Move deps from _workspace/ to vendor/

godep restore
pushd $GOPATH/src/github.com/appc/spec
git co master
popd
go get go4.org/errorutil
rm -rf Godeps
godep save ./...
git add vendor
git add -f $(git ls-files --other vendor/)
git co -- Godeps/LICENSES Godeps/.license_file_state Godeps/OWNERS

vendor/github.com/mesos/mesos-go/auth/callback/interface.go

@@ -0,0 +1,28 @@
+package callback
+
+import (
+	"fmt"
+)
+
+type Unsupported struct {
+	Callback Interface
+}
+
+func (uc *Unsupported) Error() string {
+	return fmt.Sprintf("Unsupported callback <%T>: %v", uc.Callback, uc.Callback)
+}
+
+type Interface interface {
+	// marker interface
+}
+
+type Handler interface {
+	// may return an Unsupported error on failure
+	Handle(callbacks ...Interface) error
+}
+
+type HandlerFunc func(callbacks ...Interface) error
+
+func (f HandlerFunc) Handle(callbacks ...Interface) error {
+	return f(callbacks...)
+}

vendor/github.com/mesos/mesos-go/auth/callback/interprocess.go

@@ -0,0 +1,27 @@
+package callback
+
+import (
+	"github.com/mesos/mesos-go/upid"
+)
+
+type Interprocess struct {
+	client upid.UPID
+	server upid.UPID
+}
+
+func NewInterprocess() *Interprocess {
+	return &Interprocess{}
+}
+
+func (cb *Interprocess) Client() upid.UPID {
+	return cb.client
+}
+
+func (cb *Interprocess) Server() upid.UPID {
+	return cb.server
+}
+
+func (cb *Interprocess) Set(server, client upid.UPID) {
+	cb.server = server
+	cb.client = client
+}

vendor/github.com/mesos/mesos-go/auth/callback/name.go

@@ -0,0 +1,17 @@
+package callback
+
+type Name struct {
+	name string
+}
+
+func NewName() *Name {
+	return &Name{}
+}
+
+func (cb *Name) Get() string {
+	return cb.name
+}
+
+func (cb *Name) Set(name string) {
+	cb.name = name
+}

vendor/github.com/mesos/mesos-go/auth/callback/password.go

@@ -0,0 +1,20 @@
+package callback
+
+type Password struct {
+	password []byte
+}
+
+func NewPassword() *Password {
+	return &Password{}
+}
+
+func (cb *Password) Get() []byte {
+	clone := make([]byte, len(cb.password))
+	copy(clone, cb.password)
+	return clone
+}
+
+func (cb *Password) Set(password []byte) {
+	cb.password = make([]byte, len(password))
+	copy(cb.password, password)
+}

vendor/github.com/mesos/mesos-go/auth/interface.go

@@ -0,0 +1,63 @@
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+
+	log "github.com/golang/glog"
+	"github.com/mesos/mesos-go/auth/callback"
+	"golang.org/x/net/context"
+)
+
+// SPI interface: login provider implementations support this interface, clients
+// do not authenticate against this directly, instead they should use Login()
+type Authenticatee interface {
+	// Returns no errors if successfully authenticated, otherwise a single
+	// error.
+	Authenticate(ctx context.Context, handler callback.Handler) error
+}
+
+// Func adapter for interface: allow func's to implement the Authenticatee interface
+// as long as the func signature matches
+type AuthenticateeFunc func(ctx context.Context, handler callback.Handler) error
+
+func (f AuthenticateeFunc) Authenticate(ctx context.Context, handler callback.Handler) error {
+	return f(ctx, handler)
+}
+
+var (
+	// Authentication was attempted and failed (likely due to incorrect credentials, too
+	// many retries within a time window, etc). Distinctly different from authentication
+	// errors (e.g. network errors, configuration errors, etc).
+	AuthenticationFailed = errors.New("authentication failed")
+
+	authenticateeProviders = make(map[string]Authenticatee) // authentication providers dict
+	providerLock           sync.Mutex
+)
+
+// Register an authentication provider (aka "login provider"). packages that
+// provide Authenticatee implementations should invoke this func in their
+// init() to register.
+func RegisterAuthenticateeProvider(name string, auth Authenticatee) (err error) {
+	providerLock.Lock()
+	defer providerLock.Unlock()
+
+	if _, found := authenticateeProviders[name]; found {
+		err = fmt.Errorf("authentication provider already registered: %v", name)
+	} else {
+		authenticateeProviders[name] = auth
+		log.V(1).Infof("registered authentication provider: %v", name)
+	}
+	return
+}
+
+// Look up an authentication provider by name, returns non-nil and true if such
+// a provider is found.
+func getAuthenticateeProvider(name string) (provider Authenticatee, ok bool) {
+	providerLock.Lock()
+	defer providerLock.Unlock()
+
+	provider, ok = authenticateeProviders[name]
+	return
+}

