Merge pull request #108616 from margocrawf/delete-execcredential-v1alpha1

Remove v1alpha1 of the execcredential
2025-07-22 11:21:47 +00:00 · 2022-03-18 13:57:56 -07:00 · 2022-03-18 13:57:56 -07:00 · b9817c801b
commit b9817c801b
parent cd6af9e64b 38cbe6d7fe
21 changed files with 59 additions and 1079 deletions
--- a/pkg/generated/openapi/zz_generated.openapi.go
+++ b/pkg/generated/openapi/zz_generated.openapi.go
@ -936,10 +936,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1.ExecCredential":                                schema_pkg_apis_clientauthentication_v1_ExecCredential(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1.ExecCredentialSpec":                            schema_pkg_apis_clientauthentication_v1_ExecCredentialSpec(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1.ExecCredentialStatus":                          schema_pkg_apis_clientauthentication_v1_ExecCredentialStatus(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredential":                          schema_pkg_apis_clientauthentication_v1alpha1_ExecCredential(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredentialSpec":                      schema_pkg_apis_clientauthentication_v1alpha1_ExecCredentialSpec(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredentialStatus":                    schema_pkg_apis_clientauthentication_v1alpha1_ExecCredentialStatus(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.Response":                                schema_pkg_apis_clientauthentication_v1alpha1_Response(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1beta1.Cluster":                                  schema_pkg_apis_clientauthentication_v1beta1_Cluster(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1beta1.ExecCredential":                           schema_pkg_apis_clientauthentication_v1beta1_ExecCredential(ref),
 		"k8s.io/client-go/pkg/apis/clientauthentication/v1beta1.ExecCredentialSpec":                       schema_pkg_apis_clientauthentication_v1beta1_ExecCredentialSpec(ref),
@ -46737,161 +46733,6 @@ func schema_pkg_apis_clientauthentication_v1_ExecCredentialStatus(ref common.Ref
 	}
 }
 func schema_pkg_apis_clientauthentication_v1alpha1_ExecCredential(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
 				Description: "ExecCredential is used by exec-based plugins to communicate credentials to HTTP transports.",
 				Type:        []string{"object"},
 				Properties: map[string]spec.Schema{
 					"kind": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 					"apiVersion": {
 						SchemaProps: spec.SchemaProps{
 							Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 					"spec": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Spec holds information passed to the plugin by the transport. This contains request and runtime specific information, such as if the session is interactive.",
 							Default:     map[string]interface{}{},
 							Ref:         ref("k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredentialSpec"),
 						},
 					},
 					"status": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Status is filled in by the plugin and holds the credentials that the transport should use to contact the API.",
 							Ref:         ref("k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredentialStatus"),
 						},
 					},
 				},
 			},
 		},
 		Dependencies: []string{
 			"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredentialSpec", "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.ExecCredentialStatus"},
 	}
 }
 func schema_pkg_apis_clientauthentication_v1alpha1_ExecCredentialSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
 				Description: "ExecCredentialSpec holds request and runtime specific information provided by the transport.",
 				Type:        []string{"object"},
 				Properties: map[string]spec.Schema{
 					"response": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Response is populated when the transport encounters HTTP status codes, such as 401, suggesting previous credentials were invalid.",
 							Ref:         ref("k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.Response"),
 						},
 					},
 					"interactive": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Interactive is true when the transport detects the command is being called from an interactive prompt.",
 							Type:        []string{"boolean"},
 							Format:      "",
 						},
 					},
 				},
 			},
 		},
 		Dependencies: []string{
 			"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1.Response"},
 	}
 }
 func schema_pkg_apis_clientauthentication_v1alpha1_ExecCredentialStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
 				Description: "ExecCredentialStatus holds credentials for the transport to use.\n\nToken and ClientKeyData are sensitive fields. This data should only be transmitted in-memory between client and exec plugin process. Exec plugin itself should at least be protected via file permissions.",
 				Type:        []string{"object"},
 				Properties: map[string]spec.Schema{
 					"expirationTimestamp": {
 						SchemaProps: spec.SchemaProps{
 							Description: "ExpirationTimestamp indicates a time when the provided credentials expire.",
 							Ref:         ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
 						},
 					},
 					"token": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Token is a bearer token used by the client for request authentication.",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 					"clientCertificateData": {
 						SchemaProps: spec.SchemaProps{
 							Description: "PEM-encoded client TLS certificates (including intermediates, if any).",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 					"clientKeyData": {
 						SchemaProps: spec.SchemaProps{
 							Description: "PEM-encoded private key for the above certificate.",
 							Type:        []string{"string"},
 							Format:      "",
 						},
 					},
 				},
 			},
 		},
 		Dependencies: []string{
 			"k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
 	}
 }
 func schema_pkg_apis_clientauthentication_v1alpha1_Response(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
 				Description: "Response defines metadata about a failed request, including HTTP status code and response headers.",
 				Type:        []string{"object"},
 				Properties: map[string]spec.Schema{
 					"header": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Header holds HTTP headers returned by the server.",
 							Type:        []string{"object"},
 							AdditionalProperties: &spec.SchemaOrBool{
 								Allows: true,
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
 										Type: []string{"array"},
 										Items: &spec.SchemaOrArray{
 											Schema: &spec.Schema{
 												SchemaProps: spec.SchemaProps{
 													Default: "",
 													Type:    []string{"string"},
 													Format:  "",
 												},
 											},
 										},
 									},
 								},
 							},
 						},
 					},
 					"code": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Code is the HTTP status code returned by the server.",
 							Type:        []string{"integer"},
 							Format:      "int32",
 						},
 					},
 				},
 			},
 		},
 	}
 }
 func schema_pkg_apis_clientauthentication_v1beta1_Cluster(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/install/install.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/install/install.go
@ -23,7 +23,6 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 	"k8s.io/client-go/pkg/apis/clientauthentication/v1"
 	"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
 	"k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 )
@ -32,5 +31,4 @@ func Install(scheme *runtime.Scheme) {
 	utilruntime.Must(clientauthentication.AddToScheme(scheme))
 	utilruntime.Must(v1.AddToScheme(scheme))
 	utilruntime.Must(v1beta1.AddToScheme(scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme))
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/types.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/types.go
@ -41,11 +41,6 @@ type ExecCredential struct {
 // ExecCredentialSpec holds request and runtime specific information provided by
 // the transport.
