Merge pull request #64482 from ericchiang/exec-plugin-beta

Automatic merge from submit-queue (batch tested with PRs 63453, 64592, 64482, 64618, 64661). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

client-go: promote exec plugin support to beta

/sig auth
/kind feature

Adds a "v1beta1" API group for client authentication. Because of a lack of usage with the input parameters, these have been dropped for the beta. Would like to re-introduce them as users feel they require them.

updates https://github.com/kubernetes/kubernetes/issues/61796

```release-note
client-go: credential exec plugins have been promoted to beta
```

Kubernetes-commit: 819d51567f82c27ba3b7cde5b4cb3bb59c0550b6

Godeps/Godeps.json

@@ -268,323 +268,323 @@
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/imagepolicy/v1alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "5204d3828432611e41488a8042bc1d16a7c12e05"
+			"Rev": "cfe4a76edf6d17ea00c8b47fabf55edfa5f6c994"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing/fuzzer",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/testing/roundtrip",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "c3bfbaf8b18d67a795cc73475c511440d4b4de8d"
+			"Rev": "b9ec873992e49038c7612555e75cd092844d429f"
 		},
 		{
 			"ImportPath": "k8s.io/kube-openapi/pkg/util/proto",

pkg/apis/clientauthentication/v1beta1/conversion.go

@@ -0,0 +1,26 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
+)
+
+func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
+	return nil
+}

pkg/apis/clientauthentication/v1beta1/doc.go

@@ -0,0 +1,23 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package
+// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication
+// +k8s:openapi-gen=true
+// +k8s:defaulter-gen=TypeMeta
+
+// +groupName=client.authentication.k8s.io
+package v1beta1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"

pkg/apis/clientauthentication/v1beta1/register.go

@@ -0,0 +1,55 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name use in this package
+const GroupName = "client.authentication.k8s.io"
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&ExecCredential{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/apis/clientauthentication/v1beta1/types.go

@@ -0,0 +1,59 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ExecCredentials is used by exec-based plugins to communicate credentials to
+// HTTP transports.
+type ExecCredential struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// Spec holds information passed to the plugin by the transport. This contains
+	// request and runtime specific information, such as if the session is interactive.
+	Spec ExecCredentialSpec `json:"spec,omitempty"`
+
+	// Status is filled in by the plugin and holds the credentials that the transport
+	// should use to contact the API.
+	// +optional
+	Status *ExecCredentialStatus `json:"status,omitempty"`
+}
+
+// ExecCredenitalSpec holds request and runtime specific information provided by
+// the transport.
+type ExecCredentialSpec struct{}
+
+// ExecCredentialStatus holds credentials for the transport to use.
+//
+// Token and ClientKeyData are sensitive fields. This data should only be
+// transmitted in-memory between client and exec plugin process. Exec plugin
+// itself should at least be protected via file permissions.
+type ExecCredentialStatus struct {
+	// ExpirationTimestamp indicates a time when the provided credentials expire.
+	// +optional
+	ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"`
+	// Token is a bearer token used by the client for request authentication.
+	Token string `json:"token,omitempty"`
+	// PEM-encoded client TLS certificates (including intermediates, if any).
+	ClientCertificateData string `json:"clientCertificateData,omitempty"`
+	// PEM-encoded private key for the above certificate.
+	ClientKeyData string `json:"clientKeyData,omitempty"`
+}

pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go

@@ -0,0 +1,114 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by conversion-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	unsafe "unsafe"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
+)
+
+func init() {
+	localSchemeBuilder.Register(RegisterConversions)
+}
+
+// RegisterConversions adds conversion functions to the given scheme.
+// Public to allow building arbitrary schemes.
+func RegisterConversions(scheme *runtime.Scheme) error {
+	return scheme.AddGeneratedConversionFuncs(
+		Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential,
+		Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential,
+		Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec,
+		Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec,
+		Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus,
+		Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus,
+	)
+}
+
+func autoConvert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
+	if err := Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status))
+	return nil
+}
+
+// Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function.
+func Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
+	return autoConvert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s)
+}
+
+func autoConvert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
+	if err := Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status))
+	return nil
+}
+
+// Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential is an autogenerated conversion function.
+func Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
+	return autoConvert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in, out, s)
+}
+
+func autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
+	return nil
+}
+
+// Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function.
+func Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
+	return autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s)
+}
+
+func autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
+	// WARNING: in.Response requires manual conversion: does not exist in peer-type
+	// WARNING: in.Interactive requires manual conversion: does not exist in peer-type
+	return nil
+}
+
+func autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
+	out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
+	out.Token = in.Token
+	out.ClientCertificateData = in.ClientCertificateData
+	out.ClientKeyData = in.ClientKeyData
+	return nil
+}
+
+// Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function.
+func Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
+	return autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s)
+}
+
+func autoConvert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
+	out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
+	out.Token = in.Token
+	out.ClientCertificateData = in.ClientCertificateData
+	out.ClientKeyData = in.ClientKeyData
+	return nil
+}
+
+// Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus is an autogenerated conversion function.
+func Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
+	return autoConvert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in, out, s)
+}

pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,100 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	out.Spec = in.Spec
+	if in.Status != nil {
+		in, out := &in.Status, &out.Status
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(ExecCredentialStatus)
+			(*in).DeepCopyInto(*out)
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
+func (in *ExecCredential) DeepCopy() *ExecCredential {
+	if in == nil {
+		return nil
+	}
+	out := new(ExecCredential)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ExecCredential) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
+func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ExecCredentialSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
+	*out = *in
+	if in.ExpirationTimestamp != nil {
+		in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = (*in).DeepCopy()
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
+func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ExecCredentialStatus)
+	in.DeepCopyInto(out)
+	return out
+}

pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go

@@ -0,0 +1,32 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by defaulter-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// RegisterDefaults adds defaulters functions to the given scheme.
+// Public to allow building arbitrary schemes.
+// All generated defaulters are covering - they call all nested defaulters.
+func RegisterDefaults(scheme *runtime.Scheme) error {
+	return nil
+}

plugin/pkg/client/auth/exec/exec.go

@@ -38,6 +38,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 	"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
+	"k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/transport"
 	"k8s.io/client-go/util/connrotation"
@@ -51,6 +52,7 @@ var codecs = serializer.NewCodecFactory(scheme)
 func init() {
 	v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
 	v1alpha1.AddToScheme(scheme)
+	v1beta1.AddToScheme(scheme)
 	clientauthentication.AddToScheme(scheme)
 }
 