vendor/github.com/mesos/mesos-go/auth/login.go

@@ -0,0 +1,100 @@
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/mesos/mesos-go/auth/callback"
+	"github.com/mesos/mesos-go/upid"
+	"golang.org/x/net/context"
+)
+
+var (
+	// No login provider name has been specified in a context.Context
+	NoLoginProviderName = errors.New("missing login provider name in context")
+)
+
+// Main client entrypoint into the authentication APIs: clients are expected to
+// invoke this func with a context containing a login provider name value.
+// This may be written as:
+//     providerName := ...  // the user has probably configured this via some flag
+//     handler := ...  // handlers provide data like usernames and passwords
+//     ctx := ...  // obtain some initial or timed context
+//     err := auth.Login(auth.WithLoginProvider(ctx, providerName), handler)
+func Login(ctx context.Context, handler callback.Handler) error {
+	name, ok := LoginProviderFrom(ctx)
+	if !ok {
+		return NoLoginProviderName
+	}
+	provider, ok := getAuthenticateeProvider(name)
+	if !ok {
+		return fmt.Errorf("unrecognized login provider name in context: %s", name)
+	}
+	return provider.Authenticate(ctx, handler)
+}
+
+// Unexported key type, avoids conflicts with other context-using packages. All
+// context items registered from this package should use keys of this type.
+type loginKeyType int
+
+const (
+	// name of login provider to use
+	loginProviderNameKey loginKeyType = iota
+
+	// upid.UPID of some parent process
+	parentUpidKey
+
+	// time.Duration that limits the overall duration of an auth attempt
+	timeoutKey
+)
+
+// Return a context that inherits all values from the parent ctx and specifies
+// the login provider name given here. Intended to be invoked before calls to
+// Login().
+func WithLoginProvider(ctx context.Context, providerName string) context.Context {
+	return context.WithValue(ctx, loginProviderNameKey, providerName)
+}
+
+// Return the name of the login provider specified in this context.
+func LoginProviderFrom(ctx context.Context) (name string, ok bool) {
+	name, ok = ctx.Value(loginProviderNameKey).(string)
+	return
+}
+
+// Return the name of the login provider specified in this context, or empty
+// string if none.
+func LoginProvider(ctx context.Context) string {
+	name, _ := LoginProviderFrom(ctx)
+	return name
+}
+
+func WithParentUPID(ctx context.Context, pid upid.UPID) context.Context {
+	return context.WithValue(ctx, parentUpidKey, pid)
+}
+
+func ParentUPIDFrom(ctx context.Context) (pid upid.UPID, ok bool) {
+	pid, ok = ctx.Value(parentUpidKey).(upid.UPID)
+	return
+}
+
+func ParentUPID(ctx context.Context) (upid *upid.UPID) {
+	if upid, ok := ParentUPIDFrom(ctx); ok {
+		return &upid
+	}
+	return nil
+}
+
+func TimeoutFrom(ctx context.Context) (d time.Duration, ok bool) {
+	d, ok = ctx.Value(timeoutKey).(time.Duration)
+	return
+}
+
+func Timeout(ctx context.Context) (d time.Duration) {
+	d, _ = TimeoutFrom(ctx)
+	return
+}
+
+func WithTimeout(ctx context.Context, d time.Duration) context.Context {
+	return context.WithValue(ctx, timeoutKey, d)
+}

