88, 0x5f, 0xb7, 0x50, 0x73, 0x2a, 0x43, 0xaa, 0xd9, 0xfe, 0x60, 0xe1, 0x23, 0x5d, 0xa2, 0x51,
-	0xab, 0x5b, 0x0b, 0x72, 0xe4, 0x6d, 0xc8, 0x8c, 0x42, 0x5f, 0x3f, 0xf8, 0x4a, 0x22, 0xd2, 0xc3,
-	0x3b, 0x58, 0xc8, 0x50, 0x73, 0x92, 0x91, 0x32, 0xaf, 0x7e, 0xa9, 0x9f, 0x1a, 0xe0, 0x37, 0x9f,
-	0x95, 0xde, 0x07, 0x98, 0x78, 0x8d, 0xd6, 0x21, 0x57, 0xdf, 0xee, 0x76, 0x77, 0x8c, 0x25, 0x55,
-	0x31, 0x4e, 0xba, 0xa4, 0xd8, 0xfc, 0xbb, 0x14, 0x14, 0xea, 0x96, 0xbe, 0x55, 0xb6, 0xc1, 0x90,
-	0xb9, 0xc4, 0xa1, 0x21, 0xb7, 0xe9, 0xf3, 0xa1, 0x17, 0x8e, 0x75, 0x3a, 0xb8, 0x9a, 0xd3, 0xaf,
-	0x0a, 0xad, 0x3a, 0x0d, 0x79, 0x53, 0xea, 0x20, 0x0c, 0x65, 0xaa, 0xa7, 0x68, 0x3b, 0x24, 0x4e,
-	0xce, 0xeb, 0x57, 0x2f, 0x85, 0x62, 0x7f, 0x93, 0x76, 0x84, 0x4b, 0xb1, 0x91, 0x3a, 0x89, 0xcc,
-	0xa7, 0x70, 0x63, 0x2f, 0x74, 0x8e, 0x68, 0xc4, 0xd5, 0xa0, 0xda, 0xe5, 0xcf, 0xe0, 0x0e, 0x27,
-	0xd1, 0xb1, 0x7d, 0xe4, 0x45, 0x9c, 0x85, 0x63, 0x3b, 0xa4, 0x9c, 0x06, 0xa2, 0xdf, 0x96, 0xff,
-	0x07, 0xe8, 0x8a, 0xfc, 0xb6, 0xc0, 0x3c, 0x56, 0x10, 0x1c, 0x23, 0x76, 0x04, 0xc0, 0x6c, 0x41,
-	0x59, 0x10, 0xb6, 0x06, 0x3d, 0x24, 0x23, 0x9f, 0x47, 0xe8, 0xc7, 0x00, 0x3e, 0xeb, 0xdb, 0xaf,
-	0x9d, 0xc9, 0x8b, 0x3e, 0xeb, 0xab, 0x4f, 0xf3, 0xf7, 0xc0, 0x68, 0x78, 0xd1, 0x90, 0x70, 0xe7,
-	0x28, 0x7e, 0x6a, 0x40, 0x8f, 0xc0, 0x38, 0xa2, 0x24, 0xe4, 0x07, 0x94, 0x70, 0x7b, 0x48, 0x43,
-	0x8f, 0xb9, 0xaf, 0xb5, 0xa4, 0xd7, 0x12, 0xad, 0x8e, 0x54, 0x32, 0x7f, 0x95, 0x02, 0xc0, 0xe4,
-	0x30, 0x26, 0x00, 0x3f, 0x84, 0xeb, 0x51, 0x40, 0x86, 0xd1, 0x11, 0xe3, 0xb6, 0x17, 0x70, 0x1a,
-	0x9e, 0x10, 0x5f, 0x97, 0x8b, 0x46, 0xdc, 0xd1, 0xd2, 0x72, 0xf4, 0x3e, 0xa0, 0x63, 0x4a, 0x87,
-	0x36, 0xf3, 0x5d, 0x3b, 0xee, 0x54, 0x7f, 0x58, 0x64, 0xb1, 0x21, 0x7a, 0xf6, 0x7c, 0xb7, 0x1b,
-	0xcb, 0xd1, 0x16, 0xac, 0x8b, 0x15, 0xa0, 0x01, 0x0f, 0x3d, 0x1a, 0xd9, 0x87, 0x2c, 0xb4, 0x23,
-	0x9f, 0x9d, 0xda, 0x87, 0x4c, 0x96, 0x63, 0x61, 0x5c, 0x8c, 0x57, 0x7c, 0xd6, 0x6f, 0x2a, 0xd0,
-	0x36, 0x0b, 0xbb, 0x3e, 0x3b, 0xdd, 0x8e, 0x11, 0x82, 0x25, 0x4c, 0xa6, 0xcd, 0x3d, 0xe7, 0x38,
-	0x66, 0x09, 0x89, 0x74, 0xdf, 0x73, 0x8e, 0xd1, 0x5d, 0x58, 0xa1, 0x3e, 0x95, 0x45, 0x9c, 0x42,
-	0xe5, 0x24, 0xaa, 0x1c, 0x0b, 0x05, 0xc8, 0xfc, 0x2d, 0x28, 0x76, 0x7c, 0xe2, 0xc8, 0xbf, 0x85,
-	0x44, 0x81, 0xec, 0xb0, 0x40, 0x04, 0x81, 0x17, 0x70, 0x95, 0x1d, 0x8b, 0x78, 0x5a, 0x64, 0xfe,
-	0x04, 0xe0, 0xa7, 0xcc, 0x0b, 0xf6, 0xd9, 0x31, 0x0d, 0xe4, 0x0b, 0xba, 0x60, 0xbd, 0x7a, 0x2b,
-	0x8b, 0x58, 0xb7, 0x24, 0x27, 0x27, 0x01, 0xe9, 0xd3, 0x30, 0x79, 0x48, 0x56, 0x4d, 0x71, 0xb9,
-	0xe4, 0x31, 0x63, 0xbc, 0x6e, 0xa1, 0x2a, 0xe4, 0x1d, 0x62, 0xc7, 0x27, 0xaf, 0xbc, 0x55, 0xbc,
-	0xbc, 0xd8, 0xc8, 0xd5, 0xad, 0x27, 0x74, 0x8c, 0x73, 0x0e, 0x79, 0x42, 0xc7, 0xe2, 0xf6, 0x75,
-	0x88, 0x3c, 0x2f, 0xd2, 0x4c, 0x59, 0xdd, 0xbe, 0x75, 0x4b, 0x1c, 0x06, 0x9c, 0x77, 0x88, 0xf8,
-	0x45, 0x1f, 0x42, 0x59, 0x83, 0xec, 0x23, 0x12, 0x1d, 0x29, 0xae, 0xba, 0xb5, 0x7a, 0x79, 0xb1,
-	0x01, 0x0a, 0xf9, 0x98, 0x44, 0x47, 0x18, 0x14, 0x5a, 0x7c, 0xa3, 0x26, 0x94, 0xbe, 0x64, 0x5e,
-	0x60, 0x73, 0x39, 0x09, 0x5d, 0x57, 0x2f, 0x3c, 0x3f, 0x93, 0xa9, 0xea, 0x62, 0x1f, 0xbe, 0x4c,
-	0x24, 0xe6, 0xbf, 0xa4, 0xa0, 0x24, 0x6c, 0x7a, 0x87, 0x9e, 0x23, 0x6e, 0xcb, 0xef, 0x9e, 0xe9,
-	0x6f, 0x43, 0xc6, 0x89, 0x42, 0x3d, 0x37, 0x99, 0xea, 0xea, 0x5d, 0x8c, 0x85, 0x0c, 0x7d, 0x0e,
-	0x79, 0x55, 0x5c, 0xe8, 0x24, 0x6f, 0x7e, 0xfb, 0xbd, 0xae, 0x5d, 0xd4, 0x7a, 0x72, 0x2f, 0x27,
-	0xde, 0xc9, 0x59, 0x96, 0xf1, 0xb4, 0x08, 0xdd, 0x82, 0xb4, 0xa3, 0x5e, 0x03, 0xf4, 0x3f, 0x6b,
-	0xf5, 0x36, 0x4e, 0x3b, 0x81, 0xf9, 0x4f, 0x29, 0x58, 0x69, 0x06, 0x4e, 0x38, 0x96, 0x49, 0x52,
-	0x6c, 0xc4, 0x1d, 0x28, 0x46, 0xa3, 0x83, 0x68, 0x1c, 0x71, 0x3a, 0x88, 0x1f, 0xee, 0x13, 0x01,
-	0x6a, 0x41, 0x91, 0xf8, 0x7d, 0x16, 0x7a, 0xfc, 0x68, 0xa0, 0xb9, 0xf1, 0xe2, 0xc4, 0x3c, 0x6d,
-	0xb3, 0x66, 0xc5, 0x2a, 0x78, 0xa2, 0x1d, 0xa7, 0xe2, 0x8c, 0x74, 0x56, 0xa6, 0xe2, 0xb7, 0xa1,
-	0xec, 0x93, 0x81, 0xa0, 0xc2, 0xb6, 0x28, 0xb9, 0xe4, 0x3c, 0xb2, 0xb8, 0xa4, 0x65, 0xa2, 0x8c,
-	0x34, 0x4d, 0x28, 0x26, 0xc6, 0xd0, 0x35, 0x28, 0x59, 0xcd, 0xae, 0xfd, 0xd1, 0xe6, 0x03, 0xfb,
-	0x51, 0x7d, 0xd7, 0x58, 0xd2, 0x4c, 0xe0, 0x1f, 0x52, 0xb0, 0xb2, 0xab, 0x62, 0x50, 0x13, 0xa7,
-	0xbb, 0xb0, 0x1c, 0x92, 0x43, 0x1e, 0x53, 0xbb, 0xac, 0x0a, 0x2e, 0x91, 0x04, 0x04, 0xb5, 0x13,
-	0x5d, 0x8b, 0xa9, 0xdd, 0xd4, 0xdf, 0x46, 0x99, 0x2b, 0xff, 0x36, 0xca, 0xfe, 0x46, 0xfe, 0x36,
-	0x7a, 0xef, 0x57, 0x19, 0x28, 0x26, 0x45, 0xaf, 0x08, 0x19, 0xc1, 0xb4, 0x96, 0xd4, 0x43, 0x58,
-	0x22, 0x6f, 0x4b, 0x8e, 0x55, 0xb4, 0x76, 0x76, 0xf6, 0xea, 0xd6, 0x7e, 0xb3, 0x61, 0x7c, 0xae,
-	0xa8, 0x58, 0x02, 0xb0, 0x7c, 0x9f, 0x89, 0x4d, 0x77, 0x91, 0x39, 0xa1, 0x62, 0x2f, 0xf4, 0x73,
-	0x5b, 0x82, 0x8a, 0x79, 0xd8, 0x3b, 0x50, 0xb0, 0xba, 0xdd, 0xd6, 0xa3, 0x76, 0xb3, 0x61, 0x7c,
-	0x95, 0xaa, 0x7c, 0xef, 0xec, 0xbc, 0x7a, 0x7d, 0x62, 0x2a, 0x8a, 0xbc, 0x7e, 0x40, 0x5d, 0x89,
-	0xaa, 0xd7, 0x9b, 0x1d, 0x31, 0xde, 0x8b, 0xf4, 0x3c, 0x4a, 0x12, 0x10, 0xf9, 0x74, 0x5e, 0xec,
-	0xe0, 0x66, 0xc7, 0xc2, 0x62, 0xc4, 0xaf, 0xd2, 0x73, 0x7e, 0x75, 0x42, 0x3a, 0x24, 0xa1, 0x18,
-	0x73, 0x3d, 0xfe, 0x0b, 0xe9, 0x45, 0x46, 0x3d, 0xaf, 0x4e, 0x2a, 0x7d, 0x4a, 0xdc, 0xb1, 0x18,
-	0x4d, 0xbe, 0x90, 0x48, 0x33, 0x99, 0xb9, 0xd1, 0xba, 0x9c, 0x84, 0x5c, 0x58, 0x31, 0x61, 0x19,
-	0xf7, 0xda, 0x6d, 0x39, 0xbb, 0xec, 0xdc, 0xec, 0xf0, 0x28, 0x08, 0x04, 0xe6, 0x1e, 0x14, 0xe2,
-	0x07, 0x14, 0xe3, 0xab, 0xec, 0x9c, 0x43, 0xf5, 0xf8, 0xf5, 0x47, 0x0e, 0xf8, 0xb8, 0xb7, 0x2f,
-	0xff, 0xe1, 0x7a, 0x91, 0x9b, 0x1f, 0xf0, 0x68, 0xc4, 0x5d, 0x41, 0x7e, 0xab, 0x09, 0x1b, 0xfd,
-	0x2a, 0xa7, 0x48, 0x40, 0x82, 0x51, 0x54, 0x54, 0xd8, 0xc1, 0xcd, 0x9f, 0xaa, 0x3f, 0xc3, 0x5e,
-	0xe4, 0xe7, 0xec, 0x60, 0xfa, 0x25, 0x75, 0x38, 0x75, 0x27, 0xaf, 0xc7, 0x49, 0xd7, 0x7b, 0xbf,
-	0x0f, 0x85, 0x38, 0x61, 0xa0, 0x75, 0xc8, 0x3f, 0xdb, 0xc3, 0x4f, 0x9a, 0xd8, 0x58, 0x52, 0xab,
-	0x13, 0xf7, 0x3c, 0x53, 0x19, 0xb7, 0x0a, 0xcb, 0xbb, 0x56, 0xdb, 0x7a, 0xd4, 0xc4, 0xf1, 0xeb,
-	0x75, 0x0c, 0xd0, 0x51, 0x5f, 0x31, 0xf4, 0x00, 0x89, 0xcd, 0xad, 0x3b, 0x5f, 0x7f, 0xb3, 0xbe,
-	0xf4, 0x8b, 0x6f, 0xd6, 0x97, 0x7e, 0xf9, 0xcd, 0x7a, 0xea, 0xc5, 0xe5, 0x7a, 0xea, 0xeb, 0xcb,
-	0xf5, 0xd4, 0xcf, 0x2f, 0xd7, 0x53, 0xff, 0x7e, 0xb9, 0x9e, 0x3a, 0xc8, 0x4b, 0x46, 0xf6, 0xf1,
-	0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0x36, 0x79, 0x51, 0x3a, 0xce, 0x21, 0x00, 0x00,
+	// 3603 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xac, 0x59, 0xcd, 0x6f, 0x23, 0x47,
+	0x76, 0x17, 0x3f, 0x45, 0x3e, 0x52, 0x52, 0x4f, 0xcd, 0xec, 0x58, 0x43, 0x8f, 0x25, 0xba, 0xc7,
+	0xb3, 0x1e, 0x7b, 0x1d, 0xda, 0x96, 0x37, 0xc6, 0xac, 0x67, 0xb3, 0x76, 0x8b, 0xa4, 0x66, 0xb8,
+	0x23, 0x51, 0x44, 0x91, 0xd4, 0xc0, 0x08, 0x10, 0xa2, 0xd4, 0x5d, 0x22, 0xdb, 0x6a, 0x76, 0x33,
+	0xdd, 0x45, 0x69, 0x98, 0x20, 0xc0, 0x24, 0x87, 0x24, 0xd0, 0x29, 0xf7, 0x40, 0x58, 0x04, 0x09,
+	0x72, 0xcb, 0x39, 0x40, 0x4e, 0x3e, 0xfa, 0xb8, 0x41, 0x80, 0x60, 0xb1, 0x41, 0x84, 0x58, 0xf9,
+	0x07, 0x16, 0x08, 0x82, 0x3d, 0x24, 0x87, 0xa0, 0x3e, 0xba, 0xd9, 0xe4, 0x50, 0xf2, 0x4c, 0x76,
+	0x4f, 0x64, 0xbd, 0xfa, 0xbd, 0x57, 0xaf, 0xaa, 0x5e, 0xbd, 0xfa, 0xbd, 0x6a, 0x28, 0xb0, 0xc9,
+	0x88, 0x06, 0x95, 0x91, 0xef, 0x31, 0x0f, 0x21, 0xcb, 0x33, 0x8f, 0xa9, 0x5f, 0x09, 0x4e, 0x89,
+	0x3f, 0x3c, 0xb6, 0x59, 0xe5, 0xe4, 0xe3, 0xd2, 0x1d, 0x66, 0x0f, 0x69, 0xc0, 0xc8, 0x70, 0xf4,
+	0x61, 0xf4, 0x4f, 0xc2, 0x4b, 0x6f, 0x58, 0x63, 0x9f, 0x30, 0xdb, 0x73, 0x3f, 0x0c, 0xff, 0xa8,
+	0x8e, 0x5b, 0x7d, 0xaf, 0xef, 0x89, 0xbf, 0x1f, 0xf2, 0x7f, 0x52, 0xaa, 0x6f, 0xc2, 0xf2, 0x01,
+	0xf5, 0x03, 0xdb, 0x73, 0xd1, 0x2d, 0xc8, 0xd8, 0xae, 0x45, 0x9f, 0xaf, 0x27, 0xca, 0x89, 0x07,
+	0x69, 0x2c, 0x1b, 0xfa, 0xdf, 0x24, 0xa0, 0x60, 0xb8, 0xae, 0xc7, 0x84, 0xad, 0x00, 0x21, 0x48,
+	0xbb, 0x64, 0x48, 0x05, 0x28, 0x8f, 0xc5, 0x7f, 0x54, 0x85, 0xac, 0x43, 0x0e, 0xa9, 0x13, 0xac,
+	0x27, 0xcb, 0xa9, 0x07, 0x85, 0xad, 0x1f, 0x54, 0x5e, 0xf6, 0xb9, 0x12, 0x33, 0x52, 0xd9, 0x15,
+	0xe8, 0xba, 0xcb, 0xfc, 0x09, 0x56, 0xaa, 0xa5, 0x1f, 0x41, 0x21, 0x26, 0x46, 0x1a, 0xa4, 0x8e,
+	0xe9, 0x44, 0x0d, 0xc3, 0xff, 0x72, 0xff, 0x4e, 0x88, 0x33, 0xa6, 0xeb, 0x49, 0x21, 0x93, 0x8d,
+	0xcf, 0x92, 0x0f, 0x13, 0xfa, 0x97, 0x90, 0xc7, 0x34, 0xf0, 0xc6, 0xbe, 0x49, 0x03, 0xf4, 0x1e,
+	0xe4, 0x5d, 0xe2, 0x7a, 0x3d, 0x73, 0x34, 0x0e, 0x84, 0x7a, 0x6a, 0xbb, 0x78, 0x79, 0xb1, 0x99,
+	0x6b, 0x12, 0xd7, 0xab, 0xb6, 0xba, 0x01, 0xce, 0xf1, 0xee, 0xea, 0x68, 0x1c, 0xa0, 0xb7, 0xa1,
+	0x38, 0xa4, 0x43, 0xcf, 0x9f, 0xf4, 0x0e, 0x27, 0x8c, 0x06, 0xc2, 0x70, 0x0a, 0x17, 0xa4, 0x6c,
+	0x9b, 0x8b, 0xf4, 0xbf, 0x4a, 0xc0, 0xad, 0xd0, 0x36, 0xa6, 0x7f, 0x38, 0xb6, 0x7d, 0x3a, 0xa4,
+	0x2e, 0x0b, 0xd0, 0xef, 0x42, 0xd6, 0xb1, 0x87, 0x36, 0x93, 0x63, 0x14, 0xb6, 0xde, 0x5a, 0x34,
+	0xe7, 0xc8, 0x2b, 0xac, 0xc0, 0xc8, 0x80, 0xa2, 0x4f, 0x03, 0xea, 0x9f, 0xc8, 0x95, 0x10, 0x43,
+	0x7e, 0xa7, 0xf2, 0x8c, 0x8a, 0xbe, 0x03, 0xb9, 0x96, 0x43, 0xd8, 0x91, 0xe7, 0x0f, 0x91, 0x0e,
+	0x45, 0xe2, 0x9b, 0x03, 0x9b, 0x51, 0x93, 0x8d, 0xfd, 0x70, 0x57, 0x66, 0x64, 0xe8, 0x36, 0x24,
+	0x3d, 0x39, 0x50, 0x7e, 0x3b, 0x7b, 0x79, 0xb1, 0x99, 0xdc, 0x6f, 0xe3, 0xa4, 0x17, 0xe8, 0x8f,
+	0xe0, 0x46, 0xcb, 0x19, 0xf7, 0x6d, 0xb7, 0x46, 0x03, 0xd3, 0xb7, 0x47, 0xdc, 0x3a, 0xdf, 0x5e,
+	0x1e, 0x7c, 0xe1, 0xf6, 0xf2, 0xff, 0xd1, 0x96, 0x27, 0xa7, 0x5b, 0xae, 0xff, 0x45, 0x12, 0x6e,
+	0xd4, 0xdd, 0xbe, 0xed, 0xd2, 0xb8, 0xf6, 0x7d, 0x58, 0xa5, 0x42, 0xd8, 0x3b, 0x91, 0x41, 0xa5,
+	0xec, 0xac, 0x48, 0x69, 0x18, 0x69, 0x8d, 0xb9, 0x78, 0xf9, 0x78, 0xd1, 0xf4, 0x5f, 0xb2, 0xbe,