 type ExecCredentialSpec struct {
 	// Response is populated when the transport encounters HTTP status codes, such as 401,
 	// suggesting previous credentials were invalid.
 	// +optional
 	Response *Response
 	// Interactive is true when the transport detects the command is being called from an
 	// interactive prompt, i.e., when stdin has been passed to this exec plugin.
 	// +optional
@ -75,15 +70,6 @@ type ExecCredentialStatus struct {
 	ClientKeyData string `datapolicy:"secret-key"`
 }
 // Response defines metadata about a failed request, including HTTP status code and
 // response headers.
 type Response struct {
 	// Headers holds HTTP headers returned by the server.
 	Header map[string][]string
 	// Code is the HTTP status code returned by the server.
 	Code int32
 }
 // Cluster contains information to allow an exec plugin to communicate
 // with the kubernetes cluster being authenticated to.
 //
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1/conversion.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1/conversion.go
@ -1,28 +0,0 @@
 /*
 Copyright 2021 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package v1
 import (
 	"k8s.io/apimachinery/pkg/conversion"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 )
 func Convert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	// This conversion intentionally omits the Response field, which were only
 	// supported in v1alpha1.
 	return autoConvert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in, out, s)
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1/zz_generated.conversion.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1/zz_generated.conversion.go
@ -62,6 +62,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope)
 	}); err != nil {
@ -72,11 +77,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
 	if err := s.AddConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
 	}); err != nil {
 		return err
 	}
 	return nil
 }
@ -160,7 +160,6 @@ func Convert_v1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in
 }
 func autoConvert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	// WARNING: in.Response requires manual conversion: does not exist in peer-type
 	out.Interactive = in.Interactive
 	if in.Cluster != nil {
 		in, out := &in.Cluster, &out.Cluster
@ -174,6 +173,11 @@ func autoConvert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpe
 	return nil
 }
 // Convert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec is an autogenerated conversion function.
 func Convert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	return autoConvert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in, out, s)
 }
 func autoConvert_v1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
 	out.ExpirationTimestamp = (*metav1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
 	out.Token = in.Token
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/conversion.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/conversion.go
@ -1,27 +0,0 @@
 /*
 Copyright 2020 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package v1alpha1
 import (
 	"k8s.io/apimachinery/pkg/conversion"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 )
 func Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	// This conversion intentionally omits the Cluster field which is only supported in newer versions.
 	return autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in, out, s)
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
@ -1,24 +0,0 @@
 /*
 Copyright 2018 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 // +k8s:deepcopy-gen=package
 // +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication
 // +k8s:openapi-gen=true
 // +k8s:defaulter-gen=TypeMeta
 // +groupName=client.authentication.k8s.io
 package v1alpha1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
@ -1,55 +0,0 @@
 /*
 Copyright 2018 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 // GroupName is the group name use in this package
 const GroupName = "client.authentication.k8s.io"
 // SchemeGroupVersion is group version used to register these objects
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
 // Resource takes an unqualified resource and returns a Group qualified GroupResource
 func Resource(resource string) schema.GroupResource {
 	return SchemeGroupVersion.WithResource(resource).GroupResource()
 }
 var (
 	SchemeBuilder      runtime.SchemeBuilder
 	localSchemeBuilder = &SchemeBuilder
 	AddToScheme        = localSchemeBuilder.AddToScheme
 )
 func init() {
 	// We only register manually written functions here. The registration of the
 	// generated functions takes place in the generated files. The separation
 	// makes the code compile even when the generated files are missing.
 	localSchemeBuilder.Register(addKnownTypes)
 }
 func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&ExecCredential{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
@ -1,78 +0,0 @@
 /*
 Copyright 2018 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // ExecCredential is used by exec-based plugins to communicate credentials to
 // HTTP transports.
 type ExecCredential struct {
 	metav1.TypeMeta `json:",inline"`
 	// Spec holds information passed to the plugin by the transport. This contains
 	// request and runtime specific information, such as if the session is interactive.