vendor/github.com/mesos/mesos-go/auth/sasl/authenticatee.go

@@ -0,0 +1,358 @@
+package sasl
+
+import (
+	"errors"
+	"fmt"
+	"sync/atomic"
+
+	"github.com/gogo/protobuf/proto"
+	log "github.com/golang/glog"
+	"github.com/mesos/mesos-go/auth"
+	"github.com/mesos/mesos-go/auth/callback"
+	"github.com/mesos/mesos-go/auth/sasl/mech"
+	mesos "github.com/mesos/mesos-go/mesosproto"
+	"github.com/mesos/mesos-go/mesosutil/process"
+	"github.com/mesos/mesos-go/messenger"
+	"github.com/mesos/mesos-go/upid"
+	"golang.org/x/net/context"
+)
+
+var (
+	UnexpectedAuthenticationMechanisms = errors.New("Unexpected authentication 'mechanisms' received")
+	UnexpectedAuthenticationStep       = errors.New("Unexpected authentication 'step' received")
+	UnexpectedAuthenticationCompleted  = errors.New("Unexpected authentication 'completed' received")
+	UnexpectedAuthenticatorPid         = errors.New("Unexpected authentator pid") // authenticator pid changed mid-process
+	UnsupportedMechanism               = errors.New("failed to identify a compatible mechanism")
+)
+
+type statusType int32
+
+const (
+	statusReady statusType = iota
+	statusStarting
+	statusStepping
+	_statusTerminal // meta status, should never be assigned: all status types following are "terminal"
+	statusCompleted
+	statusFailed
+	statusError
+	statusDiscarded
+
+	// this login provider name is automatically registered with the auth package; see init()
+	ProviderName = "SASL"
+)
+
+type authenticateeProcess struct {
+	transport messenger.Messenger
+	client    upid.UPID
+	status    statusType
+	done      chan struct{}
+	err       error
+	mech      mech.Interface
+	stepFn    mech.StepFunc
+	from      *upid.UPID
+	handler   callback.Handler
+}
+
+type authenticateeConfig struct {
+	client    upid.UPID // pid of the client we're attempting to authenticate
+	handler   callback.Handler
+	transport messenger.Messenger // mesos communications transport
+}
+
+type transportFactory interface {
+	makeTransport() messenger.Messenger
+}
+
+type transportFactoryFunc func() messenger.Messenger
+
+func (f transportFactoryFunc) makeTransport() messenger.Messenger {
+	return f()
+}
+
+func init() {
+	factory := func(ctx context.Context) transportFactoryFunc {
+		return transportFactoryFunc(func() messenger.Messenger {
+			parent := auth.ParentUPID(ctx)
+			if parent == nil {
+				log.Fatal("expected to have a parent UPID in context")
+			}
+			process := process.New("sasl_authenticatee")
+			tpid := upid.UPID{
+				ID:   process.Label(),
+				Host: parent.Host,
+			}
+			return messenger.NewHttpWithBindingAddress(tpid, BindingAddressFrom(ctx))
+		})
+	}
+	delegate := auth.AuthenticateeFunc(func(ctx context.Context, handler callback.Handler) error {
+		if impl, err := makeAuthenticatee(handler, factory(ctx)); err != nil {
+			return err
+		} else {
+			return impl.Authenticate(ctx, handler)
+		}
+	})
+	if err := auth.RegisterAuthenticateeProvider(ProviderName, delegate); err != nil {
+		log.Error(err)
+	}
+}
+
+func (s *statusType) get() statusType {
+	return statusType(atomic.LoadInt32((*int32)(s)))
+}
+
+func (s *statusType) swap(old, new statusType) bool {
+	return old != new && atomic.CompareAndSwapInt32((*int32)(s), int32(old), int32(new))
+}
+
+// build a new authenticatee implementation using the given callbacks and a new transport instance
+func makeAuthenticatee(handler callback.Handler, factory transportFactory) (auth.Authenticatee, error) {
+
+	ip := callback.NewInterprocess()
+	if err := handler.Handle(ip); err != nil {
+		return nil, err
+	}
+	config := &authenticateeConfig{