+	0x28, 0x6a, 0x50, 0x1d, 0x96, 0x47, 0x62, 0x12, 0xc1, 0x7a, 0x4a, 0xd8, 0xba, 0xbf, 0xc8, 0xd6,
+	0x4b, 0xf3, 0xdc, 0x4e, 0x7f, 0x73, 0xb1, 0xb9, 0x84, 0x43, 0xdd, 0xdf, 0x24, 0xf8, 0xfe, 0x33,
+	0x01, 0x6b, 0x4d, 0xcf, 0x9a, 0x59, 0x87, 0x12, 0xe4, 0x06, 0x5e, 0xc0, 0x62, 0x07, 0x25, 0x6a,
+	0xa3, 0x87, 0x90, 0x1b, 0xa9, 0xed, 0x53, 0xbb, 0x7f, 0x77, 0xb1, 0xcb, 0x12, 0x83, 0x23, 0x34,
+	0x7a, 0x04, 0x79, 0x3f, 0x8c, 0x89, 0xf5, 0xd4, 0xab, 0x04, 0xce, 0x14, 0x8f, 0x7e, 0x0f, 0xb2,
+	0x72, 0x13, 0xd6, 0xd3, 0x42, 0xf3, 0xfe, 0x2b, 0xad, 0x39, 0x56, 0x4a, 0xfa, 0x2f, 0x12, 0xa0,
+	0x61, 0x72, 0xc4, 0xf6, 0xe8, 0xf0, 0x90, 0xfa, 0x6d, 0x46, 0xd8, 0x38, 0x40, 0xb7, 0x21, 0xeb,
+	0x50, 0x62, 0x51, 0x5f, 0x4c, 0x32, 0x87, 0x55, 0x0b, 0x75, 0x79, 0x90, 0x13, 0x73, 0x40, 0x0e,
+	0x6d, 0xc7, 0x66, 0x13, 0x31, 0xcd, 0xd5, 0xc5, 0xbb, 0x3c, 0x6f, 0xb3, 0x82, 0x63, 0x8a, 0x78,
+	0xc6, 0x0c, 0x5a, 0x87, 0xe5, 0x21, 0x0d, 0x02, 0xd2, 0xa7, 0x62, 0xf6, 0x79, 0x1c, 0x36, 0xf5,
+	0x47, 0x50, 0x8c, 0xeb, 0xa1, 0x02, 0x2c, 0x77, 0x9b, 0x4f, 0x9b, 0xfb, 0xcf, 0x9a, 0xda, 0x12,
+	0x5a, 0x83, 0x42, 0xb7, 0x89, 0xeb, 0x46, 0xf5, 0x89, 0xb1, 0xbd, 0x5b, 0xd7, 0x12, 0x68, 0x05,
+	0xf2, 0xd3, 0x66, 0x52, 0xff, 0x59, 0x02, 0x80, 0x6f, 0xa0, 0x9a, 0xd4, 0x67, 0x90, 0x09, 0x18,
+	0x61, 0x72, 0xe3, 0x56, 0xb7, 0xde, 0x59, 0xe4, 0xf5, 0x14, 0x5e, 0xe1, 0x3f, 0x14, 0x4b, 0x95,
+	0xb8, 0x87, 0xc9, 0x79, 0x0f, 0x33, 0x02, 0x39, 0xeb, 0x5a, 0x0e, 0xd2, 0x35, 0xfe, 0x2f, 0x81,
+	0xf2, 0x90, 0xc1, 0x75, 0xa3, 0xf6, 0xa5, 0x96, 0x44, 0x1a, 0x14, 0x6b, 0x8d, 0x76, 0x75, 0xbf,
+	0xd9, 0xac, 0x57, 0x3b, 0xf5, 0x9a, 0x96, 0xd2, 0xef, 0x43, 0xa6, 0x31, 0x24, 0x7d, 0x8a, 0xee,
+	0xf2, 0x08, 0x38, 0xa2, 0x3e, 0x75, 0xcd, 0x30, 0xb0, 0xa6, 0x02, 0xfd, 0xe7, 0x79, 0xc8, 0xec,
+	0x79, 0x63, 0x97, 0xa1, 0xad, 0xd8, 0x29, 0x5e, 0xdd, 0xda, 0x58, 0x34, 0x05, 0x01, 0xac, 0x74,
+	0x26, 0x23, 0xaa, 0x4e, 0xf9, 0x6d, 0xc8, 0xca, 0x58, 0x51, 0xae, 0xab, 0x16, 0x97, 0x33, 0xe2,
+	0xf7, 0x29, 0x53, 0x8b, 0xae, 0x5a, 0xe8, 0x01, 0xe4, 0x7c, 0x4a, 0x2c, 0xcf, 0x75, 0x26, 0x22,
+	0xa4, 0x72, 0x32, 0xcd, 0x62, 0x4a, 0xac, 0x7d, 0xd7, 0x99, 0xe0, 0xa8, 0x17, 0x3d, 0x81, 0xe2,
+	0xa1, 0xed, 0x5a, 0x3d, 0x6f, 0x24, 0x73, 0x5e, 0xe6, 0xea, 0x00, 0x94, 0x5e, 0x6d, 0xdb, 0xae,
+	0xb5, 0x2f, 0xc1, 0xb8, 0x70, 0x38, 0x6d, 0xa0, 0x26, 0xac, 0x9e, 0x78, 0xce, 0x78, 0x48, 0x23,
+	0x5b, 0x59, 0x61, 0xeb, 0xdd, 0xab, 0x6d, 0x1d, 0x08, 0x7c, 0x68, 0x6d, 0xe5, 0x24, 0xde, 0x44,
+	0x4f, 0x61, 0x85, 0x0d, 0x47, 0x47, 0x41, 0x64, 0x6e, 0x59, 0x98, 0xfb, 0xfe, 0x35, 0x0b, 0xc6,
+	0xe1, 0xa1, 0xb5, 0x22, 0x8b, 0xb5, 0x4a, 0x7f, 0x96, 0x82, 0x42, 0xcc, 0x73, 0xd4, 0x86, 0xc2,
+	0xc8, 0xf7, 0x46, 0xa4, 0x2f, 0xf2, 0xb6, 0xda, 0x8b, 0x8f, 0x5f, 0x69, 0xd6, 0x95, 0xd6, 0x54,
+	0x11, 0xc7, 0xad, 0xe8, 0xe7, 0x49, 0x28, 0xc4, 0x3a, 0xd1, 0xfb, 0x90, 0xc3, 0x2d, 0xdc, 0x38,
+	0x30, 0x3a, 0x75, 0x6d, 0xa9, 0x74, 0xf7, 0xec, 0xbc, 0xbc, 0x2e, 0xac, 0xc5, 0x0d, 0xb4, 0x7c,
+	0xfb, 0x84, 0x87, 0xde, 0x03, 0x58, 0x0e, 0xa1, 0x89, 0xd2, 0x9b, 0x67, 0xe7, 0xe5, 0x37, 0xe6,
+	0xa1, 0x31, 0x24, 0x6e, 0x3f, 0x31, 0x70, 0xbd, 0xa6, 0x25, 0x17, 0x23, 0x71, 0x7b, 0x40, 0x7c,
+	0x6a, 0xa1, 0xef, 0x43, 0x56, 0x01, 0x53, 0xa5, 0xd2, 0xd9, 0x79, 0xf9, 0xf6, 0x3c, 0x70, 0x8a,
+	0xc3, 0xed, 0x5d, 0xe3, 0xa0, 0xae, 0xa5, 0x17, 0xe3, 0x70, 0xdb, 0x21, 0x27, 0x14, 0xbd, 0x03,
+	0x19, 0x09, 0xcb, 0x94, 0xee, 0x9c, 0x9d, 0x97, 0xbf, 0xf7, 0x92, 0x39, 0x8e, 0x2a, 0xad, 0xff,
+	0xe5, 0xdf, 0x6e, 0x2c, 0xfd, 0xd3, 0xdf, 0x6d, 0x68, 0xf3, 0xdd, 0xa5, 0xff, 0x4d, 0xc0, 0xca,
+	0xcc, 0x96, 0x23, 0x1d, 0xb2, 0xae, 0x67, 0x7a, 0x23, 0x99, 0xce, 0x73, 0xdb, 0x70, 0x79, 0xb1,
+	0x99, 0x6d, 0x7a, 0x55, 0x6f, 0x34, 0xc1, 0xaa, 0x07, 0x3d, 0x9d, 0xbb, 0x90, 0x3e, 0x79, 0xc5,
+	0x78, 0x5a, 0x78, 0x25, 0x7d, 0x0e, 0x2b, 0x96, 0x6f, 0x9f, 0x50, 0xbf, 0x67, 0x7a, 0xee, 0x91,
+	0xdd, 0x57, 0xa9, 0xba, 0xb4, 0xc8, 0x66, 0x4d, 0x00, 0x71, 0x51, 0x2a, 0x54, 0x05, 0xfe, 0x37,
+	0xb8, 0x8c, 0x4a, 0x07, 0x50, 0x8c, 0x47, 0x28, 0x7a, 0x0b, 0x20, 0xb0, 0xff, 0x88, 0x2a, 0x7e,
+	0x23, 0xd8, 0x10, 0xce, 0x73, 0x89, 0x60, 0x37, 0xe8, 0x5d, 0x48, 0x0f, 0x3d, 0x4b, 0xda, 0xc9,
+	0x6c, 0xdf, 0xe4, 0x77, 0xe2, 0x2f, 0x2f, 0x36, 0x0b, 0x5e, 0x50, 0xd9, 0xb1, 0x1d, 0xba, 0xe7,
+	0x59, 0x14, 0x0b, 0x80, 0x7e, 0x02, 0x69, 0x9e, 0x2a, 0xd0, 0x9b, 0x90, 0xde, 0x6e, 0x34, 0x6b,
+	0xda, 0x52, 0xe9, 0xc6, 0xd9, 0x79, 0x79, 0x45, 0x2c, 0x09, 0xef, 0xe0, 0xb1, 0x8b, 0x36, 0x21,
+	0x7b, 0xb0, 0xbf, 0xdb, 0xdd, 0xe3, 0xe1, 0x75, 0xf3, 0xec, 0xbc, 0xbc, 0x16, 0x75, 0xcb, 0x45,
+	0x43, 0x6f, 0x41, 0xa6, 0xb3, 0xd7, 0xda, 0x69, 0x6b, 0xc9, 0x12, 0x3a, 0x3b, 0x2f, 0xaf, 0x46,
+	0xfd, 0xc2, 0xe7, 0xd2, 0x0d, 0xb5, 0xab, 0xf9, 0x48, 0xae, 0xff, 0x4f, 0x12, 0x56, 0x30, 0xe7,
+	0xb7, 0x3e, 0x6b, 0x79, 0x8e, 0x6d, 0x4e, 0x50, 0x0b, 0xf2, 0xa6, 0xe7, 0x5a, 0x76, 0xec, 0x4c,
+	0x6d, 0x5d, 0x71, 0x09, 0x4e, 0xb5, 0xc2, 0x56, 0x35, 0xd4, 0xc4, 0x53, 0x23, 0x68, 0x0b, 0x32,
+	0x16, 0x75, 0xc8, 0xe4, 0xba, 0xdb, 0xb8, 0xa6, 0xb8, 0x34, 0x96, 0x50, 0xc1, 0x1c, 0xc9, 0xf3,
+	0x1e, 0x61, 0x8c, 0x0e, 0x47, 0x4c, 0xde, 0xc6, 0x69, 0x5c, 0x18, 0x92, 0xe7, 0x86, 0x12, 0xa1,
+	0x1f, 0x42, 0xf6, 0xd4, 0x76, 0x2d, 0xef, 0x54, 0x5d, 0xb8, 0xd7, 0xdb, 0x55, 0x58, 0xfd, 0x8c,
+	0xdf, 0xb3, 0x73, 0xce, 0xf2, 0x55, 0x6f, 0xee, 0x37, 0xeb, 0xe1, 0xaa, 0xab, 0xfe, 0x7d, 0xb7,
+	0xe9, 0xb9, 0xfc, 0xc4, 0xc0, 0x7e, 0xb3, 0xb7, 0x63, 0x34, 0x76, 0xbb, 0x98, 0xaf, 0xfc, 0xad,
+	0xb3, 0xf3, 0xb2, 0x16, 0x41, 0x76, 0x88, 0xed, 0x70, 0x12, 0x78, 0x07, 0x52, 0x46, 0xf3, 0x4b,
+	0x2d, 0x59, 0xd2, 0xce, 0xce, 0xcb, 0xc5, 0xa8, 0xdb, 0x70, 0x27, 0xd3, 0xc3, 0x34, 0x3f, 0xae,
+	0xfe, 0xef, 0x49, 0x28, 0x76, 0x47, 0x16, 0x61, 0x54, 0x46, 0x26, 0x2a, 0x43, 0x61, 0x44, 0x7c,
+	0xe2, 0x38, 0xd4, 0xb1, 0x83, 0xa1, 0x2a, 0x14, 0xe2, 0x22, 0xf4, 0xf0, 0x35, 0x16, 0x53, 0x91,
+	0x30, 0xb5, 0xa4, 0x5d, 0x58, 0x3d, 0x92, 0xce, 0xf6, 0x88, 0x29, 0x76, 0x37, 0x25, 0x76, 0xb7,
+	0xb2, 0xc8, 0x44, 0xdc, 0xab, 0x8a, 0x9a, 0xa3, 0x21, 0xb4, 0xf0, 0xca, 0x51, 0xbc, 0x89, 0x3e,
+	0x85, 0xe5, 0xa1, 0xe7, 0xda, 0xcc, 0xf3, 0x5f, 0x69, 0x1f, 0x42, 0x30, 0x7a, 0x1f, 0x6e, 0xf0,
+	0x1d, 0x0e, 0x5d, 0x12, 0xdd, 0xe2, 0xe6, 0x4a, 0xe2, 0xb5, 0x21, 0x79, 0xae, 0xc6, 0xc4, 0x5c,
+	0xac, 0x7f, 0x0a, 0x2b, 0x33, 0x3e, 0xf0, 0xdb, 0xbc, 0x65, 0x74, 0xdb, 0x75, 0x6d, 0x09, 0x15,
+	0x21, 0x57, 0xdd, 0x6f, 0x76, 0x1a, 0xcd, 0x2e, 0xa7, 0x1e, 0x45, 0xc8, 0xe1, 0xfd, 0xdd, 0xdd,
+	0x6d, 0xa3, 0xfa, 0x54, 0x4b, 0xea, 0xff, 0x1d, 0xad, 0xaf, 0xe2, 0x1e, 0xdb, 0xb3, 0xdc, 0xe3,
+	0x83, 0xab, 0xa7, 0xae, 0xd8, 0xc7, 0xb4, 0x11, 0x71, 0x90, 0x1f, 0x03, 0x88, 0x6d, 0xa4, 0x56,
+	0x8f, 0xb0, 0xeb, 0xea, 0x8b, 0x4e, 0x58, 0x39, 0xe2, 0xbc, 0x52, 0x30, 0x18, 0xfa, 0x02, 0x8a,
+	0xa6, 0x37, 0x1c, 0x39, 0x54, 0xe9, 0xa7, 0x5e, 0x45, 0xbf, 0x10, 0xa9, 0x18, 0x2c, 0xce, 0x81,
+	0xd2, 0xb3, 0x1c, 0xe8, 0xcf, 0x13, 0x50, 0x88, 0x39, 0x3c, 0x4b, 0x85, 0x8a, 0x90, 0xeb, 0xb6,
+	0x6a, 0x46, 0xa7, 0xd1, 0x7c, 0xac, 0x25, 0x10, 0x40, 0x56, 0x2c, 0x60, 0x4d, 0x4b, 0x72, 0xba,
+	0x56, 0xdd, 0xdf, 0x6b, 0xed, 0xd6, 0x05, 0x19, 0x42, 0xb7, 0x40, 0x0b, 0x97, 0xb0, 0xd7, 0xee,
+	0x18, 0x98, 0x4b, 0xd3, 0xe8, 0x26, 0xac, 0x45, 0x52, 0xa5, 0x99, 0x41, 0xb7, 0x01, 0x45, 0xc2,
+	0xa9, 0x89, 0xac, 0xfe, 0x27, 0xb0, 0x56, 0xf5, 0x5c, 0x46, 0x6c, 0x37, 0xa2, 0xb2, 0x5b, 0x7c,
+	0xde, 0x4a, 0xd4, 0xb3, 0x2d, 0x99, 0x6d, 0xb7, 0xd7, 0x2e, 0x2f, 0x36, 0x0b, 0x11, 0xb4, 0x51,
+	0xe3, 0x33, 0x0d, 0x1b, 0x16, 0x3f, 0x53, 0x23, 0xdb, 0x52, 0xc9, 0x73, 0xf9, 0xf2, 0x62, 0x33,
+	0xd5, 0x6a, 0xd4, 0x30, 0x97, 0xa1, 0x37, 0x21, 0x4f, 0x9f, 0xdb, 0xac, 0x67, 0xf2, 0xec, 0xca,
+	0xd7, 0x30, 0x83, 0x73, 0x5c, 0x50, 0xe5, 0xc9, 0xf4, 0x4f, 0x93, 0x00, 0x1d, 0x12, 0x1c, 0xab,
+	0xa1, 0x1f, 0x41, 0x3e, 0x2a, 0xe2, 0xaf, 0x2b, 0x26, 0x63, 0xfb, 0x15, 0xe1, 0xd1, 0x27, 0x61,
+	0xc4, 0x48, 0x8e, 0xbd, 0x58, 0x51, 0x8d, 0xb5, 0x88, 0xa6, 0xce, 0x12, 0x69, 0x7e, 0xd7, 0x50,
+	0xdf, 0x57, 0x1b, 0xc7, 0xff, 0xa2, 0xaa, 0xc8, 0xb7, 0x72, 0xce, 0x8a, 0xb9, 0xdd, 0x5b, 0x34,
+	0xc8, 0xdc, 0x82, 0x3e, 0x59, 0xc2, 0x53, 0xbd, 0x6d, 0x0d, 0x56, 0xfd, 0xb1, 0xcb, 0xbd, 0xee,
+	0x05, 0xa2, 0x5b, 0xb7, 0xe1, 0x8d, 0x26, 0x65, 0xa7, 0x9e, 0x7f, 0x6c, 0x30, 0x46, 0xcc, 0x01,
+	0x2f, 0xaa, 0x55, 0x92, 0x99, 0x12, 0xce, 0xc4, 0x0c, 0xe1, 0x5c, 0x87, 0x65, 0xe2, 0xd8, 0x24,
+	0xa0, 0xf2, 0x96, 0xce, 0xe3, 0xb0, 0xc9, 0x69, 0x31, 0xb1, 0x2c, 0x9f, 0x06, 0x01, 0x95, 0x65,
+	0x60, 0x1e, 0x4f, 0x05, 0xfa, 0xbf, 0x24, 0x01, 0x1a, 0x2d, 0x63, 0x4f, 0x99, 0xaf, 0x41, 0xf6,
+	0x88, 0x0c, 0x6d, 0x67, 0x72, 0xdd, 0x21, 0x9b, 0xe2, 0x2b, 0x86, 0x34, 0xb4, 0x23, 0x74, 0xb0,
+	0xd2, 0x15, 0x6c, 0x79, 0x7c, 0xe8, 0x52, 0x16, 0xb1, 0x65, 0xd1, 0xe2, 0x57, 0xb3, 0x4f, 0xdc,
+	0x68, 0x61, 0x65, 0x83, 0xbb, 0xde, 0x27, 0x8c, 0x9e, 0x92, 0x49, 0x78, 0x26, 0x54, 0x13, 0x3d,
+	0xe1, 0x2c, 0x9a, 0x17, 0xf7, 0xd4, 0x5a, 0xcf, 0x08, 0xee, 0xf1, 0x5d, 0xfe, 0x60, 0x05, 0x97,
+	0xa4, 0x23, 0xd2, 0x2e, 0x3d, 0x12, 0x37, 0xe5, 0xb4, 0xeb, 0xb5, 0x8a, 0xd8, 0x8f, 0x60, 0x65,
+	0x66, 0x9e, 0x2f, 0x95, 0x29, 0x8d, 0xd6, 0xc1, 0x0f, 0xb5, 0xb4, 0xfa, 0xf7, 0xa9, 0x96, 0xd5,
+	0xff, 0x2b, 0x01, 0xd0, 0xf2, 0xfc, 0x70, 0xd3, 0x16, 0x3f, 0x0b, 0xe5, 0xc4, 0x23, 0x93, 0xe9,
+	0x39, 0x2a, 0x3c, 0x17, 0xf2, 0xf4, 0xa9, 0x15, 0x4e, 0x7b, 0x05, 0x1c, 0x47, 0x8a, 0x68, 0x13,
+	0x0a, 0x72, 0xff, 0x7b, 0x23, 0xcf, 0x97, 0xf9, 0x68, 0x05, 0x83, 0x14, 0x71, 0x4d, 0x74, 0x1f,
+	0x56, 0x47, 0xe3, 0x43, 0xc7, 0x0e, 0x06, 0xd4, 0x92, 0x98, 0xb4, 0xc0, 0xac, 0x44, 0x52, 0x0e,
+	0xd3, 0x6b, 0x90, 0x0b, 0xad, 0xa3, 0x75, 0x48, 0x75, 0xaa, 0x2d, 0x6d, 0xa9, 0xb4, 0x76, 0x76,