 	Spec ExecCredentialSpec `json:"spec,omitempty"`
 	// Status is filled in by the plugin and holds the credentials that the transport
 	// should use to contact the API.
 	// +optional
 	Status *ExecCredentialStatus `json:"status,omitempty"`
 }
 // ExecCredentialSpec holds request and runtime specific information provided by
 // the transport.
 type ExecCredentialSpec struct {
 	// Response is populated when the transport encounters HTTP status codes, such as 401,
 	// suggesting previous credentials were invalid.
 	// +optional
 	Response *Response `json:"response,omitempty"`
 	// Interactive is true when the transport detects the command is being called from an
 	// interactive prompt.
 	// +optional
 	Interactive bool `json:"interactive,omitempty"`
 }
 // ExecCredentialStatus holds credentials for the transport to use.
 //
 // Token and ClientKeyData are sensitive fields. This data should only be
 // transmitted in-memory between client and exec plugin process. Exec plugin
 // itself should at least be protected via file permissions.
 type ExecCredentialStatus struct {
 	// ExpirationTimestamp indicates a time when the provided credentials expire.
 	// +optional
 	ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"`
 	// Token is a bearer token used by the client for request authentication.
 	Token string `json:"token,omitempty" datapolicy:"token"`
 	// PEM-encoded client TLS certificates (including intermediates, if any).
 	ClientCertificateData string `json:"clientCertificateData,omitempty"`
 	// PEM-encoded private key for the above certificate.
 	ClientKeyData string `json:"clientKeyData,omitempty" datapolicy:"security-key"`
 }
 // Response defines metadata about a failed request, including HTTP status code and
 // response headers.
 type Response struct {
 	// Header holds HTTP headers returned by the server.
 	Header map[string][]string `json:"header,omitempty"`
 	// Code is the HTTP status code returned by the server.
 	Code int32 `json:"code,omitempty"`
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
@ -1,173 +0,0 @@
 //go:build !ignore_autogenerated
 // +build !ignore_autogenerated
 /*
 Copyright The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 // Code generated by conversion-gen. DO NOT EDIT.
 package v1alpha1
 import (
 	unsafe "unsafe"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
 )
 func init() {
 	localSchemeBuilder.Register(RegisterConversions)
 }
 // RegisterConversions adds conversion functions to the given scheme.
 // Public to allow building arbitrary schemes.
 func RegisterConversions(s *runtime.Scheme) error {
 	if err := s.AddGeneratedConversionFunc((*ExecCredential)(nil), (*clientauthentication.ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(a.(*ExecCredential), b.(*clientauthentication.ExecCredential), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredential)(nil), (*ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(a.(*clientauthentication.ExecCredential), b.(*ExecCredential), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*ExecCredentialSpec)(nil), (*clientauthentication.ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(a.(*ExecCredentialSpec), b.(*clientauthentication.ExecCredentialSpec), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialStatus)(nil), (*ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(a.(*clientauthentication.ExecCredentialStatus), b.(*ExecCredentialStatus), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*Response)(nil), (*clientauthentication.Response)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha1_Response_To_clientauthentication_Response(a.(*Response), b.(*clientauthentication.Response), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*clientauthentication.Response)(nil), (*Response)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_Response_To_v1alpha1_Response(a.(*clientauthentication.Response), b.(*Response), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
 	}); err != nil {
 		return err
 	}
 	return nil
 }
 func autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
 	if err := Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
 		return err
 	}
 	out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status))
 	return nil
 }
 // Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function.
 func Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
 	return autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s)
 }
 func autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
 	if err := Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
 		return err
 	}
 	out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status))
 	return nil
 }
 // Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential is an autogenerated conversion function.
 func Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
 	return autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in, out, s)
 }
 func autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
 	out.Response = (*clientauthentication.Response)(unsafe.Pointer(in.Response))
 	out.Interactive = in.Interactive
 	return nil
 }
 // Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function.
 func Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
 	return autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s)
 }
 func autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	out.Response = (*Response)(unsafe.Pointer(in.Response))
 	out.Interactive = in.Interactive
 	// WARNING: in.Cluster requires manual conversion: does not exist in peer-type
 	return nil
 }
 func autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
 	out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
 	out.Token = in.Token
 	out.ClientCertificateData = in.ClientCertificateData
 	out.ClientKeyData = in.ClientKeyData
 	return nil
 }
 // Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function.
 func Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
 	return autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s)
 }
 func autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
 	out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
 	out.Token = in.Token
 	out.ClientCertificateData = in.ClientCertificateData
 	out.ClientKeyData = in.ClientKeyData
 	return nil
 }
 // Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus is an autogenerated conversion function.
 func Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
 	return autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in, out, s)
 }
 func autoConvert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error {
 	out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header))
 	out.Code = in.Code
 	return nil
 }
 // Convert_v1alpha1_Response_To_clientauthentication_Response is an autogenerated conversion function.
 func Convert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error {
 	return autoConvert_v1alpha1_Response_To_clientauthentication_Response(in, out, s)
 }
 func autoConvert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error {
 	out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header))
 	out.Code = in.Code
 	return nil
 }
 // Convert_clientauthentication_Response_To_v1alpha1_Response is an autogenerated conversion function.
