@@ -6,7 +6,8 @@ import (

 	"net/http"

 	"github.com/docker/distribution/reference"

-	enginetypes "github.com/docker/docker/api/types"

+	"github.com/docker/docker/api/types"

+	"github.com/docker/docker/api/types/registry"

 	"github.com/docker/docker/api/types/swarm/runtime"

 	"github.com/docker/docker/errdefs"

 	"github.com/docker/docker/plugin"

@@ -41,11 +42,11 @@ type Controller struct {

 // Backend is the interface for interacting with the plugin manager

 // Controller actions are passed to the configured backend to do the real work.

 type Backend interface {

-	Disable(name string, config *enginetypes.PluginDisableConfig) error

-	Enable(name string, config *enginetypes.PluginEnableConfig) error

-	Remove(name string, config *enginetypes.PluginRmConfig) error

-	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error

-	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error

+	Disable(name string, config *types.PluginDisableConfig) error

+	Enable(name string, config *types.PluginEnableConfig) error

+	Remove(name string, config *types.PluginRmConfig) error

+	Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error

+	Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) error

 	Get(name string) (*v2.Plugin, error)

 	SubscribeEvents(buffer int, events ...plugin.Event) (eventCh <-chan interface{}, cancel func())

 }

@@ -96,7 +97,7 @@ func (p *Controller) Prepare(ctx context.Context) (err error) {

 		p.spec.Name = remote.String()

 	}

-	var authConfig enginetypes.AuthConfig

+	var authConfig registry.AuthConfig

 	privs := convertPrivileges(p.spec.Privileges)

 	pl, err := p.backend.Get(p.spec.Name)

@@ -112,7 +113,7 @@ func (p *Controller) Prepare(ctx context.Context) (err error) {

 			return errors.Errorf("plugin already exists: %s", p.spec.Name)

 		}

 		if pl.IsEnabled() {

-			if err := p.backend.Disable(pl.GetID(), &enginetypes.PluginDisableConfig{ForceDisable: true}); err != nil {

+			if err := p.backend.Disable(pl.GetID(), &types.PluginDisableConfig{ForceDisable: true}); err != nil {

 				p.logger.WithError(err).Debug("could not disable plugin before running upgrade")

 			}

 		}

@@ -143,12 +144,12 @@ func (p *Controller) Start(ctx context.Context) error {

 	if p.spec.Disabled {

 		if pl.IsEnabled() {

-			return p.backend.Disable(p.pluginID, &enginetypes.PluginDisableConfig{ForceDisable: false})

+			return p.backend.Disable(p.pluginID, &types.PluginDisableConfig{ForceDisable: false})

 		}

 		return nil

 	}

 	if !pl.IsEnabled() {

-		return p.backend.Enable(p.pluginID, &enginetypes.PluginEnableConfig{Timeout: 30})

+		return p.backend.Enable(p.pluginID, &types.PluginEnableConfig{Timeout: 30})

 	}

 	return nil

 }

@@ -232,7 +233,7 @@ func (p *Controller) Remove(ctx context.Context) error {

 	// This may error because we have exactly 1 plugin, but potentially multiple

 	// tasks which are calling remove.

-	err = p.backend.Remove(p.pluginID, &enginetypes.PluginRmConfig{ForceRemove: true})

+	err = p.backend.Remove(p.pluginID, &types.PluginRmConfig{ForceRemove: true})

 	if isNotFound(err) {

 		return nil

 	}

@@ -245,10 +246,10 @@ func (p *Controller) Close() error {

 	return nil

 }

-func convertPrivileges(ls []*runtime.PluginPrivilege) enginetypes.PluginPrivileges {

-	var out enginetypes.PluginPrivileges

+func convertPrivileges(ls []*runtime.PluginPrivilege) types.PluginPrivileges {

+	var out types.PluginPrivileges

 	for _, p := range ls {

-		pp := enginetypes.PluginPrivilege{

+		pp := types.PluginPrivilege{

 			Name:        p.Name,

 			Description: p.Description,

 			Value:       p.Value,

@@ -10,7 +10,8 @@ import (

 	"time"

 	"github.com/docker/distribution/reference"

-	enginetypes "github.com/docker/docker/api/types"

+	"github.com/docker/docker/api/types"

+	"github.com/docker/docker/api/types/registry"

 	"github.com/docker/docker/api/types/swarm/runtime"

 	"github.com/docker/docker/pkg/pubsub"

 	"github.com/docker/docker/plugin"

@@ -341,27 +342,27 @@ type mockBackend struct {

 	pub *pubsub.Publisher

 }

-func (m *mockBackend) Disable(name string, config *enginetypes.PluginDisableConfig) error {