+	0x5e, 0x2e, 0x84, 0xe2, 0x4e, 0xb5, 0xc5, 0x7b, 0xba, 0xb5, 0x96, 0x96, 0x98, 0xed, 0xe9, 0xd6,
+	0x5a, 0xa5, 0x34, 0xbf, 0x25, 0xf5, 0xbf, 0x4e, 0x40, 0x56, 0x72, 0xb6, 0x85, 0x33, 0x36, 0x60,
+	0x39, 0xac, 0x24, 0x24, 0x91, 0x7c, 0xf7, 0x6a, 0xd2, 0x57, 0x51, 0x1c, 0x4d, 0xee, 0x63, 0xa8,
+	0x57, 0xfa, 0x0c, 0x8a, 0xf1, 0x8e, 0xd7, 0xda, 0xc5, 0x3f, 0x86, 0x02, 0x0f, 0x94, 0x90, 0xfc,
+	0x6d, 0x41, 0x56, 0xf2, 0x4a, 0x95, 0x55, 0xae, 0x63, 0xa0, 0x0a, 0x89, 0x1e, 0xc2, 0xb2, 0x64,
+	0xad, 0xe1, 0x7b, 0xca, 0xc6, 0xf5, 0xe1, 0x88, 0x43, 0xb8, 0xfe, 0x39, 0xa4, 0x5b, 0x94, 0xfa,
+	0xe8, 0x1e, 0x2c, 0xbb, 0x9e, 0x45, 0xa7, 0x49, 0x54, 0x11, 0x6e, 0x8b, 0x36, 0x6a, 0x9c, 0x70,
+	0x5b, 0xb4, 0x61, 0xf1, 0xc5, 0xe3, 0x07, 0x34, 0x7c, 0x52, 0xe2, 0xff, 0xf5, 0x0e, 0x14, 0x9f,
+	0x51, 0xbb, 0x3f, 0x60, 0xd4, 0x12, 0x86, 0x3e, 0x80, 0xf4, 0x88, 0x46, 0xce, 0xaf, 0x2f, 0x0c,
+	0x1d, 0x4a, 0x7d, 0x2c, 0x50, 0xfc, 0x40, 0x9e, 0x0a, 0x6d, 0xf5, 0x8a, 0xa7, 0x5a, 0xfa, 0x3f,
+	0x24, 0x61, 0xb5, 0x11, 0x04, 0x63, 0xe2, 0x9a, 0xe1, 0x2d, 0xfb, 0x93, 0xd9, 0x5b, 0xf6, 0xc1,
+	0xc2, 0x19, 0xce, 0xa8, 0xcc, 0x56, 0xf9, 0x2a, 0x49, 0x26, 0xa3, 0x24, 0xa9, 0x7f, 0x93, 0x08,
+	0xcb, 0xfb, 0xfb, 0xb1, 0x73, 0x53, 0x5a, 0x3f, 0x3b, 0x2f, 0xdf, 0x8a, 0x5b, 0xa2, 0x5d, 0xf7,
+	0xd8, 0xf5, 0x4e, 0x5d, 0xf4, 0x36, 0x2f, 0xf7, 0x9b, 0xf5, 0x67, 0x5a, 0xa2, 0x74, 0xfb, 0xec,
+	0xbc, 0x8c, 0x66, 0x40, 0x98, 0xba, 0xf4, 0x94, 0x5b, 0x6a, 0xd5, 0x9b, 0x35, 0x7e, 0x1f, 0x26,
+	0x17, 0x58, 0x6a, 0x51, 0xd7, 0xb2, 0xdd, 0x3e, 0xba, 0x07, 0xd9, 0x46, 0xbb, 0xdd, 0x15, 0x05,
+	0xd8, 0x1b, 0x67, 0xe7, 0xe5, 0x9b, 0x33, 0x28, 0xde, 0xa0, 0x16, 0x07, 0x71, 0x82, 0xc8, 0x6f,
+	0xca, 0x05, 0x20, 0xce, 0x5d, 0xa8, 0xa5, 0x22, 0xfc, 0xdf, 0x92, 0xa0, 0x19, 0xa6, 0x49, 0x47,
+	0x8c, 0xf7, 0x2b, 0xd2, 0xdd, 0x81, 0xdc, 0x88, 0xff, 0xb3, 0x45, 0x11, 0xc1, 0xc3, 0xe2, 0xe1,
+	0xc2, 0x27, 0xde, 0x39, 0xbd, 0x0a, 0xf6, 0x1c, 0x6a, 0x58, 0x43, 0x3b, 0x08, 0x78, 0x71, 0x29,
+	0x64, 0x38, 0xb2, 0x54, 0xfa, 0x55, 0x02, 0x6e, 0x2e, 0x40, 0xa0, 0x8f, 0x20, 0xed, 0x7b, 0x4e,
+	0xb8, 0x3d, 0x77, 0xaf, 0x7a, 0x80, 0xe1, 0xaa, 0x58, 0x20, 0xd1, 0x06, 0x00, 0x19, 0x33, 0x8f,
+	0x88, 0xf1, 0xc5, 0xc6, 0xe4, 0x70, 0x4c, 0x82, 0x9e, 0x41, 0x36, 0xa0, 0xa6, 0x4f, 0x43, 0x3e,
+	0xf3, 0xf9, 0xff, 0xd7, 0xfb, 0x4a, 0x5b, 0x98, 0xc1, 0xca, 0x5c, 0xa9, 0x02, 0x59, 0x29, 0xe1,
+	0x11, 0x6d, 0x11, 0x46, 0x84, 0xd3, 0x45, 0x2c, 0xfe, 0xf3, 0x40, 0x21, 0x4e, 0x3f, 0x0c, 0x14,
+	0xe2, 0xf4, 0xf5, 0x9f, 0x25, 0x01, 0xea, 0xcf, 0x19, 0xf5, 0x5d, 0xe2, 0x54, 0x0d, 0x54, 0x8f,
+	0x65, 0x48, 0x39, 0xdb, 0xf7, 0x16, 0x3e, 0xcb, 0x45, 0x1a, 0x95, 0xaa, 0xb1, 0x20, 0x47, 0xde,
+	0x81, 0xd4, 0xd8, 0x77, 0xd4, 0x13, 0xaf, 0x20, 0x22, 0x5d, 0xbc, 0x8b, 0xb9, 0x0c, 0xd5, 0xa7,
+	0x19, 0x29, 0x75, 0xf5, 0xdb, 0x7c, 0x6c, 0x80, 0xdf, 0x7e, 0x56, 0xfa, 0x00, 0x60, 0xea, 0x35,
+	0xda, 0x80, 0x4c, 0x75, 0xa7, 0xdd, 0xde, 0xd5, 0x96, 0x64, 0x8d, 0x38, 0xed, 0x12, 0x62, 0xfd,
+	0xef, 0x13, 0x90, 0xab, 0x1a, 0xea, 0x56, 0xd9, 0x01, 0x4d, 0xe4, 0x12, 0x93, 0xfa, 0xac, 0x47,
+	0x9f, 0x8f, 0x6c, 0x7f, 0xa2, 0xd2, 0xc1, 0xf5, 0x2c, 0x7e, 0x95, 0x6b, 0x55, 0xa9, 0xcf, 0xea,
+	0x42, 0x07, 0x61, 0x28, 0x52, 0x35, 0xc5, 0x9e, 0x49, 0xc2, 0xe4, 0xbc, 0x71, 0xfd, 0x52, 0x48,
+	0xf6, 0x37, 0x6d, 0x07, 0xb8, 0x10, 0x1a, 0xa9, 0x92, 0x40, 0x3f, 0x80, 0x9b, 0xfb, 0xbe, 0x39,
+	0xa0, 0x01, 0x93, 0x83, 0x2a, 0x97, 0x3f, 0x87, 0xbb, 0x8c, 0x04, 0xc7, 0xbd, 0x81, 0x1d, 0x30,
+	0xcf, 0x9f, 0xf4, 0x7c, 0xca, 0xa8, 0xcb, 0xfb, 0x7b, 0xe2, 0x0b, 0x80, 0xaa, 0xc1, 0xef, 0x70,
+	0xcc, 0x13, 0x09, 0xc1, 0x21, 0x62, 0x97, 0x03, 0xf4, 0x06, 0x14, 0x39, 0x61, 0xab, 0xd1, 0x23,
+	0x32, 0x76, 0x58, 0x80, 0x7e, 0x04, 0xe0, 0x78, 0xfd, 0xde, 0x2b, 0x67, 0xf2, 0xbc, 0xe3, 0xf5,
+	0xe5, 0x5f, 0xfd, 0xf7, 0x41, 0xab, 0xd9, 0xc1, 0x88, 0x30, 0x73, 0x10, 0x3e, 0x2e, 0xa0, 0xc7,
+	0xa0, 0x0d, 0x28, 0xf1, 0xd9, 0x21, 0x25, 0xac, 0x37, 0xa2, 0xbe, 0xed, 0x59, 0xaf, 0xb4, 0xa4,
+	0x6b, 0x91, 0x56, 0x4b, 0x28, 0xe9, 0xbf, 0x4e, 0x00, 0x60, 0x72, 0x14, 0x12, 0x80, 0x1f, 0xc0,
+	0x8d, 0xc0, 0x25, 0xa3, 0x60, 0xe0, 0xb1, 0x9e, 0xed, 0x32, 0xea, 0x9f, 0x10, 0x47, 0x15, 0x88,
+	0x5a, 0xd8, 0xd1, 0x50, 0x72, 0xf4, 0x01, 0xa0, 0x63, 0x4a, 0x47, 0x3d, 0xcf, 0xb1, 0x7a, 0x61,
+	0xa7, 0xfc, 0x44, 0x91, 0xc6, 0x1a, 0xef, 0xd9, 0x77, 0xac, 0x76, 0x28, 0x47, 0xdb, 0xb0, 0xc1,
+	0x57, 0x80, 0xba, 0xcc, 0xb7, 0x69, 0xd0, 0x3b, 0xf2, 0xfc, 0x5e, 0xe0, 0x78, 0xa7, 0xbd, 0x23,
+	0xcf, 0x71, 0xbc, 0x53, 0xea, 0x87, 0xe5, 0x77, 0xc9, 0xf1, 0xfa, 0x75, 0x09, 0xda, 0xf1, 0xfc,
+	0xb6, 0xe3, 0x9d, 0xee, 0x84, 0x08, 0xce, 0x12, 0xa6, 0xd3, 0x66, 0xb6, 0x79, 0x1c, 0xb2, 0x84,
+	0x48, 0xda, 0xb1, 0xcd, 0x63, 0x74, 0x0f, 0x56, 0xa8, 0x43, 0x45, 0x11, 0x27, 0x51, 0x19, 0x81,
+	0x2a, 0x86, 0x42, 0x0e, 0xd2, 0x7f, 0x07, 0xf2, 0x2d, 0x87, 0x98, 0xe2, 0x43, 0x10, 0x2f, 0x89,
+	0x4d, 0xcf, 0xe5, 0x41, 0x60, 0xbb, 0x4c, 0x66, 0xc7, 0x3c, 0x8e, 0x8b, 0xf4, 0x9f, 0x00, 0xfc,
+	0xd4, 0xb3, 0xdd, 0x8e, 0x77, 0x4c, 0x5d, 0xf1, 0x66, 0xce, 0x59, 0xaf, 0xda, 0xca, 0x3c, 0x56,
+	0x2d, 0xc1, 0xc9, 0x89, 0x4b, 0xfa, 0xd4, 0x8f, 0x9e, 0x8e, 0x65, 0x93, 0x5f, 0x2e, 0x59, 0xec,
+	0x79, 0xac, 0x6a, 0xa0, 0x32, 0x64, 0x4d, 0xd2, 0x0b, 0x4f, 0x5e, 0x71, 0x3b, 0x7f, 0x79, 0xb1,
+	0x99, 0xa9, 0x1a, 0x4f, 0xe9, 0x04, 0x67, 0x4c, 0xf2, 0x94, 0x4e, 0xf8, 0xed, 0x6b, 0x12, 0x71,
+	0x5e, 0x84, 0x99, 0xa2, 0xbc, 0x7d, 0xab, 0x06, 0x3f, 0x0c, 0x38, 0x6b, 0x12, 0xfe, 0x8b, 0x3e,
+	0x82, 0xa2, 0x02, 0xf5, 0x06, 0x24, 0x18, 0x48, 0xae, 0xba, 0xbd, 0x7a, 0x79, 0xb1, 0x09, 0x12,
+	0xf9, 0x84, 0x04, 0x03, 0x0c, 0x12, 0xcd, 0xff, 0xa3, 0x3a, 0x14, 0xbe, 0xf2, 0x6c, 0xb7, 0xc7,
+	0xc4, 0x24, 0x54, 0x25, 0xbd, 0xf0, 0xfc, 0x4c, 0xa7, 0xaa, 0xca, 0x7b, 0xf8, 0x2a, 0x92, 0xe8,
+	0xff, 0x9a, 0x80, 0x02, 0xb7, 0x69, 0x1f, 0xd9, 0x26, 0xbf, 0x2d, 0x5f, 0x3f, 0xd3, 0xdf, 0x81,
+	0x94, 0x19, 0xf8, 0x6a, 0x6e, 0x22, 0xd5, 0x55, 0xdb, 0x18, 0x73, 0x19, 0xfa, 0x02, 0xb2, 0xb2,
+	0xb8, 0x50, 0x49, 0x5e, 0xff, 0xee, 0x7b, 0x5d, 0xb9, 0xa8, 0xf4, 0xc4, 0x5e, 0x4e, 0xbd, 0x13,
+	0xb3, 0x2c, 0xe2, 0xb8, 0x08, 0xdd, 0x86, 0xa4, 0xe9, 0x8a, 0xa0, 0x50, 0xdf, 0xd2, 0xaa, 0x4d,
+	0x9c, 0x34, 0x5d, 0xfd, 0x9f, 0x13, 0xb0, 0x52, 0x77, 0x4d, 0x7f, 0x22, 0x92, 0x24, 0xdf, 0x88,
+	0xbb, 0x90, 0x0f, 0xc6, 0x87, 0xc1, 0x24, 0x60, 0x74, 0x18, 0x3e, 0xd5, 0x47, 0x02, 0xd4, 0x80,
+	0x3c, 0x71, 0xfa, 0x9e, 0x6f, 0xb3, 0xc1, 0x50, 0x71, 0xe3, 0xc5, 0x89, 0x39, 0x6e, 0xb3, 0x62,
+	0x84, 0x2a, 0x78, 0xaa, 0x1d, 0xa6, 0xe2, 0x94, 0x70, 0x56, 0xa4, 0xe2, 0xb7, 0xa1, 0xe8, 0x90,
+	0x21, 0xa7, 0xc2, 0x3d, 0x5e, 0x72, 0x89, 0x79, 0xa4, 0x71, 0x41, 0xc9, 0x78, 0x19, 0xa9, 0xeb,
+	0x90, 0x8f, 0x8c, 0xa1, 0x35, 0x28, 0x18, 0xf5, 0x76, 0xef, 0xe3, 0xad, 0x87, 0xbd, 0xc7, 0xd5,
+	0x3d, 0x6d, 0x49, 0x31, 0x81, 0x7f, 0x4c, 0xc0, 0xca, 0x9e, 0x8c, 0x41, 0x45, 0x9c, 0xee, 0xc1,
+	0xb2, 0x4f, 0x8e, 0x58, 0x48, 0xed, 0xd2, 0x32, 0xb8, 0x78, 0x12, 0xe0, 0xd4, 0x8e, 0x77, 0x2d,
+	0xa6, 0x76, 0xb1, 0x0f, 0x45, 0xa9, 0x6b, 0x3f, 0x14, 0xa5, 0x7f, 0x2b, 0x1f, 0x8a, 0xf4, 0x5f,
+	0x26, 0x60, 0x4d, 0x5d, 0xd4, 0xe1, 0xc7, 0x11, 0xf4, 0x1e, 0xe4, 0xe5, 0x9d, 0x3d, 0x25, 0xa6,
+	0xe2, 0x7b, 0x85, 0xc4, 0x35, 0x6a, 0x38, 0x27, 0xbb, 0x1b, 0x16, 0xfa, 0x71, 0xec, 0x55, 0xf4,
+	0x0a, 0x7a, 0x38, 0x67, 0xbd, 0x32, 0x7d, 0x2a, 0xbd, 0xf2, 0x7b, 0xc9, 0x26, 0x14, 0x94, 0x03,
+	0xa2, 0x6c, 0x90, 0x75, 0x20, 0x48, 0x51, 0x93, 0x0c, 0xa9, 0x7e, 0x1f, 0xd2, 0xdc, 0x0c, 0x02,
+	0xc8, 0xb6, 0xbf, 0x6c, 0x77, 0xea, 0x7b, 0xb2, 0xf2, 0xda, 0x69, 0x88, 0x8f, 0x56, 0xcb, 0x90,
+	0xaa, 0x37, 0x0f, 0xb4, 0xe4, 0xfb, 0xbf, 0x4e, 0x41, 0x3e, 0xaa, 0xe8, 0xf9, 0x79, 0xe0, 0x34,
+	0x72, 0x49, 0xbe, 0xeb, 0x45, 0xf2, 0xa6, 0x20, 0x90, 0x79, 0x63, 0x77, 0x77, 0xbf, 0x6a, 0x74,
+	0xea, 0x35, 0xed, 0x0b, 0xc9, 0x33, 0x23, 0x80, 0xe1, 0x38, 0x1e, 0x8f, 0x68, 0x0b, 0xe9, 0x53,
+	0x9e, 0xf9, 0x42, 0xbd, 0x1e, 0x46, 0xa8, 0x90, 0x64, 0xbe, 0x03, 0x39, 0xa3, 0xdd, 0x6e, 0x3c,
+	0x6e, 0xd6, 0x6b, 0xda, 0xd7, 0x89, 0xd2, 0xf7, 0xce, 0xce, 0xcb, 0x37, 0xa6, 0xa6, 0x82, 0xc0,
+	0xee, 0xbb, 0xd4, 0x12, 0xa8, 0x6a, 0xb5, 0xde, 0xe2, 0xe3, 0xbd, 0x48, 0xce, 0xa3, 0x04, 0xbb,
+	0x12, 0x5f, 0x02, 0xf2, 0x2d, 0x5c, 0x6f, 0x19, 0x98, 0x8f, 0xf8, 0x75, 0x72, 0xce, 0xaf, 0x96,
+	0x4f, 0x47, 0xc4, 0xe7, 0x63, 0x6e, 0x84, 0x5f, 0xc4, 0x5e, 0xa4, 0xe4, 0x6b, 0xf1, 0xf4, 0x19,
+	0x83, 0x12, 0x6b, 0xc2, 0x47, 0x13, 0xcf, 0x3f, 0xc2, 0x4c, 0x6a, 0x6e, 0xb4, 0x36, 0x23, 0x3e,
+	0xe3, 0x56, 0x74, 0x58, 0xc6, 0xdd, 0x66, 0x53, 0xcc, 0x2e, 0x3d, 0x37, 0x3b, 0x3c, 0x76, 0x5d,
+	0x8e, 0xb9, 0x0f, 0xb9, 0xf0, 0x75, 0x48, 0xfb, 0x3a, 0x3d, 0xe7, 0x50, 0x35, 0x7c, 0xda, 0x12,
+	0x03, 0x3e, 0xe9, 0x76, 0xc4, 0x07, 0xbb, 0x17, 0x99, 0xf9, 0x01, 0x07, 0x63, 0x66, 0x71, 0x66,
+	0x5f, 0x8e, 0xa8, 0xf6, 0xd7, 0x19, 0xc9, 0x70, 0x22, 0x8c, 0xe4, 0xd9, 0xdc, 0x0e, 0xae, 0xff,
+	0x54, 0x7e, 0xdb, 0x7b, 0x91, 0x9d, 0xb3, 0x83, 0xe9, 0x57, 0xd4, 0x64, 0xd4, 0x9a, 0x3e, 0x86,
+	0x47, 0x5d, 0xef, 0xff, 0x01, 0xe4, 0xc2, 0x6c, 0x88, 0x36, 0x20, 0xfb, 0x6c, 0x1f, 0x3f, 0xad,
+	0x63, 0x6d, 0x49, 0xae, 0x4e, 0xd8, 0xf3, 0x4c, 0x5e, 0x27, 0x65, 0x58, 0xde, 0x33, 0x9a, 0xc6,
+	0xe3, 0x3a, 0x0e, 0x1f, 0xe3, 0x43, 0x80, 0x3a, 0xd2, 0x25, 0x4d, 0x0d, 0x10, 0xd9, 0xdc, 0xbe,
+	0xfb, 0xcd, 0xb7, 0x1b, 0x4b, 0xbf, 0xf8, 0x76, 0x63, 0xe9, 0x57, 0xdf, 0x6e, 0x24, 0x5e, 0x5c,
+	0x6e, 0x24, 0xbe, 0xb9, 0xdc, 0x48, 0xfc, 0xfc, 0x72, 0x23, 0xf1, 0x1f, 0x97, 0x1b, 0x89, 0xc3,
+	0xac, 0xa0, 0x9b, 0x9f, 0xfc, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x79, 0xf6, 0x7c, 0x35, 0x9d,
+	0x22, 0x00, 0x00,
 }