 func Convert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error {
 	return autoConvert_clientauthentication_Response_To_v1alpha1_Response(in, out, s)
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
@ -1,129 +0,0 @@
 //go:build !ignore_autogenerated
 // +build !ignore_autogenerated
 /*
 Copyright The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 // Code generated by deepcopy-gen. DO NOT EDIT.
 package v1alpha1
 import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.Spec.DeepCopyInto(&out.Spec)
 	if in.Status != nil {
 		in, out := &in.Status, &out.Status
 		*out = new(ExecCredentialStatus)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
 func (in *ExecCredential) DeepCopy() *ExecCredential {
 	if in == nil {
 		return nil
 	}
 	out := new(ExecCredential)
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
 func (in *ExecCredential) DeepCopyObject() runtime.Object {
 	if c := in.DeepCopy(); c != nil {
 		return c
 	}
 	return nil
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
 	*out = *in
 	if in.Response != nil {
 		in, out := &in.Response, &out.Response
 		*out = new(Response)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
 func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
 	if in == nil {
 		return nil
 	}
 	out := new(ExecCredentialSpec)
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
 	*out = *in
 	if in.ExpirationTimestamp != nil {
 		in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
 		*out = (*in).DeepCopy()
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
 func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
 	if in == nil {
 		return nil
 	}
 	out := new(ExecCredentialStatus)
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Response) DeepCopyInto(out *Response) {
 	*out = *in
 	if in.Header != nil {
 		in, out := &in.Header, &out.Header
 		*out = make(map[string][]string, len(*in))
 		for key, val := range *in {
 			var outVal []string
 			if val == nil {
 				(*out)[key] = nil
 			} else {
 				in, out := &val, &outVal
 				*out = make([]string, len(*in))
 				copy(*out, *in)
 			}
 			(*out)[key] = outVal
 		}
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.
 func (in *Response) DeepCopy() *Response {
 	if in == nil {
 		return nil
 	}
 	out := new(Response)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
@ -1,33 +0,0 @@
 //go:build !ignore_autogenerated
 // +build !ignore_autogenerated
 /*
 Copyright The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 // Code generated by defaulter-gen. DO NOT EDIT.
 package v1alpha1
 import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 // RegisterDefaults adds defaulters functions to the given scheme.
 // Public to allow building arbitrary schemes.
 // All generated defaulters are covering - they call all nested defaulters.
 func RegisterDefaults(scheme *runtime.Scheme) error {
 	return nil
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go
@ -1,28 +0,0 @@
 /*
 Copyright 2018 The Kubernetes Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package v1beta1
 import (
 	"k8s.io/apimachinery/pkg/conversion"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 )
 func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	// This conversion intentionally omits the Response field, which were only
 	// supported in v1alpha1.
 	return autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in, out, s)
 }
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
@ -62,6 +62,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
 	}); err != nil {
 		return err
 	}
 	if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope)
 	}); err != nil {
@ -72,11 +77,6 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
 	if err := s.AddConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
 	}); err != nil {
 		return err
 	}
 	return nil
 }
@ -160,7 +160,6 @@ func Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSp
 }
 func autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	// WARNING: in.Response requires manual conversion: does not exist in peer-type
 	out.Interactive = in.Interactive
 	if in.Cluster != nil {
 		in, out := &in.Cluster, &out.Cluster
@ -174,6 +173,11 @@ func autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredenti
 	return nil
 }
 // Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec is an autogenerated conversion function.
 func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
 	return autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in, out, s)
 }
 func autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
 	out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
 	out.Token = in.Token
--- a/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
@ -83,11 +83,6 @@ func (in *ExecCredential) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
 	*out = *in
 	if in.Response != nil {
 		in, out := &in.Response, &out.Response
 		*out = new(Response)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Cluster != nil {
 		in, out := &in.Cluster, &out.Cluster
 		*out = new(Cluster)
@ -125,34 +120,3 @@ func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Response) DeepCopyInto(out *Response) {
 	*out = *in
 	if in.Header != nil {
 		in, out := &in.Header, &out.Header
 		*out = make(map[string][]string, len(*in))
 		for key, val := range *in {
 			var outVal []string
 			if val == nil {
 				(*out)[key] = nil
 			} else {
 				in, out := &val, &outVal
 				*out = make([]string, len(*in))
 				copy(*out, *in)
 			}
 			(*out)[key] = outVal
 		}
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.
 func (in *Response) DeepCopy() *Response {
 	if in == nil {
 		return nil
 	}
 	out := new(Response)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
+++ b/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
@ -42,7 +42,6 @@ import (
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 	"k8s.io/client-go/pkg/apis/clientauthentication/install"
 	clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1"
 	clientauthenticationv1alpha1 "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
 	clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/tools/metrics"
@ -73,9 +72,8 @@ var (
 	globalCache = newCache()
 	// The list of API versions we accept.