+		client:    ip.Client(),
+		handler:   handler,
+		transport: factory.makeTransport(),
+	}
+	return auth.AuthenticateeFunc(func(ctx context.Context, handler callback.Handler) error {
+		ctx, auth := newAuthenticatee(ctx, config)
+		auth.authenticate(ctx, ip.Server())
+
+		select {
+		case <-ctx.Done():
+			return auth.discard(ctx)
+		case <-auth.done:
+			return auth.err
+		}
+	}), nil
+}
+
+// Terminate the authentication process upon context cancellation;
+// only to be called if/when ctx.Done() has been signalled.
+func (self *authenticateeProcess) discard(ctx context.Context) error {
+	err := ctx.Err()
+	status := statusFrom(ctx)
+	for ; status < _statusTerminal; status = (&self.status).get() {
+		if self.terminate(status, statusDiscarded, err) {
+			break
+		}
+	}
+	return err
+}
+
+func newAuthenticatee(ctx context.Context, config *authenticateeConfig) (context.Context, *authenticateeProcess) {
+	initialStatus := statusReady
+	proc := &authenticateeProcess{
+		transport: config.transport,
+		client:    config.client,
+		handler:   config.handler,
+		status:    initialStatus,
+		done:      make(chan struct{}),
+	}
+	ctx = withStatus(ctx, initialStatus)
+	err := proc.installHandlers(ctx)
+	if err == nil {
+		err = proc.startTransport()
+	}
+	if err != nil {
+		proc.terminate(initialStatus, statusError, err)
+	}
+	return ctx, proc
+}
+
+func (self *authenticateeProcess) startTransport() error {
+	if err := self.transport.Start(); err != nil {
+		return err
+	} else {
+		go func() {
+			// stop the authentication transport upon termination of the
+			// authenticator process
+			select {
+			case <-self.done:
+				log.V(2).Infof("stopping authenticator transport: %v", self.transport.UPID())
+				self.transport.Stop()
+			}
+		}()
+	}
+	return nil
+}
+
+// returns true when handlers are installed without error, otherwise terminates the
+// authentication process.
+func (self *authenticateeProcess) installHandlers(ctx context.Context) error {
+
+	type handlerFn func(ctx context.Context, from *upid.UPID, pbMsg proto.Message)
+
+	withContext := func(f handlerFn) messenger.MessageHandler {
+		return func(from *upid.UPID, m proto.Message) {
+			status := (&self.status).get()
+			if self.from != nil && !self.from.Equal(from) {
+				self.terminate(status, statusError, UnexpectedAuthenticatorPid)
+			} else {
+				f(withStatus(ctx, status), from, m)
+			}
+		}
+	}
+
+	// Anticipate mechanisms and steps from the server
+	handlers := []struct {
+		f handlerFn
+		m proto.Message
+	}{
+		{self.mechanisms, &mesos.AuthenticationMechanismsMessage{}},
+		{self.step, &mesos.AuthenticationStepMessage{}},
+		{self.completed, &mesos.AuthenticationCompletedMessage{}},
+		{self.failed, &mesos.AuthenticationFailedMessage{}},
+		{self.errored, &mesos.AuthenticationErrorMessage{}},
+	}
+	for _, h := range handlers {
+		if err := self.transport.Install(withContext(h.f), h.m); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// return true if the authentication status was updated (if true, self.done will have been closed)
+func (self *authenticateeProcess) terminate(old, new statusType, err error) bool {
+	if (&self.status).swap(old, new) {
+		self.err = err
+		if self.mech != nil {
+			self.mech.Discard()
+		}
+		close(self.done)
+		return true
+	}
+	return false
+}
+
+func (self *authenticateeProcess) authenticate(ctx context.Context, pid upid.UPID) {
+	status := statusFrom(ctx)
+	if status != statusReady {
+		return
+	}
+	message := &mesos.AuthenticateMessage{
+		Pid: proto.String(self.client.String()),
+	}
+	if err := self.transport.Send(ctx, &pid, message); err != nil {