vendor/src/github.com/docker/swarmkit/api/types.proto

@@ -301,26 +301,26 @@ message UpdateConfig {
 	// be used.
 	Duration monitor = 4;
 
-	// AllowedFailureFraction is the fraction of tasks that may fail during
+	// MaxFailureRatio is the fraction of tasks that may fail during
 	// an update before the failure action is invoked. Any task created by
 	// the current update which ends up in one of the states REJECTED,
 	// COMPLETED or FAILED within Monitor from its creation counts as a
 	// failure. The number of failures is divided by the number of tasks
 	// being updated, and if this fraction is greater than
-	// AllowedFailureFraction, the failure action is invoked.
+	// MaxFailureRatio, the failure action is invoked.
 	//
 	// If the failure action is CONTINUE, there is no effect.
 	// If the failure action is PAUSE, no more tasks will be updated until
 	// another update is started.
 	// If the failure action is ROLLBACK, the orchestrator will attempt to
-	// roll back to the previous service spec. If the AllowedFailureFraction
+	// roll back to the previous service spec. If the MaxFailureRatio
 	// threshold is hit during the rollback, the rollback will pause.
 	//
 	// TODO(aaronl): Should there be a separate failure threshold for
 	// rollbacks? Should there be a failure action for rollbacks (to allow
 	// them to do something other than pause when the rollback encounters
 	// errors)?
-	float allowed_failure_fraction = 5;
+	float max_failure_ratio = 5;
 }
 
 // UpdateStatus is the status of an update in progress.
@@ -747,3 +747,32 @@ message ManagerStatus {
 	// Reachability specifies whether this node is reachable.
 	RaftMemberStatus.Reachability reachability = 4;
 }
+
+// SecretReference is the linkage between a service and a secret that it uses.
+message SecretReference {
+	// SecretID represents the ID of the specific Secret that we're
+	// referencing. This identifier exists so that SecretReferences don't leak
+	// any information about the secret contents.
+	string secret_id = 1 [(gogoproto.customname) = "SecretID"];
+
+	// Mode specifies how this secret should be exposed to the task.
+	enum Mode {
+		// SYSTEM means that it is not exposed inside to a task at all, but
+		// only available via direct access, usually at the agent-level
+		SYSTEM = 0;
+		// FILE means that it will be exposed to the task as a file
+		FILE = 1;
+		// ENV means that it will be exposed to the task as an environment variable
+		ENV = 2;
+	}
+
+	// Mode is the way the secret should be presented.
+	Mode mode = 2;
+
+	// Target is the name by which the image accesses the secret.
+	string target = 3;
+
+	// SecretName is the name of the secret that this references, but this is just provided for
+	// lookup/display purposes.  The secret in the reference will be identified by its ID.
+	string secret_name = 4;
+}

vendor/src/github.com/docker/swarmkit/ca/certificates.go

@@ -8,8 +8,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
-	"errors"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
@@ -28,6 +26,7 @@ import (
 	"github.com/docker/swarmkit/identity"
 	"github.com/docker/swarmkit/ioutils"
 	"github.com/docker/swarmkit/remotes"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -116,7 +115,7 @@ func (rca *RootCA) CanSign() bool {
 func (rca *RootCA) IssueAndSaveNewCertificates(paths CertPaths, cn, ou, org string) (*tls.Certificate, error) {
 	csr, key, err := GenerateAndWriteNewKey(paths)
 	if err != nil {
-		return nil, fmt.Errorf("error when generating new node certs: %v", err)
+		return nil, errors.Wrap(err, "error when generating new node certs")
 	}
 
 	if !rca.CanSign() {
@@ -126,7 +125,7 @@ func (rca *RootCA) IssueAndSaveNewCertificates(paths CertPaths, cn, ou, org stri
 	// Obtain a signed Certificate
 	certChain, err := rca.ParseValidateAndSignCSR(csr, cn, ou, org)
 	if err != nil {
-		return nil, fmt.Errorf("failed to sign node certificate: %v", err)
+		return nil, errors.Wrap(err, "failed to sign node certificate")
 	}
 
 	// Ensure directory exists
@@ -157,7 +156,7 @@ func (rca *RootCA) RequestAndSaveNewCertificates(ctx context.Context, paths Cert
 	tempPaths := genTempPaths(paths)
 	csr, key, err := GenerateAndWriteNewKey(tempPaths)
 	if err != nil {
-		return nil, fmt.Errorf("error when generating new node certs: %v", err)
+		return nil, errors.Wrap(err, "error when generating new node certs")
 	}
 