 	apiVersions = map[string]schema.GroupVersion{
-		clientauthenticationv1alpha1.SchemeGroupVersion.String(): clientauthenticationv1alpha1.SchemeGroupVersion,
+		clientauthenticationv1beta1.SchemeGroupVersion.String(): clientauthenticationv1beta1.SchemeGroupVersion,
-		clientauthenticationv1beta1.SchemeGroupVersion.String():  clientauthenticationv1beta1.SchemeGroupVersion,
+		clientauthenticationv1.SchemeGroupVersion.String():      clientauthenticationv1.SchemeGroupVersion,
 		clientauthenticationv1.SchemeGroupVersion.String():       clientauthenticationv1.SchemeGroupVersion,
 	}
 )
@ -348,11 +346,7 @@ func (r *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 		return nil, err
 	}
 	if res.StatusCode == http.StatusUnauthorized {
-		resp := &clientauthentication.Response{
+		if err := r.a.maybeRefreshCreds(creds); err != nil {
 			Header: res.Header,
 			Code:   int32(res.StatusCode),
 		}
 		if err := r.a.maybeRefreshCreds(creds, resp); err != nil {
 			klog.Errorf("refreshing credentials: %v", err)
 		}
 	}
@ -382,7 +376,7 @@ func (a *Authenticator) getCreds() (*credentials, error) {
 		return a.cachedCreds, nil
 	}
-	if err := a.refreshCredsLocked(nil); err != nil {
+	if err := a.refreshCredsLocked(); err != nil {
 		return nil, err
 	}
@ -391,7 +385,7 @@ func (a *Authenticator) getCreds() (*credentials, error) {
 // maybeRefreshCreds executes the plugin to force a rotation of the
 // credentials, unless they were rotated already.
-func (a *Authenticator) maybeRefreshCreds(creds *credentials, r *clientauthentication.Response) error {
+func (a *Authenticator) maybeRefreshCreds(creds *credentials) error {
 	a.mu.Lock()
 	defer a.mu.Unlock()
@ -402,12 +396,12 @@ func (a *Authenticator) maybeRefreshCreds(creds *credentials, r *clientauthentic
 		return nil
 	}
-	return a.refreshCredsLocked(r)
+	return a.refreshCredsLocked()
 }
 // refreshCredsLocked executes the plugin and reads the credentials from
 // stdout. It must be called while holding the Authenticator's mutex.
-func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) error {
+func (a *Authenticator) refreshCredsLocked() error {
 	interactive, err := a.interactiveFunc()
 	if err != nil {
 		return fmt.Errorf("exec plugin cannot support interactive mode: %w", err)
@ -415,7 +409,6 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err
 	cred := &clientauthentication.ExecCredential{
 		Spec: clientauthentication.ExecCredentialSpec{
 			Response:    r,
 			Interactive: interactive,
 		},
 	}
--- a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec_test.go
+++ b/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/exec_test.go
@ -115,7 +115,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "5", Value: "6"},
 			{Name: "7", Value: "8"},
 		},
-		APIVersion:         "client.authentication.k8s.io/v1alpha1",
+		APIVersion:         "client.authentication.k8s.io/v1beta1",
 		ProvideClusterInfo: true,
 	}
 	c1c := &clientauthentication.Cluster{
@ -141,7 +141,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "5", Value: "6"},
 			{Name: "7", Value: "8"},
 		},
-		APIVersion:         "client.authentication.k8s.io/v1alpha1",
+		APIVersion:         "client.authentication.k8s.io/v1beta1",
 		ProvideClusterInfo: true,
 	}
 	c2c := &clientauthentication.Cluster{
@ -166,7 +166,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "3", Value: "4"},
 			{Name: "5", Value: "6"},
 		},
-		APIVersion: "client.authentication.k8s.io/v1alpha1",
+		APIVersion: "client.authentication.k8s.io/v1beta1",
 	}
 	c3c := &clientauthentication.Cluster{
 		Server:                   "foo",
@ -190,7 +190,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "3", Value: "4"},
 			{Name: "5", Value: "6"},
 		},
-		APIVersion: "client.authentication.k8s.io/v1alpha1",
+		APIVersion: "client.authentication.k8s.io/v1beta1",
 	}
 	c4c := &clientauthentication.Cluster{
 		Server:                   "foo",
@ -215,7 +215,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "3", Value: "4"},
 			{Name: "5", Value: "6"},
 		},
-		APIVersion:         "client.authentication.k8s.io/v1alpha1",
+		APIVersion:         "client.authentication.k8s.io/v1beta1",
 		ProvideClusterInfo: true,
 	}
 	c5c := &clientauthentication.Cluster{
@ -241,7 +241,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "3", Value: "4"},
 			{Name: "5", Value: "6"},
 		},
-		APIVersion: "client.authentication.k8s.io/v1alpha1",
+		APIVersion: "client.authentication.k8s.io/v1betaa1",
 	}
 	// c7 should be the same as c6, except c7 has stdin marked as unavailable
@ -252,7 +252,7 @@ func TestCacheKey(t *testing.T) {
 			{Name: "3", Value: "4"},
 			{Name: "5", Value: "6"},
 		},
-		APIVersion:       "client.authentication.k8s.io/v1alpha1",
+		APIVersion:       "client.authentication.k8s.io/v1beta1",
 		StdinUnavailable: true,
 	}
@ -313,7 +313,6 @@ func TestRefreshCreds(t *testing.T) {
 		cluster          *clientauthentication.Cluster
 		output           string
 		isTerminal       bool
 		response         *clientauthentication.Response
 		wantInput        string
 		wantCreds        credentials
 		wantExpiry       time.Time
@ -321,173 +320,21 @@ func TestRefreshCreds(t *testing.T) {
 		wantErrSubstr    string
 	}{
 		{
-			name: "basic-request",
+			name: "beta-with-TLS-credentials",