+func (m *mockBackend) Disable(name string, config *types.PluginDisableConfig) error {

 	m.p.PluginObj.Enabled = false

 	m.pub.Publish(plugin.EventDisable{})

 	return nil

 }

-func (m *mockBackend) Enable(name string, config *enginetypes.PluginEnableConfig) error {

+func (m *mockBackend) Enable(name string, config *types.PluginEnableConfig) error {

 	m.p.PluginObj.Enabled = true

 	m.pub.Publish(plugin.EventEnable{})

 	return nil

 }

-func (m *mockBackend) Remove(name string, config *enginetypes.PluginRmConfig) error {

+func (m *mockBackend) Remove(name string, config *types.PluginRmConfig) error {

 	m.p = nil

 	m.pub.Publish(plugin.EventRemove{})

 	return nil

 }

-func (m *mockBackend) Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error {

+func (m *mockBackend) Pull(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer, opts ...plugin.CreateOpt) error {

 	m.p = &v2.Plugin{

-		PluginObj: enginetypes.Plugin{

+		PluginObj: types.Plugin{

 			ID:              "1234",

 			Name:            name,

 			PluginReference: ref.String(),

@@ -370,7 +371,7 @@ func (m *mockBackend) Pull(ctx context.Context, ref reference.Named, name string

 	return nil

 }

-func (m *mockBackend) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *enginetypes.AuthConfig, privileges enginetypes.PluginPrivileges, outStream io.Writer) error {

+func (m *mockBackend) Upgrade(ctx context.Context, ref reference.Named, name string, metaHeaders http.Header, authConfig *registry.AuthConfig, privileges types.PluginPrivileges, outStream io.Writer) error {

 	m.p.PluginObj.PluginReference = pluginTestRemoteUpgrade

 	return nil

 }

@@ -13,7 +13,8 @@ import (

 	"github.com/docker/docker/api/types/events"

 	"github.com/docker/docker/api/types/filters"

 	"github.com/docker/docker/api/types/network"

-	swarmtypes "github.com/docker/docker/api/types/swarm"

+	"github.com/docker/docker/api/types/registry"

+	"github.com/docker/docker/api/types/swarm"

 	"github.com/docker/docker/api/types/volume"

 	containerpkg "github.com/docker/docker/container"

 	clustertypes "github.com/docker/docker/daemon/cluster/provider"

@@ -48,8 +49,8 @@ type Backend interface {

 	ContainerRm(name string, config *types.ContainerRmConfig) error

 	ContainerKill(name string, sig string) error

 	SetContainerDependencyStore(name string, store exec.DependencyGetter) error

-	SetContainerSecretReferences(name string, refs []*swarmtypes.SecretReference) error

-	SetContainerConfigReferences(name string, refs []*swarmtypes.ConfigReference) error

+	SetContainerSecretReferences(name string, refs []*swarm.SecretReference) error

+	SetContainerConfigReferences(name string, refs []*swarm.ConfigReference) error

 	SystemInfo() *types.Info

 	Containers(config *types.ContainerListOptions) ([]*types.Container, error)

 	SetNetworkBootstrapKeys([]*networktypes.EncryptionKey) error

@@ -73,7 +74,7 @@ type VolumeBackend interface {

 // ImageBackend is used by an executor to perform image operations

 type ImageBackend interface {

-	PullImage(ctx context.Context, image, tag string, platform *specs.Platform, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error

-	GetRepository(context.Context, reference.Named, *types.AuthConfig) (distribution.Repository, error)

+	PullImage(ctx context.Context, image, tag string, platform *specs.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error

+	GetRepository(context.Context, reference.Named, *registry.AuthConfig) (distribution.Repository, error)

 	GetImage(refOrID string, platform *specs.Platform) (retImg *image.Image, retErr error)

 }

@@ -16,6 +16,7 @@ import (

 	"github.com/docker/docker/api/types/backend"

 	containertypes "github.com/docker/docker/api/types/container"

 	"github.com/docker/docker/api/types/events"

+	"github.com/docker/docker/api/types/registry"

 	containerpkg "github.com/docker/docker/container"

 	"github.com/docker/docker/daemon"

 	"github.com/docker/docker/daemon/cluster/convert"

@@ -87,7 +88,7 @@ func (c *containerAdapter) pullImage(ctx context.Context) error {

 		encodedAuthConfig = spec.PullOptions.RegistryAuth

 	}

-	authConfig := &types.AuthConfig{}

+	authConfig := &registry.AuthConfig{}

 	if encodedAuthConfig != "" {

 		if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuthConfig))).Decode(authConfig); err != nil {

 			logrus.Warnf("invalid authconfig: %v", err)