 	// Get the remote manager to issue a CA signed certificate for this node
@@ -179,7 +178,7 @@ func (rca *RootCA) RequestAndSaveNewCertificates(ctx context.Context, paths Cert
 	// Create an X509Cert so we can .Verify()
 	certBlock, _ := pem.Decode(signedCert)
 	if certBlock == nil {
-		return nil, fmt.Errorf("failed to parse certificate PEM")
+		return nil, errors.New("failed to parse certificate PEM")
 	}
 	X509Cert, err := x509.ParseCertificate(certBlock.Bytes)
 	if err != nil {
@@ -249,7 +248,7 @@ func (rca *RootCA) ParseValidateAndSignCSR(csrBytes []byte, cn, ou, org string)
 
 	cert, err := rca.Signer.Sign(signRequest)
 	if err != nil {
-		return nil, fmt.Errorf("failed to sign node certificate: %v", err)
+		return nil, errors.Wrap(err, "failed to sign node certificate")
 	}
 
 	return rca.AppendFirstRootPEM(cert)
@@ -266,12 +265,12 @@ func (rca *RootCA) AppendFirstRootPEM(cert []byte) ([]byte, error) {
 		return nil, err
 	}
 	if len(firstRootCA) < 1 {
-		return nil, fmt.Errorf("no valid Root CA certificates found")
+		return nil, errors.New("no valid Root CA certificates found")
 	}
 	// Convert the first root CA back to PEM
 	firstRootCAPEM := helpers.EncodeCertificatePEM(firstRootCA[0])
 	if firstRootCAPEM == nil {
-		return nil, fmt.Errorf("error while encoding the Root CA certificate")
+		return nil, errors.New("error while encoding the Root CA certificate")
 	}
 	// Append this Root CA to the certificate to make [Cert PEM]\n[Root PEM][EOF]
 	certChain := append(cert, firstRootCAPEM...)
@@ -290,7 +289,7 @@ func NewRootCA(certBytes, keyBytes []byte, certExpiry time.Duration) (RootCA, er
 	}
 	// Check to see if we have at least one valid cert
 	if len(parsedCerts) < 1 {
-		return RootCA{}, fmt.Errorf("no valid Root CA certificates found")
+		return RootCA{}, errors.New("no valid Root CA certificates found")
 	}
 
 	// Create a Pool with all of the certificates found
@@ -298,7 +297,7 @@ func NewRootCA(certBytes, keyBytes []byte, certExpiry time.Duration) (RootCA, er
 	for _, cert := range parsedCerts {
 		// Check to see if all of the certificates are valid, self-signed root CA certs
 		if err := cert.CheckSignature(cert.SignatureAlgorithm, cert.RawTBSCertificate, cert.Signature); err != nil {
-			return RootCA{}, fmt.Errorf("error while validating Root CA Certificate: %v", err)
+			return RootCA{}, errors.Wrap(err, "error while validating Root CA Certificate")
 		}
 		pool.AddCert(cert)
 	}
@@ -331,7 +330,7 @@ func NewRootCA(certBytes, keyBytes []byte, certExpiry time.Duration) (RootCA, er
 	if err != nil {
 		priv, err = helpers.ParsePrivateKeyPEMWithPassword(keyBytes, passphrasePrev)
 		if err != nil {
-			return RootCA{}, fmt.Errorf("Malformed private key: %v", err)
+			return RootCA{}, errors.Wrap(err, "malformed private key")
 		}
 	}
 
@@ -371,10 +370,10 @@ func ensureCertKeyMatch(cert *x509.Certificate, key crypto.PublicKey) error {
 			return nil
 		}
 	default:
-		return fmt.Errorf("unknown or unsupported certificate public key algorithm")
+		return errors.New("unknown or unsupported certificate public key algorithm")
 	}
 
-	return fmt.Errorf("certificate key mismatch")
+	return errors.New("certificate key mismatch")
 }
 
 // GetLocalRootCA validates if the contents of the file are a valid self-signed
@@ -446,13 +445,13 @@ func GetRemoteCA(ctx context.Context, d digest.Digest, r remotes.Remotes) (RootC
 	if d != "" {
 		verifier, err := digest.NewDigestVerifier(d)
 		if err != nil {
-			return RootCA{}, fmt.Errorf("unexpected error getting digest verifier: %v", err)
+			return RootCA{}, errors.Wrap(err, "unexpected error getting digest verifier")
 		}
 
 		io.Copy(verifier, bytes.NewReader(response.Certificate))
 
 		if !verifier.Verified() {
-			return RootCA{}, fmt.Errorf("remote CA does not match fingerprint. Expected: %s", d.Hex())
+			return RootCA{}, errors.Errorf("remote CA does not match fingerprint. Expected: %s", d.Hex())
 
 		}
 	}
@@ -466,7 +465,7 @@ func GetRemoteCA(ctx context.Context, d digest.Digest, r remotes.Remotes) (RootC
 	// Create a Pool with our RootCACertificate
 	pool := x509.NewCertPool()
 	if !pool.AppendCertsFromPEM(response.Certificate) {
-		return RootCA{}, fmt.Errorf("failed to append certificate to cert pool")
+		return RootCA{}, errors.New("failed to append certificate to cert pool")
 	}
 
 	return RootCA{Cert: response.Certificate, Digest: digest.FromBytes(response.Certificate), Pool: pool}, nil
@@ -535,7 +534,7 @@ func GenerateAndSignNewTLSCert(rootCA RootCA, cn, ou, org string, paths CertPath
 	// Obtain a signed Certificate
 	certChain, err := rootCA.ParseValidateAndSignCSR(csr, cn, ou, org)
 	if err != nil {
-		return nil, fmt.Errorf("failed to sign node certificate: %v", err)
+		return nil, errors.Wrap(err, "failed to sign node certificate")
 	}
 
 	// Ensure directory exists
@@ -587,7 +586,7 @@ func GenerateAndWriteNewKey(paths CertPaths) (csr, key []byte, err error) {
 // and that is part of a CA identified by a specific certificate pool.
 func GetRemoteSignedCertificate(ctx context.Context, csr []byte, token string, rootCAPool *x509.CertPool, r remotes.Remotes, creds credentials.TransportCredentials, nodeInfo chan<- api.IssueNodeCertificateResponse) ([]byte, error) {
 	if rootCAPool == nil {
-		return nil, fmt.Errorf("valid root CA pool required")
+		return nil, errors.New("valid root CA pool required")
 	}
 
 	if creds == nil {
@@ -649,7 +648,7 @@ func GetRemoteSignedCertificate(ctx context.Context, csr []byte, token string, r
 		// If the certificate was issued, return
 		if statusResponse.Status.State == api.IssuanceStateIssued {
 			if statusResponse.Certificate == nil {
-				return nil, fmt.Errorf("no certificate in CertificateStatus response")
+				return nil, errors.New("no certificate in CertificateStatus response")
 			}
 
 			// The certificate in the response must match the CSR
@@ -681,7 +680,7 @@ func readCertExpiration(paths CertPaths) (time.Duration, error) {
 	// Create an x509 certificate out of the contents on disk
 	certBlock, _ := pem.Decode([]byte(cert))
 	if certBlock == nil {
-		return time.Hour, fmt.Errorf("failed to decode certificate block")
+		return time.Hour, errors.New("failed to decode certificate block")
 	}
 	X509Cert, err := x509.ParseCertificate(certBlock.Bytes)
 	if err != nil {
@@ -726,7 +725,7 @@ func EncryptECPrivateKey(key []byte, passphraseStr string) ([]byte, error) {
 	keyBlock, _ := pem.Decode(key)
 	if keyBlock == nil {
 		// This RootCA does not have a valid signer.
-		return nil, fmt.Errorf("error while decoding PEM key")
+		return nil, errors.New("error while decoding PEM key")
 	}
 
 	encryptedPEMBlock, err := x509.EncryptPEMBlock(rand.Reader,
@@ -739,7 +738,7 @@ func EncryptECPrivateKey(key []byte, passphraseStr string) ([]byte, error) {
 	}
 
 	if encryptedPEMBlock.Headers == nil {
-		return nil, fmt.Errorf("unable to encrypt key - invalid PEM file produced")
+		return nil, errors.New("unable to encrypt key - invalid PEM file produced")
 	}
 
 	return pem.EncodeToMemory(encryptedPEMBlock), nil

vendor/src/github.com/docker/swarmkit/ca/config.go

@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"math/big"
@@ -22,6 +21,7 @@ import (
 	"github.com/docker/swarmkit/identity"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/remotes"
+	"github.com/pkg/errors"
 
 	"golang.org/x/net/context"
 )
@@ -341,13 +341,13 @@ func RenewTLSConfig(ctx context.Context, s *SecurityConfig, baseCertDir string,
 			if err != nil {
 				// We failed to read the expiration, let's stick with the starting default
 				log.Errorf("failed to read the expiration of the TLS certificate in: %s", paths.Node.Cert)
-				updates <- CertificateUpdate{Err: fmt.Errorf("failed to read certificate expiration")}
+				updates <- CertificateUpdate{Err: errors.New("failed to read certificate expiration")}
 			} else {
 				// If we have an expired certificate, we let's stick with the starting default in
 				// the hope that this is a temporary clock skew.
 				if expiresIn.Minutes() < 0 {
 					log.WithError(err).Errorf("failed to create a new client TLS config")
-					updates <- CertificateUpdate{Err: fmt.Errorf("TLS certificate is expired")}
+					updates <- CertificateUpdate{Err: errors.New("TLS certificate is expired")}
 				} else {
 					// Random retry time between 50% and 80% of the total time to expiration
 					retry = calculateRandomExpiry(expiresIn)
@@ -459,7 +459,7 @@ func LoadTLSCreds(rootCA RootCA, paths CertPaths) (*MutableTLSCreds, *MutableTLS
 	// Create an x509 certificate out of the contents on disk
 	certBlock, _ := pem.Decode([]byte(cert))
 	if certBlock == nil {
-		return nil, nil, fmt.Errorf("failed to parse certificate PEM")
+		return nil, nil, errors.New("failed to parse certificate PEM")
 	}
 
 	// Create an X509Cert so we can .Verify()
@@ -528,7 +528,7 @@ func genTempPaths(path CertPaths) CertPaths {
 // and the PEM-encoded root CA Certificate
 func NewServerTLSConfig(cert *tls.Certificate, rootCAPool *x509.CertPool) (*tls.Config, error) {
 	if rootCAPool == nil {
-		return nil, fmt.Errorf("valid root CA pool required")
+		return nil, errors.New("valid root CA pool required")
 	}
 
 	return &tls.Config{
@@ -547,7 +547,7 @@ func NewServerTLSConfig(cert *tls.Certificate, rootCAPool *x509.CertPool) (*tls.
 // the PEM-encoded root CA Certificate, and the name of the remote server the client wants to connect to.
 func NewClientTLSConfig(cert *tls.Certificate, rootCAPool *x509.CertPool, serverName string) (*tls.Config, error) {
 	if rootCAPool == nil {
-		return nil, fmt.Errorf("valid root CA pool required")
+		return nil, errors.New("valid root CA pool required")
 	}
 
 	return &tls.Config{
@@ -592,7 +592,7 @@ func ParseRole(apiRole api.NodeRole) (string, error) {
 	case api.NodeRoleWorker:
 		return WorkerRole, nil
 	default:
-		return "", fmt.Errorf("failed to parse api role: %v", apiRole)
+		return "", errors.Errorf("failed to parse api role: %v", apiRole)
 	}
 }
 
@@ -604,6 +604,6 @@ func FormatRole(role string) (api.NodeRole, error) {
 	case strings.ToLower(WorkerRole):
 		return api.NodeRoleWorker, nil
 	default:
-		return 0, fmt.Errorf("failed to parse role: %s", role)
+		return 0, errors.Errorf("failed to parse role: %s", role)
 	}
 }

vendor/src/github.com/docker/swarmkit/ca/external.go

@@ -4,8 +4,6 @@ import (
 	"bytes"
 	"crypto/tls"
 	"encoding/json"
-	"errors"
-	"fmt"
 	"io/ioutil"
 	"net/http"
 	"sync"
@@ -13,6 +11,7 @@ import (
 	log "github.com/Sirupsen/logrus"
 	"github.com/cloudflare/cfssl/api"
 	"github.com/cloudflare/cfssl/signer"
+	"github.com/pkg/errors"
 )
 
 // ErrNoExternalCAURLs is an error used it indicate that an ExternalCA is
@@ -80,7 +79,7 @@ func (eca *ExternalCA) Sign(req signer.SignRequest) (cert []byte, err error) {
 
 	csrJSON, err := json.Marshal(req)
 	if err != nil {
-		return nil, fmt.Errorf("unable to JSON-encode CFSSL signing request: %s", err)
+		return nil, errors.Wrap(err, "unable to JSON-encode CFSSL signing request")
 	}
 
 	// Try each configured proxy URL. Return after the first success. If
@@ -100,41 +99,41 @@ func (eca *ExternalCA) Sign(req signer.SignRequest) (cert []byte, err error) {
 func makeExternalSignRequest(client *http.Client, url string, csrJSON []byte) (cert []byte, err error) {
 	resp, err := client.Post(url, "application/json", bytes.NewReader(csrJSON))
 	if err != nil {
-		return nil, fmt.Errorf("unable to perform certificate signing request: %s", err)
+		return nil, errors.Wrap(err, "unable to perform certificate signing request")
 	}
 	defer resp.Body.Close()
 
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("unable to read CSR response body: %s", err)
+		return nil, errors.Wrap(err, "unable to read CSR response body")
 	}
 
 	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("unexpected status code in CSR response: %d - %s", resp.StatusCode, string(body))
+		return nil, errors.Errorf("unexpected status code in CSR response: %d - %s", resp.StatusCode, string(body))
 	}
 
 	var apiResponse api.Response
 	if err := json.Unmarshal(body, &apiResponse); err != nil {
 		log.Debugf("unable to JSON-parse CFSSL API response body: %s", string(body))
-		return nil, fmt.Errorf("unable to parse JSON response: %s", err)
+		return nil, errors.Wrap(err, "unable to parse JSON response")
 	}
 
 	if !apiResponse.Success || apiResponse.Result == nil {
 		if len(apiResponse.Errors) > 0 {
-			return nil, fmt.Errorf("response errors: %v", apiResponse.Errors)
+			return nil, errors.Errorf("response errors: %v", apiResponse.Errors)
 		}
 
-		return nil, fmt.Errorf("certificate signing request failed")
+		return nil, errors.New("certificate signing request failed")
 	}
 
 	result, ok := apiResponse.Result.(map[string]interface{})
 	if !ok {
-		return nil, fmt.Errorf("invalid result type: %T", apiResponse.Result)
+		return nil, errors.Errorf("invalid result type: %T", apiResponse.Result)
 	}
 
 	certPEM, ok := result["certificate"].(string)
 	if !ok {
-		return nil, fmt.Errorf("invalid result certificate field type: %T", result["certificate"])
+		return nil, errors.Errorf("invalid result certificate field type: %T", result["certificate"])
 	}
 
 	return []byte(certPEM), nil

vendor/src/github.com/docker/swarmkit/ca/server.go

@@ -2,7 +2,6 @@ package ca
 
 import (
 	"crypto/subtle"
-	"fmt"
 	"sync"
 
 	"github.com/Sirupsen/logrus"
@@ -12,6 +11,7 @@ import (
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -300,7 +300,7 @@ func (s *Server) Run(ctx context.Context) error {
 	s.mu.Lock()
 	if s.isRunning() {
 		s.mu.Unlock()
-		return fmt.Errorf("CA signer is already running")
+		return errors.New("CA signer is already running")
 	}
 	s.wg.Add(1)
 	s.mu.Unlock()
@@ -319,7 +319,7 @@ func (s *Server) Run(ctx context.Context) error {
 				return err
 			}
 			if len(clusters) != 1 {
-				return fmt.Errorf("could not find cluster object")
+				return errors.New("could not find cluster object")
 			}
 			s.updateCluster(ctx, clusters[0])
 
@@ -387,7 +387,7 @@ func (s *Server) Stop() error {
 	s.mu.Lock()
 	if !s.isRunning() {
 		s.mu.Unlock()
-		return fmt.Errorf("CA signer is already stopped")
+		return errors.New("CA signer is already stopped")
 	}
 	s.cancel()
 	s.mu.Unlock()
@@ -564,7 +564,7 @@ func (s *Server) signNodeCert(ctx context.Context, node *api.Node) {
 		err = s.store.Update(func(tx store.Tx) error {
 			node := store.GetNode(tx, nodeID)
 			if node == nil {
-				return fmt.Errorf("node %s not found", nodeID)
+				return errors.Errorf("node %s not found", nodeID)
 			}
 
 			node.Certificate.Status = api.IssuanceStatus{
@@ -595,7 +595,7 @@ func (s *Server) signNodeCert(ctx context.Context, node *api.Node) {
 			if err != nil {
 				node = store.GetNode(tx, nodeID)
 				if node == nil {
-					err = fmt.Errorf("node %s does not exist", nodeID)
+					err = errors.Errorf("node %s does not exist", nodeID)
 				}
 			}
 			return err

vendor/src/github.com/docker/swarmkit/ca/transport.go

@@ -4,14 +4,13 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
-	"fmt"
 	"net"
 	"strings"
 	"sync"
 