 			config: api.ExecConfig{
-				APIVersion:      "client.authentication.k8s.io/v1alpha1",
+				APIVersion:      "client.authentication.k8s.io/v1beta1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
-				"apiVersion":"client.authentication.k8s.io/v1alpha1",
+				"apiVersion":"client.authentication.k8s.io/v1beta1",
 				"spec": {}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion": "client.authentication.k8s.io/v1alpha1",
 				"status": {
 					"token": "foo-bar"
 				}
 			}`,
 			wantCreds: credentials{token: "foo-bar"},
 		},
 		{
 			name: "interactive",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			isTerminal: true,
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {
-					"interactive": true
+					"interactive": false
 				}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion": "client.authentication.k8s.io/v1alpha1",
 				"status": {
 					"token": "foo-bar"
 				}
 			}`,
 			wantCreds: credentials{token: "foo-bar"},
 		},
 		{
 			name: "response",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			response: &clientauthentication.Response{
 				Header: map[string][]string{
 					"WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`},
 				},
 				Code: 401,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {
 					"response": {
 						"header": {
 							"WWW-Authenticate": [
 								"Basic realm=\"Access to the staging site\", charset=\"UTF-8\""
 							]
 						},
 						"code": 401
 					}
 				}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion": "client.authentication.k8s.io/v1alpha1",
 				"status": {
 					"token": "foo-bar"
 				}
 			}`,
 			wantCreds: credentials{token: "foo-bar"},
 		},
 		{
 			name: "expiry",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion": "client.authentication.k8s.io/v1alpha1",
 				"status": {
 					"token": "foo-bar",
 					"expirationTimestamp": "2006-01-02T15:04:05Z"
 				}
 			}`,
 			wantExpiry: time.Date(2006, 01, 02, 15, 04, 05, 0, time.UTC),
 			wantCreds:  credentials{token: "foo-bar"},
 		},
 		{
 			name: "no-group-version",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"status": {
 					"token": "foo-bar"
 				}
 			}`,
 			wantErr: true,
 		},
 		{
 			name: "no-status",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1"
 			}`,
 			wantErr: true,
 		},
 		{
 			name: "no-creds",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"status": {}
 			}`,
 			wantErr: true,
 		},
 		{
 			name: "TLS credentials",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: fmt.Sprintf(`{
 				"kind": "ExecCredential",
-				"apiVersion": "client.authentication.k8s.io/v1alpha1",
+				"apiVersion": "client.authentication.k8s.io/v1beta1",
 				"status": {
 					"clientKeyData": %q,
 					"clientCertificateData": %q
@ -496,19 +343,14 @@ func TestRefreshCreds(t *testing.T) {
 			wantCreds: credentials{cert: validCert},
 		},
 		{
-			name: "bad TLS credentials",
+			name: "beta-with-bad-TLS-credentials",
 			config: api.ExecConfig{
-				APIVersion:      "client.authentication.k8s.io/v1alpha1",
+				APIVersion:      "client.authentication.k8s.io/v1beta1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
-				"apiVersion": "client.authentication.k8s.io/v1alpha1",
+				"apiVersion": "client.authentication.k8s.io/v1beta1",
 				"status": {
 					"clientKeyData": "foo",
 					"clientCertificateData": "bar"
@ -517,19 +359,14 @@ func TestRefreshCreds(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "cert but no key",
+			name: "beta-cert-but-no-key",
 			config: api.ExecConfig{
-				APIVersion:      "client.authentication.k8s.io/v1alpha1",
+				APIVersion:      "client.authentication.k8s.io/v1beta1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {}
 			}`,
 			output: fmt.Sprintf(`{
 				"kind": "ExecCredential",
-				"apiVersion": "client.authentication.k8s.io/v1alpha1",
+				"apiVersion": "client.authentication.k8s.io/v1beta1",
 				"status": {
 					"clientCertificateData": %q
 				}
@ -834,55 +671,6 @@ func TestRefreshCreds(t *testing.T) {
 			wantErr:       true,
 			wantErrSubstr: "73",
 		},
 		{
 			name: "alpha-with-cluster-is-ignored",
 			config: api.ExecConfig{
 				APIVersion:      "client.authentication.k8s.io/v1alpha1",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			},
 			cluster: &clientauthentication.Cluster{
 				Server:                   "foo",
 				TLSServerName:            "bar",
 				CertificateAuthorityData: []byte("baz"),
 				Config: &runtime.Unknown{
 					TypeMeta: runtime.TypeMeta{
 						APIVersion: "",
 						Kind:       "",
 					},
 					Raw:             []byte(`{"apiVersion":"group/v1","kind":"PluginConfig","spec":{"audience":"panda"}}`),
 					ContentEncoding: "",
 					ContentType:     "application/json",
 				},
 			},
 			response: &clientauthentication.Response{
 				Header: map[string][]string{
 					"WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`},
 				},
 				Code: 401,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1alpha1",
 				"spec": {
 					"response": {
 						"header": {
 							"WWW-Authenticate": [
 								"Basic realm=\"Access to the staging site\", charset=\"UTF-8\""
 							]
 						},
 						"code": 401
 					}
 				}
 			}`,
 			output: `{
 				"kind": "ExecCredential",