@@ -12,9 +12,10 @@ import (

 	"time"

 	"github.com/docker/distribution/reference"

-	apitypes "github.com/docker/docker/api/types"

+	"github.com/docker/docker/api/types"

 	"github.com/docker/docker/api/types/backend"

-	types "github.com/docker/docker/api/types/swarm"

+	"github.com/docker/docker/api/types/registry"

+	"github.com/docker/docker/api/types/swarm"

 	timetypes "github.com/docker/docker/api/types/time"

 	"github.com/docker/docker/daemon/cluster/convert"

 	"github.com/docker/docker/errdefs"

@@ -27,7 +28,7 @@ import (

 )

 // GetServices returns all services of a managed swarm cluster.

-func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Service, error) {

+func (c *Cluster) GetServices(options types.ServiceListOptions) ([]swarm.Service, error) {

 	c.mu.RLock()

 	defer c.mu.RUnlock()

@@ -53,7 +54,7 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv

 	if len(options.Filters.Get("runtime")) == 0 {

 		// Default to using the container runtime filter

-		options.Filters.Add("runtime", string(types.RuntimeContainer))

+		options.Filters.Add("runtime", string(swarm.RuntimeContainer))

 	}

 	filters := &swarmapi.ListServicesRequest_Filters{

@@ -75,7 +76,7 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv

 		return nil, err

 	}

-	services := make([]types.Service, 0, len(r.Services))

+	services := make([]swarm.Service, 0, len(r.Services))

 	// if the  user requests the service statuses, we'll store the IDs needed

 	// in this slice

@@ -132,9 +133,9 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv

 		// result would be quadratic. instead, make a mapping of service IDs to

 		// service statuses so that this is roughly linear. additionally,

 		// convert the status response to an engine api service status here.

-		serviceMap := map[string]*types.ServiceStatus{}

+		serviceMap := map[string]*swarm.ServiceStatus{}

 		for _, status := range resp.Statuses {

-			serviceMap[status.ServiceID] = &types.ServiceStatus{

+			serviceMap[status.ServiceID] = &swarm.ServiceStatus{

 				RunningTasks:   status.RunningTasks,

 				DesiredTasks:   status.DesiredTasks,

 				CompletedTasks: status.CompletedTasks,

@@ -159,7 +160,7 @@ func (c *Cluster) GetServices(options apitypes.ServiceListOptions) ([]types.Serv

 }

 // GetService returns a service based on an ID or name.

-func (c *Cluster) GetService(input string, insertDefaults bool) (types.Service, error) {

+func (c *Cluster) GetService(input string, insertDefaults bool) (swarm.Service, error) {

 	var service *swarmapi.Service

 	if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {

 		s, err := getService(ctx, state.controlClient, input, insertDefaults)

@@ -169,18 +170,18 @@ func (c *Cluster) GetService(input string, insertDefaults bool) (types.Service,

 		service = s

 		return nil

 	}); err != nil {

-		return types.Service{}, err

+		return swarm.Service{}, err

 	}

 	svc, err := convert.ServiceFromGRPC(*service)

 	if err != nil {

-		return types.Service{}, err

+		return swarm.Service{}, err

 	}

 	return svc, nil

 }

 // CreateService creates a new service in a managed swarm cluster.

-func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string, queryRegistry bool) (*apitypes.ServiceCreateResponse, error) {

-	var resp *apitypes.ServiceCreateResponse

+func (c *Cluster) CreateService(s swarm.ServiceSpec, encodedAuth string, queryRegistry bool) (*types.ServiceCreateResponse, error) {

+	var resp *types.ServiceCreateResponse

 	err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {

 		err := c.populateNetworkID(ctx, state.controlClient, &s)

 		if err != nil {

@@ -192,17 +193,17 @@ func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string, queryRe

 			return errdefs.InvalidParameter(err)

 		}

-		resp = &apitypes.ServiceCreateResponse{}

+		resp = &types.ServiceCreateResponse{}

 		switch serviceSpec.Task.Runtime.(type) {

 		case *swarmapi.TaskSpec_Attachment:

-			return fmt.Errorf("invalid task spec: spec type %q not supported", types.RuntimeNetworkAttachment)

+			return fmt.Errorf("invalid task spec: spec type %q not supported", swarm.RuntimeNetworkAttachment)

 		// handle other runtimes here

 		case *swarmapi.TaskSpec_Generic:

 			switch serviceSpec.Task.GetGeneric().Kind {

-			case string(types.RuntimePlugin):