+		self.terminate(status, statusError, err)
+	} else {
+		(&self.status).swap(status, statusStarting)
+	}
+}
+
+func (self *authenticateeProcess) mechanisms(ctx context.Context, from *upid.UPID, pbMsg proto.Message) {
+	status := statusFrom(ctx)
+	if status != statusStarting {
+		self.terminate(status, statusError, UnexpectedAuthenticationMechanisms)
+		return
+	}
+
+	msg, ok := pbMsg.(*mesos.AuthenticationMechanismsMessage)
+	if !ok {
+		self.terminate(status, statusError, fmt.Errorf("Expected AuthenticationMechanismsMessage, not %T", pbMsg))
+		return
+	}
+
+	mechanisms := msg.GetMechanisms()
+	log.Infof("Received SASL authentication mechanisms: %v", mechanisms)
+
+	selectedMech, factory := mech.SelectSupported(mechanisms)
+	if selectedMech == "" {
+		self.terminate(status, statusError, UnsupportedMechanism)
+		return
+	}
+
+	if m, f, err := factory(self.handler); err != nil {
+		self.terminate(status, statusError, err)
+		return
+	} else {
+		self.mech = m
+		self.stepFn = f
+		self.from = from
+	}
+
+	// execute initialization step...
+	nextf, data, err := self.stepFn(self.mech, nil)
+	if err != nil {
+		self.terminate(status, statusError, err)
+		return
+	} else {
+		self.stepFn = nextf
+	}
+
+	message := &mesos.AuthenticationStartMessage{
+		Mechanism: proto.String(selectedMech),
+		Data:      data, // may be nil, depends on init step
+	}
+
+	if err := self.transport.Send(ctx, from, message); err != nil {
+		self.terminate(status, statusError, err)
+	} else {
+		(&self.status).swap(status, statusStepping)
+	}
+}
+
+func (self *authenticateeProcess) step(ctx context.Context, from *upid.UPID, pbMsg proto.Message) {
+	status := statusFrom(ctx)
+	if status != statusStepping {
+		self.terminate(status, statusError, UnexpectedAuthenticationStep)
+		return
+	}
+
+	log.Info("Received SASL authentication step")
+
+	msg, ok := pbMsg.(*mesos.AuthenticationStepMessage)
+	if !ok {
+		self.terminate(status, statusError, fmt.Errorf("Expected AuthenticationStepMessage, not %T", pbMsg))
+		return
+	}
+
+	input := msg.GetData()
+	fn, output, err := self.stepFn(self.mech, input)
+
+	if err != nil {
+		self.terminate(status, statusError, fmt.Errorf("failed to perform authentication step: %v", err))
+		return
+	}
+	self.stepFn = fn
+
+	// We don't start the client with SASL_SUCCESS_DATA so we may
+	// need to send one more "empty" message to the server.
+	message := &mesos.AuthenticationStepMessage{}
+	if len(output) > 0 {
+		message.Data = output
+	}
+	if err := self.transport.Send(ctx, from, message); err != nil {
+		self.terminate(status, statusError, err)
+	}
+}
+
+func (self *authenticateeProcess) completed(ctx context.Context, from *upid.UPID, pbMsg proto.Message) {
+	status := statusFrom(ctx)
+	if status != statusStepping {
+		self.terminate(status, statusError, UnexpectedAuthenticationCompleted)
+		return
+	}
+
+	log.Info("Authentication success")
+	self.terminate(status, statusCompleted, nil)
+}
+
+func (self *authenticateeProcess) failed(ctx context.Context, from *upid.UPID, pbMsg proto.Message) {
+	status := statusFrom(ctx)
+	self.terminate(status, statusFailed, auth.AuthenticationFailed)
+}
+
+func (self *authenticateeProcess) errored(ctx context.Context, from *upid.UPID, pbMsg proto.Message) {
+	var err error
+	if msg, ok := pbMsg.(*mesos.AuthenticationErrorMessage); !ok {
+		err = fmt.Errorf("Expected AuthenticationErrorMessage, not %T", pbMsg)
+	} else {
+		err = fmt.Errorf("Authentication error: %s", msg.GetError())
+	}
+	status := statusFrom(ctx)
+	self.terminate(status, statusError, err)
+}