 				"apiVersion": "client.authentication.k8s.io/v1alpha1",
 				"status": {
 					"token": "foo-bar"
 				}
 			}`,
 			wantCreds: credentials{token: "foo-bar"},
 		},
 		{
 			name: "beta-with-cluster-and-provide-cluster-info-is-serialized",
 			config: api.ExecConfig{
@ -904,12 +692,6 @@ func TestRefreshCreds(t *testing.T) {
 					ContentType:     "application/json",
 				},
 			},
 			response: &clientauthentication.Response{
 				Header: map[string][]string{
 					"WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`},
 				},
 				Code: 401,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1beta1",
@ -958,12 +740,6 @@ func TestRefreshCreds(t *testing.T) {
 					ContentType:     "application/json",
 				},
 			},
 			response: &clientauthentication.Response{
 				Header: map[string][]string{
 					"WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`},
 				},
 				Code: 401,
 			},
 			wantInput: `{
 				"kind":"ExecCredential",
 				"apiVersion":"client.authentication.k8s.io/v1beta1",
@ -1037,7 +813,7 @@ func TestRefreshCreds(t *testing.T) {
 			a.stderr = stderr
 			a.environ = func() []string { return nil }
-			if err := a.refreshCredsLocked(test.response); err != nil {
+			if err := a.refreshCredsLocked(); err != nil {
 				if !test.wantErr {
 					t.Errorf("get token %v", err)
 				} else if !strings.Contains(err.Error(), test.wantErrSubstr) {
@ -1103,7 +879,7 @@ func TestRoundTripper(t *testing.T) {
 	c := api.ExecConfig{
 		Command:         "./testdata/test-plugin.sh",
-		APIVersion:      "client.authentication.k8s.io/v1alpha1",
+		APIVersion:      "client.authentication.k8s.io/v1beta1",
 		InteractiveMode: api.IfAvailableExecInteractiveMode,
 	}
 	a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &c, nil)
@ -1136,7 +912,7 @@ func TestRoundTripper(t *testing.T) {
 	setOutput(`{
 		"kind": "ExecCredential",
-		"apiVersion": "client.authentication.k8s.io/v1alpha1",
+		"apiVersion": "client.authentication.k8s.io/v1beta1",
 		"status": {
 			"token": "token1"
 		}
@ -1146,7 +922,7 @@ func TestRoundTripper(t *testing.T) {
 	setOutput(`{
 		"kind": "ExecCredential",
-		"apiVersion": "client.authentication.k8s.io/v1alpha1",
+		"apiVersion": "client.authentication.k8s.io/v1beta1",
 		"status": {
 			"token": "token2"
 		}
@ -1162,7 +938,7 @@ func TestRoundTripper(t *testing.T) {
 	setOutput(`{
 		"kind": "ExecCredential",
-		"apiVersion": "client.authentication.k8s.io/v1alpha1",
+		"apiVersion": "client.authentication.k8s.io/v1beta1",
 		"status": {
 			"token": "token3",
 			"expirationTimestamp": "` + now().Add(time.Hour).Format(time.RFC3339Nano) + `"
@ -1177,7 +953,7 @@ func TestRoundTripper(t *testing.T) {
 	n = n.Add(time.Hour * 2)
 	setOutput(`{
 		"kind": "ExecCredential",
-		"apiVersion": "client.authentication.k8s.io/v1alpha1",
+		"apiVersion": "client.authentication.k8s.io/v1beta1",
 		"status": {
 			"token": "token4",
 			"expirationTimestamp": "` + now().Add(time.Hour).Format(time.RFC3339Nano) + `"
@ -1218,7 +994,7 @@ func TestAuthorizationHeaderPresentCancelsExecAction(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &api.ExecConfig{
 				Command:    "./testdata/test-plugin.sh",
-				APIVersion: "client.authentication.k8s.io/v1alpha1",
+				APIVersion: "client.authentication.k8s.io/v1beta1",
 			}, nil)
 			if err != nil {
 				t.Fatal(err)
@ -1260,7 +1036,7 @@ func TestTLSCredentials(t *testing.T) {
 	a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &api.ExecConfig{
 		Command:         "./testdata/test-plugin.sh",
-		APIVersion:      "client.authentication.k8s.io/v1alpha1",
+		APIVersion:      "client.authentication.k8s.io/v1beta1",
 		InteractiveMode: api.IfAvailableExecInteractiveMode,
 	}, nil)
 	if err != nil {
@ -1350,7 +1126,7 @@ func TestConcurrentUpdateTransportConfig(t *testing.T) {
 	c := api.ExecConfig{
 		Command:    "./testdata/test-plugin.sh",
-		APIVersion: "client.authentication.k8s.io/v1alpha1",
+		APIVersion: "client.authentication.k8s.io/v1beta1",
 	}
 	a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &c, nil)
 	if err != nil {
@ -1416,7 +1192,7 @@ func TestInstallHintRateLimit(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			c := api.ExecConfig{
 				Command:         "does not exist",
-				APIVersion:      "client.authentication.k8s.io/v1alpha1",
+				APIVersion:      "client.authentication.k8s.io/v1beta1",
 				InstallHint:     "some install hint",
 				InteractiveMode: api.IfAvailableExecInteractiveMode,
 			}
@ -1433,7 +1209,7 @@ func TestInstallHintRateLimit(t *testing.T) {
 			count := 0
 			for i := 0; i < test.calls; i++ {
-				err := a.refreshCredsLocked(&clientauthentication.Response{})
+				err := a.refreshCredsLocked()
 				if strings.Contains(err.Error(), c.InstallHint) {
 					count++
 				}
--- a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/metrics_test.go
+++ b/staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/metrics_test.go
@ -23,7 +23,6 @@ import (
 	"time"
 	"github.com/google/go-cmp/cmp"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/tools/metrics"
 )
@ -153,7 +152,7 @@ func TestCallsMetric(t *testing.T) {
 		// Run refresh creds twice so that our test validates that the metrics are set correctly twice
 		// in a row with the same authenticator.