+			case string(swarm.RuntimePlugin):

 				if !c.config.Backend.HasExperimental() {

-					return fmt.Errorf("runtime type %q only supported in experimental", types.RuntimePlugin)

+					return fmt.Errorf("runtime type %q only supported in experimental", swarm.RuntimePlugin)

 				}

 				if s.TaskTemplate.PluginSpec == nil {

 					return errors.New("plugin spec must be set")

@@ -228,7 +229,7 @@ func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string, queryRe

 			}

 			// retrieve auth config from encoded auth

-			authConfig := &apitypes.AuthConfig{}

+			authConfig := &registry.AuthConfig{}

 			if encodedAuth != "" {

 				authReader := strings.NewReader(encodedAuth)

 				dec := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, authReader))

@@ -282,8 +283,8 @@ func (c *Cluster) CreateService(s types.ServiceSpec, encodedAuth string, queryRe

 }

 // UpdateService updates existing service to match new properties.

-func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec types.ServiceSpec, flags apitypes.ServiceUpdateOptions, queryRegistry bool) (*apitypes.ServiceUpdateResponse, error) {

-	var resp *apitypes.ServiceUpdateResponse

+func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec swarm.ServiceSpec, flags types.ServiceUpdateOptions, queryRegistry bool) (*types.ServiceUpdateResponse, error) {

+	var resp *types.ServiceUpdateResponse

 	err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error {

@@ -302,14 +303,14 @@ func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec typ

 			return err

 		}

-		resp = &apitypes.ServiceUpdateResponse{}

+		resp = &types.ServiceUpdateResponse{}

 		switch serviceSpec.Task.Runtime.(type) {

 		case *swarmapi.TaskSpec_Attachment:

-			return fmt.Errorf("invalid task spec: spec type %q not supported", types.RuntimeNetworkAttachment)

+			return fmt.Errorf("invalid task spec: spec type %q not supported", swarm.RuntimeNetworkAttachment)

 		case *swarmapi.TaskSpec_Generic:

 			switch serviceSpec.Task.GetGeneric().Kind {

-			case string(types.RuntimePlugin):

+			case string(swarm.RuntimePlugin):

 				if spec.TaskTemplate.PluginSpec == nil {

 					return errors.New("plugin spec must be set")

 				}

@@ -328,9 +329,9 @@ func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec typ

 				// shouldn't lose it, and continue to use the one that was already present

 				var ctnr *swarmapi.ContainerSpec

 				switch flags.RegistryAuthFrom {

-				case apitypes.RegistryAuthFromSpec, "":

+				case types.RegistryAuthFromSpec, "":

 					ctnr = currentService.Spec.Task.GetContainer()

-				case apitypes.RegistryAuthFromPreviousSpec:

+				case types.RegistryAuthFromPreviousSpec:

 					if currentService.PreviousSpec == nil {

 						return errors.New("service does not have a previous spec")

 					}

@@ -349,7 +350,7 @@ func (c *Cluster) UpdateService(serviceIDOrName string, version uint64, spec typ

 			}

 			// retrieve auth config from encoded auth

-			authConfig := &apitypes.AuthConfig{}

+			authConfig := &registry.AuthConfig{}

 			if encodedAuth != "" {

 				if err := json.NewDecoder(base64.NewDecoder(base64.URLEncoding, strings.NewReader(encodedAuth))).Decode(authConfig); err != nil {

 					logrus.Warnf("invalid authconfig: %v", err)

@@ -425,7 +426,7 @@ func (c *Cluster) RemoveService(input string) error {

 }

 // ServiceLogs collects service logs and writes them back to `config.OutStream`

-func (c *Cluster) ServiceLogs(ctx context.Context, selector *backend.LogSelector, config *apitypes.ContainerLogsOptions) (<-chan *backend.LogMessage, error) {

+func (c *Cluster) ServiceLogs(ctx context.Context, selector *backend.LogSelector, config *types.ContainerLogsOptions) (<-chan *backend.LogMessage, error) {

 	c.mu.RLock()

 	defer c.mu.RUnlock()

@@ -612,7 +613,7 @@ func convertSelector(ctx context.Context, cc swarmapi.ControlClient, selector *b

 // imageWithDigestString takes an image such as name or name:tag

 // and returns the image pinned to a digest, such as name@sha256:34234

-func (c *Cluster) imageWithDigestString(ctx context.Context, image string, authConfig *apitypes.AuthConfig) (string, error) {

+func (c *Cluster) imageWithDigestString(ctx context.Context, image string, authConfig *registry.AuthConfig) (string, error) {

 	ref, err := reference.ParseAnyReference(image)

 	if err != nil {

 		return "", err