vendor/github.com/mesos/mesos-go/auth/sasl/context.go

@@ -0,0 +1,43 @@
+package sasl
+
+import (
+	"net"
+
+	"golang.org/x/net/context"
+)
+
+// unexported to prevent collisions with context keys defined in
+// other packages.
+type _key int
+
+// If this package defined other context keys, they would have
+// different integer values.
+const (
+	statusKey         _key = iota
+	bindingAddressKey      // bind address for login-related network ops
+)
+
+func withStatus(ctx context.Context, s statusType) context.Context {
+	return context.WithValue(ctx, statusKey, s)
+}
+
+func statusFrom(ctx context.Context) statusType {
+	s, ok := ctx.Value(statusKey).(statusType)
+	if !ok {
+		panic("missing status in context")
+	}
+	return s
+}
+
+func WithBindingAddress(ctx context.Context, address net.IP) context.Context {
+	return context.WithValue(ctx, bindingAddressKey, address)
+}
+
+func BindingAddressFrom(ctx context.Context) net.IP {
+	obj := ctx.Value(bindingAddressKey)
+	if addr, ok := obj.(net.IP); ok {
+		return addr
+	} else {
+		return nil
+	}
+}

vendor/github.com/mesos/mesos-go/auth/sasl/mech/crammd5/mechanism.go

@@ -0,0 +1,72 @@
+package crammd5
+
+import (
+	"crypto/hmac"
+	"crypto/md5"
+	"encoding/hex"
+	"errors"
+	"io"
+
+	log "github.com/golang/glog"
+	"github.com/mesos/mesos-go/auth/callback"
+	"github.com/mesos/mesos-go/auth/sasl/mech"
+)
+
+var (
+	Name = "CRAM-MD5" // name this mechanism is registered with
+
+	//TODO(jdef) is this a generic SASL error? if so, move it up to mech
+	challengeDataRequired = errors.New("challenge data may not be empty")
+)
+
+func init() {
+	mech.Register(Name, newInstance)
+}
+
+type mechanism struct {
+	handler callback.Handler
+}
+
+func (m *mechanism) Handler() callback.Handler {
+	return m.handler
+}
+
+func (m *mechanism) Discard() {
+	// noop
+}
+
+func newInstance(h callback.Handler) (mech.Interface, mech.StepFunc, error) {
+	m := &mechanism{
+		handler: h,
+	}
+	fn := func(m mech.Interface, data []byte) (mech.StepFunc, []byte, error) {
+		// noop: no initialization needed
+		return challengeResponse, nil, nil
+	}
+	return m, fn, nil
+}
+
+// algorithm lifted from wikipedia: http://en.wikipedia.org/wiki/CRAM-MD5
+// except that the SASL mechanism used by Mesos doesn't leverage base64 encoding
+func challengeResponse(m mech.Interface, data []byte) (mech.StepFunc, []byte, error) {
+	if len(data) == 0 {
+		return mech.IllegalState, nil, challengeDataRequired
+	}
+	decoded := string(data)
+	log.V(4).Infof("challenge(decoded): %s", decoded) // for deep debugging only
+
+	username := callback.NewName()
+	secret := callback.NewPassword()
+
+	if err := m.Handler().Handle(username, secret); err != nil {
+		return mech.IllegalState, nil, err
+	}
+	hash := hmac.New(md5.New, secret.Get())
+	if _, err := io.WriteString(hash, decoded); err != nil {
+		return mech.IllegalState, nil, err
+	}
+
+	codes := hex.EncodeToString(hash.Sum(nil))
+	msg := username.Get() + " " + codes
+	return nil, []byte(msg), nil
+}

