Replace secrets with join tokens

Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121

Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.

Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>

integration-cli/docker_cli_swarm_test.go

@@ -25,50 +25,13 @@ func (s *DockerSwarmSuite) TestSwarmUpdate(c *check.C) {
 		return sw[0].Spec
 	}
 
-	out, err := d.Cmd("swarm", "update", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s", "--auto-accept", "manager", "--auto-accept", "worker", "--secret", "foo")
+	out, err := d.Cmd("swarm", "update", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
 
 	spec := getSpec()
 	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
 	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, uint64(11*time.Second))
 
-	c.Assert(spec.AcceptancePolicy.Policies, checker.HasLen, 2)
-
-	for _, p := range spec.AcceptancePolicy.Policies {
-		c.Assert(p.Autoaccept, checker.Equals, true)
-		c.Assert(p.Secret, checker.NotNil)
-		c.Assert(*p.Secret, checker.Not(checker.Equals), "")
-	}
-
-	out, err = d.Cmd("swarm", "update", "--auto-accept", "none")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
-
-	spec = getSpec()
-	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
-	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, uint64(11*time.Second))
-
-	c.Assert(spec.AcceptancePolicy.Policies, checker.HasLen, 2)
-
-	for _, p := range spec.AcceptancePolicy.Policies {
-		c.Assert(p.Autoaccept, checker.Equals, false)
-		// secret is still set
-		c.Assert(p.Secret, checker.NotNil)
-		c.Assert(*p.Secret, checker.Not(checker.Equals), "")
-	}
-
-	out, err = d.Cmd("swarm", "update", "--auto-accept", "manager", "--secret", "")
-	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
-
-	spec = getSpec()
-
-	c.Assert(spec.AcceptancePolicy.Policies, checker.HasLen, 2)
-
-	for _, p := range spec.AcceptancePolicy.Policies {
-		c.Assert(p.Autoaccept, checker.Equals, p.Role == swarm.NodeRoleManager)
-		// secret has been removed
-		c.Assert(p.Secret, checker.IsNil)
-	}
-
 	// setting anything under 30m for cert-expiry is not allowed
 	out, err = d.Cmd("swarm", "update", "--cert-expiry", "15m")
 	c.Assert(err, checker.NotNil)
@@ -89,37 +52,21 @@ func (s *DockerSwarmSuite) TestSwarmInit(c *check.C) {
 		return sw[0].Spec
 	}
 
-	out, err := d.Cmd("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s", "--auto-accept", "manager", "--auto-accept", "worker", "--secret", "foo")
+	out, err := d.Cmd("swarm", "init", "--cert-expiry", "30h", "--dispatcher-heartbeat", "11s")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
 
 	spec := getSpec()
 	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 30*time.Hour)
 	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, uint64(11*time.Second))
 
-	c.Assert(spec.AcceptancePolicy.Policies, checker.HasLen, 2)
-
-	for _, p := range spec.AcceptancePolicy.Policies {
-		c.Assert(p.Autoaccept, checker.Equals, true)
-		c.Assert(p.Secret, checker.NotNil)
-		c.Assert(*p.Secret, checker.Not(checker.Equals), "")
-	}
-
 	c.Assert(d.Leave(true), checker.IsNil)
 
-	out, err = d.Cmd("swarm", "init", "--auto-accept", "none", "--secret", "")
+	out, err = d.Cmd("swarm", "init")
 	c.Assert(err, checker.IsNil, check.Commentf("out: %v", out))
 
 	spec = getSpec()
 	c.Assert(spec.CAConfig.NodeCertExpiry, checker.Equals, 90*24*time.Hour)
 	c.Assert(spec.Dispatcher.HeartbeatPeriod, checker.Equals, uint64(5*time.Second))
-
-	c.Assert(spec.AcceptancePolicy.Policies, checker.HasLen, 2)
-
-	for _, p := range spec.AcceptancePolicy.Policies {
-		c.Assert(p.Autoaccept, checker.Equals, false)
-		c.Assert(p.Secret, checker.IsNil)
-	}
-
 }
 
 func (s *DockerSwarmSuite) TestSwarmInitIPv6(c *check.C) {