-	"google.golang.org/grpc/credentials"
-
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
+	"google.golang.org/grpc/credentials"
 )
 
 var (
@@ -153,7 +152,7 @@ func NewMutableTLS(c *tls.Config) (*MutableTLSCreds, error) {
 	originalTC := credentials.NewTLS(c)
 
 	if len(c.Certificates) < 1 {
-		return nil, fmt.Errorf("invalid configuration: needs at least one certificate")
+		return nil, errors.New("invalid configuration: needs at least one certificate")
 	}
 
 	subject, err := GetAndValidateCertificateSubject(c.Certificates)
@@ -177,18 +176,18 @@ func GetAndValidateCertificateSubject(certs []tls.Certificate) (pkix.Name, error
 			continue
 		}
 		if len(x509Cert.Subject.OrganizationalUnit) < 1 {
-			return pkix.Name{}, fmt.Errorf("no OU found in certificate subject")
+			return pkix.Name{}, errors.New("no OU found in certificate subject")
 		}
 
 		if len(x509Cert.Subject.Organization) < 1 {
-			return pkix.Name{}, fmt.Errorf("no organization found in certificate subject")
+			return pkix.Name{}, errors.New("no organization found in certificate subject")
 		}
 		if x509Cert.Subject.CommonName == "" {
-			return pkix.Name{}, fmt.Errorf("no valid subject names found for TLS configuration")
+			return pkix.Name{}, errors.New("no valid subject names found for TLS configuration")
 		}
 
 		return x509Cert.Subject, nil
 	}
 
-	return pkix.Name{}, fmt.Errorf("no valid certificates found for TLS configuration")
+	return pkix.Name{}, errors.New("no valid certificates found for TLS configuration")
 }

vendor/src/github.com/docker/swarmkit/manager/allocator/network.go

@@ -12,6 +12,7 @@ import (
 	"github.com/docker/swarmkit/manager/state"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
@@ -91,7 +92,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		}
 	})
 	if err != nil {
-		return fmt.Errorf("failed to find ingress network during init: %v", err)
+		return errors.Wrap(err, "failed to find ingress network during init")
 	}
 
 	// If ingress network is not found, create one right away
@@ -105,7 +106,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 
 			return nil
 		}); err != nil {
-			return fmt.Errorf("failed to create ingress network: %v", err)
+			return errors.Wrap(err, "failed to create ingress network")
 		}
 
 		a.store.View(func(tx store.ReadTx) {
@@ -115,7 +116,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 			}
 		})
 		if err != nil {
-			return fmt.Errorf("failed to find ingress network after creating it: %v", err)
+			return errors.Wrap(err, "failed to find ingress network after creating it")
 		}
 
 	}
@@ -125,7 +126,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 	// network.
 	if !na.IsAllocated(nc.ingressNetwork) {
 		if err := a.allocateNetwork(ctx, nc, nc.ingressNetwork); err != nil {
-			log.G(ctx).Errorf("failed allocating ingress network during init: %v", err)
+			log.G(ctx).WithError(err).Error("failed allocating ingress network during init")
 		}
 
 		// Update store after allocation
@@ -136,7 +137,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 
 			return nil
 		}); err != nil {
-			return fmt.Errorf("failed to create ingress network: %v", err)
+			return errors.Wrap(err, "failed to create ingress network")
 		}
 	}
 
@@ -146,7 +147,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		networks, err = store.FindNetworks(tx, store.All)
 	})
 	if err != nil {
-		return fmt.Errorf("error listing all networks in store while trying to allocate during init: %v", err)
+		return errors.Wrap(err, "error listing all networks in store while trying to allocate during init")
 	}
 
 	for _, n := range networks {
@@ -155,7 +156,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		}
 
 		if err := a.allocateNetwork(ctx, nc, n); err != nil {
-			log.G(ctx).Errorf("failed allocating network %s during init: %v", n.ID, err)
+			log.G(ctx).WithError(err).Errorf("failed allocating network %s during init", n.ID)
 		}
 	}
 
@@ -165,7 +166,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		nodes, err = store.FindNodes(tx, store.All)
 	})
 	if err != nil {
-		return fmt.Errorf("error listing all nodes in store while trying to allocate during init: %v", err)
+		return errors.Wrap(err, "error listing all nodes in store while trying to allocate during init")
 	}
 
 	for _, node := range nodes {
@@ -179,7 +180,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 
 		node.Attachment.Network = nc.ingressNetwork.Copy()
 		if err := a.allocateNode(ctx, nc, node); err != nil {
-			log.G(ctx).Errorf("Failed to allocate network resources for node %s during init: %v", node.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed to allocate network resources for node %s during init", node.ID)
 		}
 	}
 
@@ -189,7 +190,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		services, err = store.FindServices(tx, store.All)
 	})
 	if err != nil {
-		return fmt.Errorf("error listing all services in store while trying to allocate during init: %v", err)
+		return errors.Wrap(err, "error listing all services in store while trying to allocate during init")
 	}
 
 	for _, s := range services {
@@ -198,7 +199,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		}
 
 		if err := a.allocateService(ctx, nc, s); err != nil {
-			log.G(ctx).Errorf("failed allocating service %s during init: %v", s.ID, err)
+			log.G(ctx).WithError(err).Errorf("failed allocating service %s during init", s.ID)
 		}
 	}
 
@@ -208,7 +209,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 		tasks, err = store.FindTasks(tx, store.All)
 	})
 	if err != nil {
-		return fmt.Errorf("error listing all tasks in store while trying to allocate during init: %v", err)
+		return errors.Wrap(err, "error listing all tasks in store while trying to allocate during init")
 	}
 
 	if _, err := a.store.Batch(func(batch *store.Batch) error {
@@ -247,7 +248,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 						updateTaskStatus(storeT, api.TaskStateAllocated, "allocated")
 
 						if err := store.UpdateTask(tx, storeT); err != nil {
-							return fmt.Errorf("failed updating state in store transaction for task %s: %v", storeT.ID, err)
+							return errors.Wrapf(err, "failed updating state in store transaction for task %s", storeT.ID)
 						}
 
 						return nil
@@ -263,7 +264,7 @@ func (a *Allocator) doNetworkInit(ctx context.Context) error {
 				return err
 			})
 			if err != nil {
-				log.G(ctx).Errorf("failed allocating task %s during init: %v", t.ID, err)
+				log.G(ctx).WithError(err).Errorf("failed allocating task %s during init", t.ID)
 				nc.unallocatedTasks[t.ID] = t
 			}
 		}
@@ -288,7 +289,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) {
 		}
 
 		if err := a.allocateNetwork(ctx, nc, n); err != nil {
-			log.G(ctx).Errorf("Failed allocation for network %s: %v", n.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed allocation for network %s", n.ID)
 			break
 		}
 	case state.EventDeleteNetwork:
@@ -299,7 +300,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) {
 		// thing that needs to happen is free the network
 		// resources.
 		if err := nc.nwkAllocator.Deallocate(n); err != nil {
-			log.G(ctx).Errorf("Failed during network free for network %s: %v", n.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed during network free for network %s", n.ID)
 		}
 	case state.EventCreateService:
 		s := v.Service.Copy()
@@ -309,7 +310,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) {
 		}
 
 		if err := a.allocateService(ctx, nc, s); err != nil {
-			log.G(ctx).Errorf("Failed allocation for service %s: %v", s.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed allocation for service %s", s.ID)
 			break
 		}
 	case state.EventUpdateService:
@@ -320,14 +321,14 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) {
 		}
 
 		if err := a.allocateService(ctx, nc, s); err != nil {
-			log.G(ctx).Errorf("Failed allocation during update of service %s: %v", s.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed allocation during update of service %s", s.ID)
 			break
 		}
 	case state.EventDeleteService:
 		s := v.Service.Copy()
 
 		if err := nc.nwkAllocator.ServiceDeallocate(s); err != nil {
-			log.G(ctx).Errorf("Failed deallocation during delete of service %s: %v", s.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed deallocation during delete of service %s", s.ID)
 		}
 
 		// Remove it from unallocatedServices just in case
@@ -364,7 +365,7 @@ func (a *Allocator) doNodeAlloc(ctx context.Context, nc *networkContext, ev even
 	if isDelete {
 		if nc.nwkAllocator.IsNodeAllocated(node) {
 			if err := nc.nwkAllocator.DeallocateNode(node); err != nil {
-				log.G(ctx).Errorf("Failed freeing network resources for node %s: %v", node.ID, err)
+				log.G(ctx).WithError(err).Errorf("Failed freeing network resources for node %s", node.ID)
 			}
 		}
 		return
@@ -377,7 +378,7 @@ func (a *Allocator) doNodeAlloc(ctx context.Context, nc *networkContext, ev even
 
 		node.Attachment.Network = nc.ingressNetwork.Copy()
 		if err := a.allocateNode(ctx, nc, node); err != nil {
-			log.G(ctx).Errorf("Failed to allocate network resources for node %s: %v", node.ID, err)
+			log.G(ctx).WithError(err).Errorf("Failed to allocate network resources for node %s", node.ID)
 		}
 	}
 }
@@ -485,7 +486,7 @@ func (a *Allocator) doTaskAlloc(ctx context.Context, nc *networkContext, ev even
 	if taskDead(t) || isDelete {
 		if nc.nwkAllocator.IsTaskAllocated(t) {
 			if err := nc.nwkAllocator.DeallocateTask(t); err != nil {
-				log.G(ctx).Errorf("Failed freeing network resources for task %s: %v", t.ID, err)
+				log.G(ctx).WithError(err).Errorf("Failed freeing network resources for task %s", t.ID)
 			}
 		}
 
@@ -538,7 +539,7 @@ func (a *Allocator) allocateNode(ctx context.Context, nc *networkContext, node *
 		for {
 			err := store.UpdateNode(tx, node)
 			if err != nil && err != store.ErrSequenceConflict {
-				return fmt.Errorf("failed updating state in store transaction for node %s: %v", node.ID, err)
+				return errors.Wrapf(err, "failed updating state in store transaction for node %s", node.ID)
 			}
 
 			if err == store.ErrSequenceConflict {
@@ -553,7 +554,7 @@ func (a *Allocator) allocateNode(ctx context.Context, nc *networkContext, node *
 		return nil
 	}); err != nil {
 		if err := nc.nwkAllocator.DeallocateNode(node); err != nil {
-			log.G(ctx).WithError(err).Errorf("failed rolling back allocation of node %s: %v", node.ID, err)
+			log.G(ctx).WithError(err).Errorf("failed rolling back allocation of node %s", node.ID)
 		}
 
 		return err
@@ -623,7 +624,7 @@ func (a *Allocator) allocateService(ctx context.Context, nc *networkContext, s *
 			err := store.UpdateService(tx, s)
 
 			if err != nil && err != store.ErrSequenceConflict {
-				return fmt.Errorf("failed updating state in store transaction for service %s: %v", s.ID, err)
+				return errors.Wrapf(err, "failed updating state in store transaction for service %s", s.ID)
 			}
 
 			if err == store.ErrSequenceConflict {
@@ -638,7 +639,7 @@ func (a *Allocator) allocateService(ctx context.Context, nc *networkContext, s *
 		return nil
 	}); err != nil {
 		if err := nc.nwkAllocator.ServiceDeallocate(s); err != nil {
-			log.G(ctx).WithError(err).Errorf("failed rolling back allocation of service %s: %v", s.ID, err)
+			log.G(ctx).WithError(err).Errorf("failed rolling back allocation of service %s", s.ID)
 		}
 
 		return err
@@ -650,12 +651,12 @@ func (a *Allocator) allocateService(ctx context.Context, nc *networkContext, s *
 func (a *Allocator) allocateNetwork(ctx context.Context, nc *networkContext, n *api.Network) error {
 	if err := nc.nwkAllocator.Allocate(n); err != nil {
 		nc.unallocatedNetworks[n.ID] = n
-		return fmt.Errorf("failed during network allocation for network %s: %v", n.ID, err)
+		return errors.Wrapf(err, "failed during network allocation for network %s", n.ID)
 	}
 
 	if err := a.store.Update(func(tx store.Tx) error {
 		if err := store.UpdateNetwork(tx, n); err != nil {
-			return fmt.Errorf("failed updating state in store transaction for network %s: %v", n.ID, err)
+			return errors.Wrapf(err, "failed updating state in store transaction for network %s", n.ID)
 		}
 		return nil
 	}); err != nil {
@@ -710,7 +711,7 @@ func (a *Allocator) allocateTask(ctx context.Context, nc *networkContext, tx sto
 		}
 
 		if err := nc.nwkAllocator.AllocateTask(t); err != nil {
-			return nil, fmt.Errorf("failed during networktask allocation for task %s: %v", t.ID, err)
+			return nil, errors.Wrapf(err, "failed during networktask allocation for task %s", t.ID)
 		}
 		if nc.nwkAllocator.IsTaskAllocated(t) {
 			taskUpdateNetworks(storeT, t.Networks)
@@ -730,7 +731,7 @@ func (a *Allocator) allocateTask(ctx context.Context, nc *networkContext, tx sto
 
 	if taskUpdated {
 		if err := store.UpdateTask(tx, storeT); err != nil {
-			return nil, fmt.Errorf("failed updating state in store transaction for task %s: %v", storeT.ID, err)
+			return nil, errors.Wrapf(err, "failed updating state in store transaction for task %s", storeT.ID)
 		}
 	}
 
@@ -834,7 +835,7 @@ func (a *Allocator) procUnallocatedTasksNetwork(ctx context.Context, nc *network
 
 		retryCnt++
 		if retryCnt >= 3 {
-			log.G(ctx).Errorf("failed to complete batch update of allocated tasks after 3 retries")
+			log.G(ctx).Error("failed to complete batch update of allocated tasks after 3 retries")
 			break
 		}
 	}

vendor/src/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go

@@ -12,6 +12,7 @@ import (
 	nullIpam "github.com/docker/libnetwork/ipams/null"
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
@@ -116,12 +117,12 @@ func (na *NetworkAllocator) Allocate(n *api.Network) error {
 
 	pools, err := na.allocatePools(n)
 	if err != nil {
-		return fmt.Errorf("failed allocating pools and gateway IP for network %s: %v", n.ID, err)
+		return errors.Wrapf(err, "failed allocating pools and gateway IP for network %s", n.ID)
 	}
 
 	if err := na.allocateDriverState(n); err != nil {
 		na.freePools(n, pools)
-		return fmt.Errorf("failed while allocating driver state for network %s: %v", n.ID, err)
+		return errors.Wrapf(err, "failed while allocating driver state for network %s", n.ID)
 	}
 
 	na.networks[n.ID] = &network{
@@ -146,7 +147,7 @@ func (na *NetworkAllocator) Deallocate(n *api.Network) error {
 	}
 
 	if err := na.freeDriverState(n); err != nil {
-		return fmt.Errorf("failed to free driver state for network %s: %v", n.ID, err)
+		return errors.Wrapf(err, "failed to free driver state for network %s", n.ID)
 	}
 
 	delete(na.networks, n.ID)
@@ -374,9 +375,9 @@ func (na *NetworkAllocator) AllocateTask(t *api.Task) error {
 	for i, nAttach := range t.Networks {
 		if err := na.allocateNetworkIPs(nAttach); err != nil {
 			if err := na.releaseEndpoints(t.Networks[:i]); err != nil {
-				log.G(context.TODO()).Errorf("Failed to release IP addresses while rolling back allocation for task %s network %s: %v", t.ID, nAttach.Network.ID, err)
+				log.G(context.TODO()).WithError(err).Errorf("Failed to release IP addresses while rolling back allocation for task %s network %s", t.ID, nAttach.Network.ID)
 			}
-			return fmt.Errorf("failed to allocate network IP for task %s network %s: %v", t.ID, nAttach.Network.ID, err)
+			return errors.Wrapf(err, "failed to allocate network IP for task %s network %s", t.ID, nAttach.Network.ID)
 		}
 	}
 
@@ -396,7 +397,7 @@ func (na *NetworkAllocator) releaseEndpoints(networks []*api.NetworkAttachment)
 	for _, nAttach := range networks {
 		ipam, _, err := na.resolveIPAM(nAttach.Network)
 		if err != nil {
-			return fmt.Errorf("failed to resolve IPAM while allocating : %v", err)
+			return errors.Wrapf(err, "failed to resolve IPAM while allocating")
 		}
 
 		localNet := na.getNetwork(nAttach.Network.ID)
@@ -420,7 +421,7 @@ func (na *NetworkAllocator) releaseEndpoints(networks []*api.NetworkAttachment)
 			}
 
 			if err := ipam.ReleaseAddress(poolID, ip); err != nil {
-				log.G(context.TODO()).Errorf("IPAM failure while releasing IP address %s: %v", addr, err)
+				log.G(context.TODO()).WithError(err).Errorf("IPAM failure while releasing IP address %s", addr)
 			}
 		}
 
@@ -447,7 +448,7 @@ func (na *NetworkAllocator) allocateVIP(vip *api.Endpoint_VirtualIP) error {
 
 	ipam, _, err := na.resolveIPAM(localNet.nw)
 	if err != nil {
-		return fmt.Errorf("failed to resolve IPAM while allocating : %v", err)
+		return errors.Wrap(err, "failed to resolve IPAM while allocating")
 	}
 
 	var addr net.IP
@@ -463,7 +464,7 @@ func (na *NetworkAllocator) allocateVIP(vip *api.Endpoint_VirtualIP) error {
 	for _, poolID := range localNet.pools {
 		ip, _, err := ipam.RequestAddress(poolID, addr, nil)
 		if err != nil && err != ipamapi.ErrNoAvailableIPs && err != ipamapi.ErrIPOutOfRange {
-			return fmt.Errorf("could not allocate VIP from IPAM: %v", err)
+			return errors.Wrap(err, "could not allocate VIP from IPAM")
 		}
 
 		// If we got an address then we are done.
@@ -475,18 +476,18 @@ func (na *NetworkAllocator) allocateVIP(vip *api.Endpoint_VirtualIP) error {
 		}
 	}
 