vendor/github.com/mesos/mesos-go/auth/sasl/mech/interface.go

@@ -0,0 +1,33 @@
+package mech
+
+import (
+	"errors"
+
+	"github.com/mesos/mesos-go/auth/callback"
+)
+
+var (
+	IllegalStateErr = errors.New("illegal mechanism state")
+)
+
+type Interface interface {
+	Handler() callback.Handler
+	Discard() // clean up resources or sensitive information; idempotent
+}
+
+// return a mechanism and it's initialization step (may be a noop that returns
+// a nil data blob and handle to the first "real" challenge step).
+type Factory func(h callback.Handler) (Interface, StepFunc, error)
+
+// StepFunc implementations should never return a nil StepFunc result. This
+// helps keep the logic in the SASL authticatee simpler: step functions are
+// never nil. Mechanisms that end up an error state (for example, some decoding
+// logic fails...) should return a StepFunc that represents an error state.
+// Some mechanisms may be able to recover from such.
+type StepFunc func(m Interface, data []byte) (StepFunc, []byte, error)
+
+// reflects an unrecoverable, illegal mechanism state; always returns IllegalState
+// as the next step along with an IllegalStateErr
+func IllegalState(m Interface, data []byte) (StepFunc, []byte, error) {
+	return IllegalState, nil, IllegalStateErr
+}

vendor/github.com/mesos/mesos-go/auth/sasl/mech/plugins.go

@@ -0,0 +1,49 @@
+package mech
+
+import (
+	"fmt"
+	"sync"
+
+	log "github.com/golang/glog"
+)
+
+var (
+	mechLock       sync.Mutex
+	supportedMechs = make(map[string]Factory)
+)
+
+func Register(name string, f Factory) error {
+	mechLock.Lock()
+	defer mechLock.Unlock()
+
+	if _, found := supportedMechs[name]; found {
+		return fmt.Errorf("Mechanism registered twice: %s", name)
+	}
+	supportedMechs[name] = f
+	log.V(1).Infof("Registered mechanism %s", name)
+	return nil
+}
+
+func ListSupported() (list []string) {
+	mechLock.Lock()
+	defer mechLock.Unlock()
+
+	for mechname := range supportedMechs {
+		list = append(list, mechname)
+	}
+	return list
+}
+
+func SelectSupported(mechanisms []string) (selectedMech string, factory Factory) {
+	mechLock.Lock()
+	defer mechLock.Unlock()
+
+	for _, m := range mechanisms {
+		if f, ok := supportedMechs[m]; ok {
+			selectedMech = m
+			factory = f
+			break
+		}
+	}
+	return
+}

vendor/github.com/mesos/mesos-go/auth/sasl/mock/mock.go

@@ -0,0 +1,17 @@
+package mock
+
+import (
+	"github.com/gogo/protobuf/proto"
+	mock_messenger "github.com/mesos/mesos-go/messenger/mock"
+	"github.com/mesos/mesos-go/upid"
+	"github.com/stretchr/testify/mock"
+	"golang.org/x/net/context"
+)
+
+type Transport struct {
+	*mock_messenger.Messenger
+}
+
+func (m *Transport) Send(ctx context.Context, upid *upid.UPID, msg proto.Message) error {
+	return m.Called(mock.Anything, upid, msg).Error(0)
+}