@@ -61,6 +63,7 @@ var (
 	// The list of API versions we accept.
 	apiVersions = map[string]schema.GroupVersion{
 		v1alpha1.SchemeGroupVersion.String(): v1alpha1.SchemeGroupVersion,
+		v1beta1.SchemeGroupVersion.String():  v1beta1.SchemeGroupVersion,
 	}
 )
 
@@ -294,13 +297,18 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err
 		},
 	}
 
-	data, err := runtime.Encode(codecs.LegacyCodec(a.group), cred)
-	if err != nil {
-		return fmt.Errorf("encode ExecCredentials: %v", err)
-	}
-
 	env := append(a.environ(), a.env...)
-	env = append(env, fmt.Sprintf("%s=%s", execInfoEnv, data))
+	if a.group == v1alpha1.SchemeGroupVersion {
+		// Input spec disabled for beta due to lack of use. Possibly re-enable this later if
+		// someone wants it back.
+		//
+		// See: https://github.com/kubernetes/kubernetes/issues/61796
+		data, err := runtime.Encode(codecs.LegacyCodec(a.group), cred)
+		if err != nil {
+			return fmt.Errorf("encode ExecCredentials: %v", err)
+		}
+		env = append(env, fmt.Sprintf("%s=%s", execInfoEnv, data))
+	}
 
 	stdout := &bytes.Buffer{}
 	cmd := exec.Command(a.cmd, a.args...)

plugin/pkg/client/auth/exec/exec_test.go

@@ -380,6 +380,72 @@ func TestRefreshCreds(t *testing.T) {
 			}`, certData),
 			wantErr: true,
 		},
+		{
+			name: "beta-basic-request",
+			config: api.ExecConfig{
+				APIVersion: "client.authentication.k8s.io/v1beta1",
+			},
+			output: `{
+				"kind": "ExecCredential",
+				"apiVersion": "client.authentication.k8s.io/v1beta1",
+				"status": {
+					"token": "foo-bar"
+				}
+			}`,
+			wantCreds: credentials{token: "foo-bar"},
+		},
+		{
+			name: "beta-expiry",
+			config: api.ExecConfig{
+				APIVersion: "client.authentication.k8s.io/v1beta1",
+			},
+			output: `{
+				"kind": "ExecCredential",
+				"apiVersion": "client.authentication.k8s.io/v1beta1",
+				"status": {
+					"token": "foo-bar",
+					"expirationTimestamp": "2006-01-02T15:04:05Z"
+				}
+			}`,
+			wantExpiry: time.Date(2006, 01, 02, 15, 04, 05, 0, time.UTC),
+			wantCreds:  credentials{token: "foo-bar"},
+		},
+		{
+			name: "beta-no-group-version",
+			config: api.ExecConfig{
+				APIVersion: "client.authentication.k8s.io/v1beta1",
+			},
+			output: `{
+				"kind": "ExecCredential",
+				"status": {
+					"token": "foo-bar"
+				}
+			}`,
+			wantErr: true,
+		},
+		{
+			name: "beta-no-status",
+			config: api.ExecConfig{
+				APIVersion: "client.authentication.k8s.io/v1beta1",
+			},
+			output: `{
+				"kind": "ExecCredential",
+				"apiVersion":"client.authentication.k8s.io/v1beta1"
+			}`,
+			wantErr: true,
+		},
+		{
+			name: "beta-no-token",
+			config: api.ExecConfig{
+				APIVersion: "client.authentication.k8s.io/v1beta1",
+			},
+			output: `{
+				"kind": "ExecCredential",
+				"apiVersion":"client.authentication.k8s.io/v1beta1",
+				"status": {}
+			}`,
+			wantErr: true,
+		},
 	}
 
 	for _, test := range tests {
@@ -420,6 +486,13 @@ func TestRefreshCreds(t *testing.T) {
 				t.Errorf("expected expiry %v got %v", test.wantExpiry, a.exp)
 			}
 
+			if test.wantInput == "" {
+				if got := strings.TrimSpace(stderr.String()); got != "" {
+					t.Errorf("expected no input parameters, got %q", got)
+				}
+				return
+			}
+
 			compJSON(t, stderr.Bytes(), []byte(test.wantInput))
 		})
 	}

rest/transport.go

@@ -18,6 +18,7 @@ package rest
 
 import (
 	"crypto/tls"
+	"errors"
 	"net/http"
 
 	"k8s.io/client-go/plugin/pkg/client/auth/exec"
@@ -83,6 +84,11 @@ func (c *Config) TransportConfig() (*transport.Config, error) {
 		},
 		Dial: c.Dial,
 	}
+
+	if c.ExecProvider != nil && c.AuthProvider != nil {
+		return nil, errors.New("execProvider and authProvider cannot be used in combination")
+	}
+
 	if c.ExecProvider != nil {
 		provider, err := exec.GetAuthenticator(c.ExecProvider)
 		if err != nil {