-	return fmt.Errorf("could not find an available IP while allocating VIP")
+	return errors.New("could not find an available IP while allocating VIP")
 }
 
 func (na *NetworkAllocator) deallocateVIP(vip *api.Endpoint_VirtualIP) error {
 	localNet := na.getNetwork(vip.NetworkID)
 	if localNet == nil {
-		return fmt.Errorf("networkallocator: could not find local network state")
+		return errors.New("networkallocator: could not find local network state")
 	}
 
 	ipam, _, err := na.resolveIPAM(localNet.nw)
 	if err != nil {
-		return fmt.Errorf("failed to resolve IPAM while allocating : %v", err)
+		return errors.Wrap(err, "failed to resolve IPAM while allocating")
 	}
 
 	// Retrieve the poolID and immediately nuke
@@ -501,7 +502,7 @@ func (na *NetworkAllocator) deallocateVIP(vip *api.Endpoint_VirtualIP) error {
 	}
 
 	if err := ipam.ReleaseAddress(poolID, ip); err != nil {
-		log.G(context.TODO()).Errorf("IPAM failure while releasing VIP address %s: %v", vip.Addr, err)
+		log.G(context.TODO()).WithError(err).Errorf("IPAM failure while releasing VIP address %s", vip.Addr)
 		return err
 	}
 
@@ -514,7 +515,7 @@ func (na *NetworkAllocator) allocateNetworkIPs(nAttach *api.NetworkAttachment) e
 
 	ipam, _, err := na.resolveIPAM(nAttach.Network)
 	if err != nil {
-		return fmt.Errorf("failed to resolve IPAM while allocating : %v", err)
+		return errors.Wrap(err, "failed to resolve IPAM while allocating")
 	}
 
 	localNet := na.getNetwork(nAttach.Network.ID)
@@ -536,7 +537,7 @@ func (na *NetworkAllocator) allocateNetworkIPs(nAttach *api.NetworkAttachment) e
 				addr = net.ParseIP(rawAddr)
 
 				if addr == nil {
-					return fmt.Errorf("could not parse address string %s: %v", rawAddr, err)
+					return errors.Wrapf(err, "could not parse address string %s", rawAddr)
 				}
 			}
 		}
@@ -546,7 +547,7 @@ func (na *NetworkAllocator) allocateNetworkIPs(nAttach *api.NetworkAttachment) e
 
 			ip, _, err = ipam.RequestAddress(poolID, addr, nil)
 			if err != nil && err != ipamapi.ErrNoAvailableIPs && err != ipamapi.ErrIPOutOfRange {
-				return fmt.Errorf("could not allocate IP from IPAM: %v", err)
+				return errors.Wrap(err, "could not allocate IP from IPAM")
 			}
 
 			// If we got an address then we are done.
@@ -560,7 +561,7 @@ func (na *NetworkAllocator) allocateNetworkIPs(nAttach *api.NetworkAttachment) e
 		}
 	}
 
-	return fmt.Errorf("could not find an available IP")
+	return errors.New("could not find an available IP")
 }
 
 func (na *NetworkAllocator) freeDriverState(n *api.Network) error {
@@ -592,7 +593,7 @@ func (na *NetworkAllocator) allocateDriverState(n *api.Network) error {
 
 		_, subnet, err := net.ParseCIDR(ic.Subnet)
 		if err != nil {
-			return fmt.Errorf("error parsing subnet %s while allocating driver state: %v", ic.Subnet, err)
+			return errors.Wrapf(err, "error parsing subnet %s while allocating driver state", ic.Subnet)
 		}
 
 		gwIP := net.ParseIP(ic.Gateway)
@@ -656,7 +657,7 @@ func (na *NetworkAllocator) resolveIPAM(n *api.Network) (ipamapi.Ipam, string, e
 func (na *NetworkAllocator) freePools(n *api.Network, pools map[string]string) error {
 	ipam, _, err := na.resolveIPAM(n)
 	if err != nil {
-		return fmt.Errorf("failed to resolve IPAM while freeing pools for network %s: %v", n.ID, err)
+		return errors.Wrapf(err, "failed to resolve IPAM while freeing pools for network %s", n.ID)
 	}
 
 	releasePools(ipam, n.IPAM.Configs, pools)
@@ -666,13 +667,13 @@ func (na *NetworkAllocator) freePools(n *api.Network, pools map[string]string) e
 func releasePools(ipam ipamapi.Ipam, icList []*api.IPAMConfig, pools map[string]string) {
 	for _, ic := range icList {
 		if err := ipam.ReleaseAddress(pools[ic.Subnet], net.ParseIP(ic.Gateway)); err != nil {
-			log.G(context.TODO()).Errorf("Failed to release address %s: %v", ic.Subnet, err)
+			log.G(context.TODO()).WithError(err).Errorf("Failed to release address %s", ic.Subnet)
 		}
 	}
 
 	for k, p := range pools {
 		if err := ipam.ReleasePool(p); err != nil {
-			log.G(context.TODO()).Errorf("Failed to release pool %s: %v", k, err)
+			log.G(context.TODO()).WithError(err).Errorf("Failed to release pool %s", k)
 		}
 	}
 }

vendor/src/github.com/docker/swarmkit/manager/controlapi/secret.go

@@ -0,0 +1,50 @@
+package controlapi
+
+import (
+	"github.com/docker/swarmkit/api"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+)
+
+// Currently this is contains the unimplemented secret functions in order to satisfy the interface
+
+// MaxSecretSize is the maximum byte length of the `Secret.Spec.Data` field.
+const MaxSecretSize = 500 * 1024 // 500KB
+
+// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
+// id as `GetSecretRequest.SecretID`
+// - Returns `NotFound` if the Secret with the given id is not found.
+// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
+// - Returns an error if getting fails.
+func (s *Server) GetSecret(ctx context.Context, request *api.GetSecretRequest) (*api.GetSecretResponse, error) {
+	return nil, grpc.Errorf(codes.Unimplemented, "Not yet implemented")
+}
+
+// ListSecrets returns a `ListSecretResponse` with a list all non-internal `Secret`s being
+// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
+// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
+// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
+// - Returns an error if listing fails.
+func (s *Server) ListSecrets(ctx context.Context, request *api.ListSecretsRequest) (*api.ListSecretsResponse, error) {
+	return nil, grpc.Errorf(codes.Unimplemented, "Not yet implemented")
+}
+
+// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
+// on the provided `CreateSecretRequest.SecretSpec`.
+// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
+//   or if the secret data is too long or contains invalid characters.
+// - Returns `ResourceExhausted` if there are already the maximum number of allowed
+//   secrets in the system.
+// - Returns an error if the creation fails.
+func (s *Server) CreateSecret(ctx context.Context, request *api.CreateSecretRequest) (*api.CreateSecretResponse, error) {
+	return nil, grpc.Errorf(codes.Unimplemented, "Not yet implemented")
+}
+
+// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
+// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
+// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
+// - Returns an error if the deletion fails.
+func (s *Server) RemoveSecret(ctx context.Context, request *api.RemoveSecretRequest) (*api.RemoveSecretResponse, error) {
+	return nil, grpc.Errorf(codes.Unimplemented, "Not yet implemented")
+}

vendor/src/github.com/docker/swarmkit/manager/controlapi/task.go

@@ -1,8 +1,6 @@
 package controlapi
 
 import (
-	"fmt"
-
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/state/store"
 	"golang.org/x/net/context"
@@ -106,22 +104,10 @@ func (s *Server) ListTasks(ctx context.Context, request *api.ListTasksRequest) (
 	if request.Filters != nil {
 		tasks = filterTasks(tasks,
 			func(e *api.Task) bool {
-				name := e.Annotations.Name
-				if name == "" {
-					// If Task name is not assigned then calculated name is used like before.
-					// This might be removed in the future.
-					name = fmt.Sprintf("%v.%v.%v", e.ServiceAnnotations.Name, e.Slot, e.ID)
-				}
-				return filterContains(name, request.Filters.Names)
+				return filterContains(store.TaskName(e), request.Filters.Names)
 			},
 			func(e *api.Task) bool {
-				name := e.Annotations.Name
-				if name == "" {
-					// If Task name is not assigned then calculated name is used like before
-					// This might be removed in the future.
-					name = fmt.Sprintf("%v.%v.%v", e.ServiceAnnotations.Name, e.Slot, e.ID)
-				}
-				return filterContainsPrefix(name, request.Filters.NamePrefixes)
+				return filterContainsPrefix(store.TaskName(e), request.Filters.NamePrefixes)
 			},
 			func(e *api.Task) bool {
 				return filterContainsPrefix(e.ID, request.Filters.IDPrefixes)

vendor/src/github.com/docker/swarmkit/manager/dispatcher/dispatcher.go

@@ -1,7 +1,6 @@
 package dispatcher
 
 import (
-	"errors"
 	"fmt"
 	"strconv"
 	"sync"
@@ -22,6 +21,7 @@ import (
 	"github.com/docker/swarmkit/manager/state/watch"
 	"github.com/docker/swarmkit/protobuf/ptypes"
 	"github.com/docker/swarmkit/remotes"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
@@ -167,7 +167,7 @@ func (d *Dispatcher) Run(ctx context.Context) error {
 	d.mu.Lock()
 	if d.isRunning() {
 		d.mu.Unlock()
-		return fmt.Errorf("dispatcher is already running")
+		return errors.New("dispatcher is already running")
 	}
 	ctx = log.WithModule(ctx, "dispatcher")
 	if err := d.markNodesUnknown(ctx); err != nil {
@@ -262,7 +262,7 @@ func (d *Dispatcher) Stop() error {
 	d.mu.Lock()
 	if !d.isRunning() {
 		d.mu.Unlock()
-		return fmt.Errorf("dispatcher is already stopped")
+		return errors.New("dispatcher is already stopped")
 	}
 	d.cancel()
 	d.mu.Unlock()
@@ -299,7 +299,7 @@ func (d *Dispatcher) markNodesUnknown(ctx context.Context) error {
 		nodes, err = store.FindNodes(tx, store.All)
 	})
 	if err != nil {
-		return fmt.Errorf("failed to get list of nodes: %v", err)
+		return errors.Wrap(err, "failed to get list of nodes")
 	}
 	_, err = d.store.Batch(func(batch *store.Batch) error {
 		for _, n := range nodes {
@@ -328,10 +328,10 @@ func (d *Dispatcher) markNodesUnknown(ctx context.Context) error {
 					}
 				}
 				if err := d.nodes.AddUnknown(node, expireFunc); err != nil {
-					return fmt.Errorf(`adding node in "unknown" state to node store failed: %v`, err)
+					return errors.Wrap(err, `adding node in "unknown" state to node store failed`)
 				}
 				if err := store.UpdateNode(tx, node); err != nil {
-					return fmt.Errorf("update failed %v", err)
+					return errors.Wrap(err, "update failed")
 				}
 				return nil
 			})
@@ -933,7 +933,7 @@ func (d *Dispatcher) nodeRemove(id string, status api.NodeStatus) error {
 	}
 
 	if rn := d.nodes.Delete(id); rn == nil {
-		return fmt.Errorf("node %s is not found in local storage", id)
+		return errors.Errorf("node %s is not found in local storage", id)
 	}
 
 	return nil

vendor/src/github.com/docker/swarmkit/manager/keymanager/keymanager.go

@@ -8,13 +8,13 @@ package keymanager
 import (
 	"crypto/rand"
 	"encoding/binary"
-	"fmt"
 	"sync"
 	"time"
 
 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/store"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
@@ -97,7 +97,7 @@ func (k *KeyManager) allocateKey(ctx context.Context, subsys string) *api.Encryp
 
 	_, err := rand.Read(key)
 	if err != nil {
-		panic(fmt.Errorf("key generated failed, %v", err))
+		panic(errors.Wrap(err, "key generated failed"))
 	}
 	k.keyRing.lClock++
 
@@ -137,7 +137,7 @@ func (k *KeyManager) rotateKey(ctx context.Context) error {
 
 	cluster := clusters[0]
 	if len(cluster.NetworkBootstrapKeys) == 0 {
-		panic(fmt.Errorf("no key in the cluster config"))
+		panic(errors.New("no key in the cluster config"))
 	}
 
 	subsysKeys := map[string][]*api.EncryptionKey{}
@@ -225,7 +225,7 @@ func (k *KeyManager) Stop() error {
 	k.mu.Lock()
 	defer k.mu.Unlock()
 	if k.cancel == nil {
-		return fmt.Errorf("keymanager is not started")
+		return errors.New("keymanager is not started")
 	}
 	k.cancel()
 	return nil

vendor/src/github.com/docker/swarmkit/manager/manager.go

@@ -26,6 +26,7 @@ import (
 	"github.com/docker/swarmkit/manager/state/raft"
 	"github.com/docker/swarmkit/manager/state/store"
 	"github.com/docker/swarmkit/protobuf/ptypes"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 )
@@ -142,18 +143,18 @@ func New(config *Config) (*Manager, error) {
 
 	err := os.MkdirAll(filepath.Dir(config.ProtoAddr["unix"]), 0700)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create socket directory: %v", err)
+		return nil, errors.Wrap(err, "failed to create socket directory")
 	}
 
 	err = os.MkdirAll(config.StateDir, 0700)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create state directory: %v", err)
+		return nil, errors.Wrap(err, "failed to create state directory")
 	}
 
 	raftStateDir := filepath.Join(config.StateDir, "raft")
 	err = os.MkdirAll(raftStateDir, 0700)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create raft state directory: %v", err)
+		return nil, errors.Wrap(err, "failed to create raft state directory")
 	}
 
 	var listeners map[string]net.Listener
@@ -295,24 +296,28 @@ func (m *Manager) Run(parent context.Context) error {
 	api.RegisterControlServer(m.localserver, localProxyControlAPI)
 	api.RegisterHealthServer(m.localserver, localHealthServer)
 
+	healthServer.SetServingStatus("Raft", api.HealthCheckResponse_NOT_SERVING)
+	localHealthServer.SetServingStatus("ControlAPI", api.HealthCheckResponse_NOT_SERVING)
+
 	errServe := make(chan error, len(m.listeners))
 	for proto, l := range m.listeners {
 		go m.serveListener(ctx, errServe, proto, l)
 	}
 
-	// Set the raft server as serving for the health server
-	healthServer.SetServingStatus("Raft", api.HealthCheckResponse_SERVING)
-	localHealthServer.SetServingStatus("ControlAPI", api.HealthCheckResponse_SERVING)
-
 	defer func() {
 		m.server.Stop()
 		m.localserver.Stop()
 	}()
 
+	// Set the raft server as serving for the health server
+	healthServer.SetServingStatus("Raft", api.HealthCheckResponse_SERVING)
+
 	if err := m.RaftNode.JoinAndStart(); err != nil {
-		return fmt.Errorf("can't initialize raft node: %v", err)
+		return errors.Wrap(err, "can't initialize raft node")
 	}
 
+	localHealthServer.SetServingStatus("ControlAPI", api.HealthCheckResponse_SERVING)
+
 	close(m.started)
 
 	go func() {

vendor/src/github.com/docker/swarmkit/manager/orchestrator/global.go

@@ -373,8 +373,7 @@ func (g *GlobalOrchestrator) removeTask(ctx context.Context, batch *store.Batch,
 }
 
 func (g *GlobalOrchestrator) addTask(ctx context.Context, batch *store.Batch, service *api.Service, nodeID string) {
-	task := newTask(g.cluster, service, 0)
-	task.NodeID = nodeID
+	task := newTask(g.cluster, service, 0, nodeID)
 
 	err := batch.Update(func(tx store.Tx) error {
 		return store.CreateTask(tx, task)

vendor/src/github.com/docker/swarmkit/manager/orchestrator/replicated.go

@@ -1,7 +1,6 @@
 package orchestrator
 
 import (
-	"fmt"
 	"time"
 
 	"github.com/docker/swarmkit/api"
@@ -111,7 +110,7 @@ func (r *ReplicatedOrchestrator) tick(ctx context.Context) {
 	r.tickServices(ctx)
 }
 
-func newTask(cluster *api.Cluster, service *api.Service, slot uint64) *api.Task {
+func newTask(cluster *api.Cluster, service *api.Service, slot uint64, nodeID string) *api.Task {
 	var logDriver *api.Driver
 	if service.Spec.Task.LogDriver != nil {
 		// use the log driver specific to the task, if we have it.
@@ -122,13 +121,8 @@ func newTask(cluster *api.Cluster, service *api.Service, slot uint64) *api.Task
 	}
 
 	taskID := identity.NewID()
-	// We use the following scheme to assign Task names to Annotations:
-	// Annotations.Name := <ServiceAnnotations.Name>.<Slot>.<TaskID>
-	name := fmt.Sprintf("%v.%v.%v", service.Spec.Annotations.Name, slot, taskID)
-
-	return &api.Task{
+	task := api.Task{
 		ID:                 taskID,
-		Annotations:        api.Annotations{Name: name},
 		ServiceAnnotations: service.Spec.Annotations,
 		Spec:               service.Spec.Task,
 		ServiceID:          service.ID,
@@ -144,6 +138,17 @@ func newTask(cluster *api.Cluster, service *api.Service, slot uint64) *api.Task
 		DesiredState: api.TaskStateRunning,
 		LogDriver:    logDriver,
 	}
+
+	// In global mode we also set the NodeID
+	if nodeID != "" {
+		task.NodeID = nodeID
+	}
+
+	// Assign name based on task name schema
+	name := store.TaskName(&task)
+	task.Annotations = api.Annotations{Name: name}
+
+	return &task
 }
 