 		refreshCreds := func() {
-			if err := a.refreshCredsLocked(&clientauthentication.Response{}); (err == nil) != (exitCode == 0) {
+			if err := a.refreshCredsLocked(); (err == nil) != (exitCode == 0) {
 				if err != nil {
 					t.Fatalf("wanted no error, but got %q", err.Error())
 				} else {
@ -183,7 +182,7 @@ func TestCallsMetric(t *testing.T) {
 			t.Fatal(err)
 		}
 		a.stderr = io.Discard
-		if err := a.refreshCredsLocked(&clientauthentication.Response{}); err == nil {
+		if err := a.refreshCredsLocked(); err == nil {
 			t.Fatal("expected the authenticator to fail because the plugin does not exist")
 		}
 		wantCallsMetrics = append(wantCallsMetrics, mockCallsMetric{exitCode: 1, errorType: "plugin_not_found_error"})
--- a/staging/src/k8s.io/client-go/tools/auth/exec/exec_test.go
+++ b/staging/src/k8s.io/client-go/tools/auth/exec/exec_test.go
@ -25,7 +25,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1"
 	clientauthenticationv1alpha1 "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
 	clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 	"k8s.io/client-go/rest"
 )
@ -243,11 +242,6 @@ func TestLoadExecCredential(t *testing.T) {
 			data:            marshal(t, clientauthenticationv1beta1.SchemeGroupVersion, &clientauthenticationv1beta1.ExecCredential{}),
 			wantErrorPrefix: "ExecCredential does not contain cluster information",
 		},
 		{
 			name:            "v1alpha1",
 			data:            marshal(t, clientauthenticationv1alpha1.SchemeGroupVersion, &clientauthenticationv1alpha1.ExecCredential{}),
 			wantErrorPrefix: "ExecCredential does not contain cluster information",
 		},
 		{
 			name:            "invalid object kind",
 			data:            marshal(t, metav1.SchemeGroupVersion, &metav1.Status{}),
--- a/staging/src/k8s.io/client-go/tools/auth/exec/types_test.go
+++ b/staging/src/k8s.io/client-go/tools/auth/exec/types_test.go
@ -24,7 +24,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
 	clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1"
 	clientauthenticationv1alpha1 "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
 	clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 	clientcmdv1 "k8s.io/client-go/tools/clientcmd/api/v1"
 )
@ -139,15 +138,13 @@ func testClientAuthenticationClusterTypesAreSynced(t *testing.T, cluster interfa
 }
 // TestAllClusterTypesAreSynced is a TODO so that we remember to write a test similar to
-// TestV1beta1ClusterTypesAreSynced for any future ExecCredential version. It should start failing
+// TestClientAuthenticationClusterTypesAreSynced for any future ExecCredential version. It should start failing
 // when someone adds support for any other ExecCredential type to this package.
 func TestAllClusterTypesAreSynced(t *testing.T) {
 	versionsThatDontNeedTests := sets.NewString(
 		// The internal Cluster type should only be used...internally...and therefore doesn't
 		// necessarily need to be synced with clientcmdv1.
 		runtime.APIVersionInternal,
 		// V1alpha1 does not contain a Cluster type.
 		clientauthenticationv1alpha1.SchemeGroupVersion.Version,
 		// We have a test for v1beta1 above.
 		clientauthenticationv1beta1.SchemeGroupVersion.Version,
 		// We have a test for v1 above.
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1832,7 +1832,6 @@ k8s.io/client-go/metadata/metadatalister
 k8s.io/client-go/pkg/apis/clientauthentication
 k8s.io/client-go/pkg/apis/clientauthentication/install
 k8s.io/client-go/pkg/apis/clientauthentication/v1
 k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1
 k8s.io/client-go/pkg/apis/clientauthentication/v1beta1
 k8s.io/client-go/pkg/version
 k8s.io/client-go/plugin/pkg/client/auth