 // isReplicatedService checks if a service is a replicated service

vendor/src/github.com/docker/swarmkit/manager/orchestrator/restart.go

@@ -133,10 +133,9 @@ func (r *RestartSupervisor) Restart(ctx context.Context, tx store.Tx, cluster *a
 	var restartTask *api.Task
 
 	if isReplicatedService(service) {
-		restartTask = newTask(cluster, service, t.Slot)
+		restartTask = newTask(cluster, service, t.Slot, "")
 	} else if isGlobalService(service) {
-		restartTask = newTask(cluster, service, 0)
-		restartTask.NodeID = t.NodeID
+		restartTask = newTask(cluster, service, 0, t.NodeID)
 	} else {
 		log.G(ctx).Error("service not supported by restart supervisor")
 		return nil

vendor/src/github.com/docker/swarmkit/manager/orchestrator/services.go

@@ -179,7 +179,7 @@ func (r *ReplicatedOrchestrator) addTasks(ctx context.Context, batch *store.Batc
 		}
 
 		err := batch.Update(func(tx store.Tx) error {
-			return store.CreateTask(tx, newTask(r.cluster, service, slot))
+			return store.CreateTask(tx, newTask(r.cluster, service, slot, ""))
 		})
 		if err != nil {
 			log.G(ctx).Errorf("Failed to create task: %v", err)

vendor/src/github.com/docker/swarmkit/manager/orchestrator/updater.go

@@ -180,7 +180,7 @@ func (u *Updater) Run(ctx context.Context, slots []slot) {
 
 	if service.Spec.Update != nil {
 		failureAction = service.Spec.Update.FailureAction
-		allowedFailureFraction = service.Spec.Update.AllowedFailureFraction
+		allowedFailureFraction = service.Spec.Update.MaxFailureRatio
 
 		if service.Spec.Update.Monitor != nil {
 			var err error
@@ -331,11 +331,11 @@ func (u *Updater) worker(ctx context.Context, queue <-chan slot) {
 				log.G(ctx).WithError(err).Error("update failed")
 			}
 		} else {
-			updated := newTask(u.cluster, u.newService, slot[0].Slot)
-			updated.DesiredState = api.TaskStateReady
+			updated := newTask(u.cluster, u.newService, slot[0].Slot, "")
 			if isGlobalService(u.newService) {
-				updated.NodeID = slot[0].NodeID
+				updated = newTask(u.cluster, u.newService, slot[0].Slot, slot[0].NodeID)
 			}
+			updated.DesiredState = api.TaskStateReady
 
 			if err := u.updateTask(ctx, slot, updated); err != nil {
 				log.G(ctx).WithError(err).WithField("task.id", updated.ID).Error("update failed")

vendor/src/github.com/docker/swarmkit/manager/state/raft/raft.go

@@ -1,7 +1,6 @@
 package raft
 
 import (
-	"errors"
 	"fmt"
 	"math"
 	"math/rand"
@@ -32,6 +31,7 @@ import (
 	"github.com/docker/swarmkit/manager/state/watch"
 	"github.com/gogo/protobuf/proto"
 	"github.com/pivotal-golang/clock"
+	"github.com/pkg/errors"
 )
 
 var (
@@ -862,13 +862,13 @@ func (n *Node) getLeaderConn() (*grpc.ClientConn, error) {
 	}
 	l := n.cluster.GetMember(leader)
 	if l == nil {
-		return nil, fmt.Errorf("no leader found")
+		return nil, errors.New("no leader found")
 	}
 	if !n.cluster.Active(leader) {
-		return nil, fmt.Errorf("leader marked as inactive")
+		return nil, errors.New("leader marked as inactive")
 	}
 	if l.Conn == nil {
-		return nil, fmt.Errorf("no connection to leader in member list")
+		return nil, errors.New("no connection to leader in member list")
 	}
 	return l.Conn, nil
 }

vendor/src/github.com/docker/swarmkit/manager/state/raft/storage.go

@@ -1,7 +1,6 @@
 package raft
 
 import (
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -20,32 +19,62 @@ import (
 	"github.com/docker/swarmkit/log"
 	"github.com/docker/swarmkit/manager/state/raft/membership"
 	"github.com/docker/swarmkit/manager/state/store"
+	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
 var errNoWAL = errors.New("no WAL present")
 
-func (n *Node) walDir() string {
+func (n *Node) legacyWALDir() string {
 	return filepath.Join(n.StateDir, "wal")
 }
 
-func (n *Node) snapDir() string {
+func (n *Node) walDir() string {
+	return filepath.Join(n.StateDir, "wal-v3")
+}
+
+func (n *Node) legacySnapDir() string {
 	return filepath.Join(n.StateDir, "snap")
 }
 
+func (n *Node) snapDir() string {
+	return filepath.Join(n.StateDir, "snap-v3")
+}
+
 func (n *Node) loadAndStart(ctx context.Context, forceNewCluster bool) error {
 	walDir := n.walDir()
 	snapDir := n.snapDir()
 
-	if err := os.MkdirAll(snapDir, 0700); err != nil {
-		return fmt.Errorf("create snapshot directory error: %v", err)
+	if !fileutil.Exist(snapDir) {
+		// If snapshots created by the etcd-v2 code exist, hard link
+		// them at the new path. This prevents etc-v2 creating
+		// snapshots that are visible to us, but out of sync with our
+		// WALs, after a downgrade.
+		legacySnapDir := n.legacySnapDir()
+		if fileutil.Exist(legacySnapDir) {
+			if err := migrateSnapshots(legacySnapDir, snapDir); err != nil {
+				return err
+			}
+		} else if err := os.MkdirAll(snapDir, 0700); err != nil {
+			return errors.Wrap(err, "failed to create snapshot directory")
+		}
 	}
 
 	// Create a snapshotter
 	n.snapshotter = snap.New(snapDir)
 
 	if !wal.Exist(walDir) {
-		return errNoWAL
+		// If wals created by the etcd-v2 wal code exist, copy them to
+		// the new path to avoid adding backwards-incompatible entries
+		// to those files.
+		legacyWALDir := n.legacyWALDir()
+		if !wal.Exist(legacyWALDir) {
+			return errNoWAL
+		}
+
+		if err := migrateWALs(legacyWALDir, walDir); err != nil {
+			return err
+		}
 	}
 
 	// Load snapshot data
@@ -69,6 +98,93 @@ func (n *Node) loadAndStart(ctx context.Context, forceNewCluster bool) error {
 	return nil
 }
 
+func migrateWALs(legacyWALDir, walDir string) error {
+	// keep temporary wal directory so WAL initialization appears atomic
+	tmpdirpath := filepath.Clean(walDir) + ".tmp"
+	if fileutil.Exist(tmpdirpath) {
+		if err := os.RemoveAll(tmpdirpath); err != nil {
+			return errors.Wrap(err, "could not remove temporary WAL directory")
+		}
+	}
+	if err := fileutil.CreateDirAll(tmpdirpath); err != nil {
+		return errors.Wrap(err, "could not create temporary WAL directory")
+	}
+
+	walNames, err := fileutil.ReadDir(legacyWALDir)
+	if err != nil {
+		return errors.Wrapf(err, "could not list WAL directory %s", legacyWALDir)
+	}
+
+	for _, fname := range walNames {
+		_, err := copyFile(filepath.Join(legacyWALDir, fname), filepath.Join(tmpdirpath, fname), 0600)
+		if err != nil {
+			return errors.Wrap(err, "error copying WAL file")
+		}
+	}
+
+	if err := os.Rename(tmpdirpath, walDir); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func migrateSnapshots(legacySnapDir, snapDir string) error {
+	// use temporary snaphot directory so initialization appears atomic
+	tmpdirpath := filepath.Clean(snapDir) + ".tmp"
+	if fileutil.Exist(tmpdirpath) {
+		if err := os.RemoveAll(tmpdirpath); err != nil {
+			return errors.Wrap(err, "could not remove temporary snapshot directory")
+		}
+	}
+	if err := fileutil.CreateDirAll(tmpdirpath); err != nil {
+		return errors.Wrap(err, "could not create temporary snapshot directory")
+	}
+
+	snapshotNames, err := fileutil.ReadDir(legacySnapDir)
+	if err != nil {
+		return errors.Wrapf(err, "could not list snapshot directory %s", legacySnapDir)
+	}
+
+	for _, fname := range snapshotNames {
+		err := os.Link(filepath.Join(legacySnapDir, fname), filepath.Join(tmpdirpath, fname))
+		if err != nil {
+			return errors.Wrap(err, "error linking snapshot file")
+		}
+	}
+
+	if err := os.Rename(tmpdirpath, snapDir); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// copyFile copies from src to dst until either EOF is reached
+// on src or an error occurs. It verifies src exists and removes
+// the dst if it exists.
+func copyFile(src, dst string, perm os.FileMode) (int64, error) {
+	cleanSrc := filepath.Clean(src)
+	cleanDst := filepath.Clean(dst)
+	if cleanSrc == cleanDst {
+		return 0, nil
+	}
+	sf, err := os.Open(cleanSrc)
+	if err != nil {
+		return 0, err
+	}
+	defer sf.Close()
+	if err := os.Remove(cleanDst); err != nil && !os.IsNotExist(err) {
+		return 0, err
+	}
+	df, err := os.OpenFile(cleanDst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, perm)
+	if err != nil {
+		return 0, err
+	}
+	defer df.Close()
+	return io.Copy(df, sf)
+}
+
 func (n *Node) createWAL(nodeID string) (raft.Peer, error) {
 	raftNode := &api.RaftMember{
 		RaftID: n.Config.ID,
@@ -77,11 +193,11 @@ func (n *Node) createWAL(nodeID string) (raft.Peer, error) {
 	}
 	metadata, err := raftNode.Marshal()
 	if err != nil {
-		return raft.Peer{}, fmt.Errorf("error marshalling raft node: %v", err)
+		return raft.Peer{}, errors.Wrap(err, "error marshalling raft node")
 	}
 	n.wal, err = wal.Create(n.walDir(), metadata)
 	if err != nil {
-		return raft.Peer{}, fmt.Errorf("create WAL error: %v", err)
+		return raft.Peer{}, errors.Wrap(err, "failed to create WAL")
 	}
 
 	n.cluster.AddMember(&membership.Member{RaftMember: raftNode})
@@ -128,7 +244,7 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 	repaired := false
 	for {
 		if n.wal, err = wal.Open(n.walDir(), walsnap); err != nil {
-			return fmt.Errorf("open WAL error: %v", err)
+			return errors.Wrap(err, "failed to open WAL")
 		}
 		if metadata, st, ents, err = n.wal.ReadAll(); err != nil {
 			if err := n.wal.Close(); err != nil {
@@ -136,12 +252,12 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 			}
 			// we can only repair ErrUnexpectedEOF and we never repair twice.
 			if repaired || err != io.ErrUnexpectedEOF {
-				return fmt.Errorf("read WAL error (%v) and cannot be repaired", err)
+				return errors.Wrap(err, "irreparable WAL error")
 			}
 			if !wal.Repair(n.walDir()) {
-				return fmt.Errorf("WAL error (%v) cannot be repaired", err)
+				return errors.Wrap(err, "WAL error cannot be repaired")
 			}
-			log.G(ctx).Infof("repaired WAL error (%v)", err)
+			log.G(ctx).WithError(err).Info("repaired WAL error")
 			repaired = true
 			continue
 		}
@@ -151,14 +267,14 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 	defer func() {
 		if err != nil {
 			if walErr := n.wal.Close(); walErr != nil {
-				n.Config.Logger.Errorf("error closing raft WAL: %v", walErr)
+				log.G(ctx).WithError(walErr).Error("error closing raft WAL")
 			}
 		}
 	}()
 
 	var raftNode api.RaftMember
 	if err := raftNode.Unmarshal(metadata); err != nil {
-		return fmt.Errorf("error unmarshalling WAL metadata: %v", err)
+		return errors.Wrap(err, "failed to unmarshal WAL metadata")
 	}
 	n.Config.ID = raftNode.RaftID
 
@@ -170,7 +286,7 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 		if ent.Index <= st.Commit && ent.Type == raftpb.EntryConfChange {
 			var cc raftpb.ConfChange
 			if err := cc.Unmarshal(ent.Data); err != nil {
-				return fmt.Errorf("error unmarshalling config change: %v", err)
+				return errors.Wrap(err, "failed to unmarshal config change")
 			}
 			if cc.Type == raftpb.ConfChangeRemoveNode {
 				n.cluster.RemoveMember(cc.NodeID)
@@ -182,7 +298,7 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 		// discard the previously uncommitted entries
 		for i, ent := range ents {
 			if ent.Index > st.Commit {
-				log.G(context.Background()).Infof("discarding %d uncommitted WAL entries ", len(ents)-i)
+				log.G(ctx).Infof("discarding %d uncommitted WAL entries ", len(ents)-i)
 				ents = ents[:i]
 				break
 			}
@@ -200,7 +316,7 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 			if ccEnt.Type == raftpb.EntryConfChange {
 				var cc raftpb.ConfChange
 				if err := cc.Unmarshal(ccEnt.Data); err != nil {
-					return fmt.Errorf("error unmarshalling force-new-cluster config change: %v", err)
+					return errors.Wrap(err, "error unmarshalling force-new-cluster config change")
 				}
 				if cc.Type == raftpb.ConfChangeRemoveNode {
 					n.cluster.RemoveMember(cc.NodeID)
@@ -212,7 +328,7 @@ func (n *Node) readWAL(ctx context.Context, snapshot *raftpb.Snapshot, forceNewC
 		// force commit newly appended entries
 		err := n.wal.Save(st, toAppEnts)
 		if err != nil {
-			log.G(context.Background()).Fatalf("%v", err)
+			log.G(ctx).WithError(err).Fatalf("failed to save WAL while forcing new cluster")
 		}
 		if len(toAppEnts) != 0 {
 			st.Commit = toAppEnts[len(toAppEnts)-1].Index
@@ -311,7 +427,7 @@ func (n *Node) saveSnapshot(snapshot raftpb.Snapshot, keepOldSnapshots uint64) e
 	var snapTerm, snapIndex uint64
 	_, err = fmt.Sscanf(oldestSnapshot, "%016x-%016x.snap", &snapTerm, &snapIndex)
 	if err != nil {
-		return fmt.Errorf("malformed snapshot filename %s: %v", oldestSnapshot, err)
+		return errors.Wrapf(err, "malformed snapshot filename %s", oldestSnapshot)
 	}
 
 	// List the WALs
@@ -337,7 +453,7 @@ func (n *Node) saveSnapshot(snapshot raftpb.Snapshot, keepOldSnapshots uint64) e
 		var walSeq, walIndex uint64
 		_, err = fmt.Sscanf(walName, "%016x-%016x.wal", &walSeq, &walIndex)
 		if err != nil {
-			return fmt.Errorf("could not parse WAL name %s: %v", walName, err)
+			return errors.Wrapf(err, "could not parse WAL name %s", walName)
 		}
 
 		if walIndex >= snapIndex {
@@ -357,12 +473,12 @@ func (n *Node) saveSnapshot(snapshot raftpb.Snapshot, keepOldSnapshots uint64) e
 		walPath := filepath.Join(n.walDir(), wals[i])
 		l, err := fileutil.TryLockFile(walPath, os.O_WRONLY, fileutil.PrivateFileMode)
 		if err != nil {
-			return fmt.Errorf("could not lock old WAL file %s for removal: %v", wals[i], err)
+			return errors.Wrapf(err, "could not lock old WAL file %s for removal", wals[i])
 		}
 		err = os.Remove(walPath)
 		l.Close()
 		if err != nil {
-			return fmt.Errorf("error removing old WAL file %s: %v", wals[i], err)
+			return errors.Wrapf(err, "error removing old WAL file %s", wals[i])
 		}
 	}
 

vendor/src/github.com/docker/swarmkit/manager/state/store/tasks.go

@@ -112,6 +112,26 @@ func init() {
 	})
 }
 
+// TaskName returns the task name from Annotations.Name,
+// and, in case Annotations.Name is missing, fallback
+// to construct the name from othere information.
+func TaskName(t *api.Task) string {
+	name := t.Annotations.Name
+	if name == "" {
+		// If Task name is not assigned then calculated name is used like before.
+		// This might be removed in the future.
+		// We use the following scheme for Task name:
+		// Name := <ServiceAnnotations.Name>.<Slot>.<TaskID> (replicated mode)
+		//      := <ServiceAnnotations.Name>.<NodeID>.<TaskID> (global mode)
+		if t.Slot != 0 {
+			name = fmt.Sprintf("%v.%v.%v", t.ServiceAnnotations.Name, t.Slot, t.ID)
+		} else {
+			name = fmt.Sprintf("%v.%v.%v", t.ServiceAnnotations.Name, t.NodeID, t.ID)
+		}
+	}
+	return name
+}
+
 type taskEntry struct {
 	*api.Task
 }
@@ -225,12 +245,7 @@ func (ti taskIndexerByName) FromObject(obj interface{}) (bool, []byte, error) {
 		panic("unexpected type passed to FromObject")
 	}
 
-	name := t.Annotations.Name
-	if name == "" {
-		// If Task name is not assigned then calculated name is used like before.
-		// This might be removed in the future.
-		name = fmt.Sprintf("%v.%v.%v", t.ServiceAnnotations.Name, t.Slot, t.Task.ID)
-	}
+	name := TaskName(t.Task)
 
 	// Add the null character as a terminator
 	return true, []byte(strings.ToLower(name) + "\x00"), nil