autogenerated

pkg/apis/authentication/BUILD

@@ -18,6 +18,7 @@ go_library(
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )
 

pkg/apis/authentication/v1/BUILD

@@ -19,9 +19,11 @@ go_library(
     deps = [
         "//pkg/apis/authentication:go_default_library",
         "//vendor/k8s.io/api/authentication/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )
 

pkg/apis/authentication/v1/zz_generated.conversion.go

@@ -24,8 +24,10 @@ import (
 	unsafe "unsafe"
 
 	v1 "k8s.io/api/authentication/v1"
+	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	runtime "k8s.io/apimachinery/pkg/runtime"
+	types "k8s.io/apimachinery/pkg/types"
 	authentication "k8s.io/kubernetes/pkg/apis/authentication"
 )
 
@@ -37,6 +39,14 @@ func init() {
 // Public to allow building arbitrary schemes.
 func RegisterConversions(scheme *runtime.Scheme) error {
 	return scheme.AddGeneratedConversionFuncs(
+		Convert_v1_BoundObjectReference_To_authentication_BoundObjectReference,
+		Convert_authentication_BoundObjectReference_To_v1_BoundObjectReference,
+		Convert_v1_TokenRequest_To_authentication_TokenRequest,
+		Convert_authentication_TokenRequest_To_v1_TokenRequest,
+		Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec,
+		Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec,
+		Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus,
+		Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus,
 		Convert_v1_TokenReview_To_authentication_TokenReview,
 		Convert_authentication_TokenReview_To_v1_TokenReview,
 		Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec,
@@ -48,6 +58,114 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 	)
 }
 
+func autoConvert_v1_BoundObjectReference_To_authentication_BoundObjectReference(in *v1.BoundObjectReference, out *authentication.BoundObjectReference, s conversion.Scope) error {
+	out.Kind = in.Kind
+	out.APIVersion = in.APIVersion
+	out.Name = in.Name
+	out.UID = types.UID(in.UID)
+	return nil
+}
+
+// Convert_v1_BoundObjectReference_To_authentication_BoundObjectReference is an autogenerated conversion function.
+func Convert_v1_BoundObjectReference_To_authentication_BoundObjectReference(in *v1.BoundObjectReference, out *authentication.BoundObjectReference, s conversion.Scope) error {
+	return autoConvert_v1_BoundObjectReference_To_authentication_BoundObjectReference(in, out, s)
+}
+
+func autoConvert_authentication_BoundObjectReference_To_v1_BoundObjectReference(in *authentication.BoundObjectReference, out *v1.BoundObjectReference, s conversion.Scope) error {
+	out.Kind = in.Kind
+	out.APIVersion = in.APIVersion
+	out.Name = in.Name
+	out.UID = types.UID(in.UID)
+	return nil
+}
+
+// Convert_authentication_BoundObjectReference_To_v1_BoundObjectReference is an autogenerated conversion function.
+func Convert_authentication_BoundObjectReference_To_v1_BoundObjectReference(in *authentication.BoundObjectReference, out *v1.BoundObjectReference, s conversion.Scope) error {
+	return autoConvert_authentication_BoundObjectReference_To_v1_BoundObjectReference(in, out, s)
+}
+
+func autoConvert_v1_TokenRequest_To_authentication_TokenRequest(in *v1.TokenRequest, out *authentication.TokenRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_v1_TokenRequest_To_authentication_TokenRequest is an autogenerated conversion function.
+func Convert_v1_TokenRequest_To_authentication_TokenRequest(in *v1.TokenRequest, out *authentication.TokenRequest, s conversion.Scope) error {
+	return autoConvert_v1_TokenRequest_To_authentication_TokenRequest(in, out, s)
+}
+
+func autoConvert_authentication_TokenRequest_To_v1_TokenRequest(in *authentication.TokenRequest, out *v1.TokenRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_authentication_TokenRequest_To_v1_TokenRequest is an autogenerated conversion function.
+func Convert_authentication_TokenRequest_To_v1_TokenRequest(in *authentication.TokenRequest, out *v1.TokenRequest, s conversion.Scope) error {
+	return autoConvert_authentication_TokenRequest_To_v1_TokenRequest(in, out, s)
+}
+
+func autoConvert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(in *v1.TokenRequestSpec, out *authentication.TokenRequestSpec, s conversion.Scope) error {
+	out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
+	if err := meta_v1.Convert_Pointer_int64_To_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil {
+		return err
+	}
+	out.BoundObjectRef = (*authentication.BoundObjectReference)(unsafe.Pointer(in.BoundObjectRef))
+	return nil
+}
+
+// Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec is an autogenerated conversion function.
+func Convert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(in *v1.TokenRequestSpec, out *authentication.TokenRequestSpec, s conversion.Scope) error {
+	return autoConvert_v1_TokenRequestSpec_To_authentication_TokenRequestSpec(in, out, s)
+}
+
+func autoConvert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(in *authentication.TokenRequestSpec, out *v1.TokenRequestSpec, s conversion.Scope) error {
+	out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
+	if err := meta_v1.Convert_int64_To_Pointer_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil {
+		return err
+	}
+	out.BoundObjectRef = (*v1.BoundObjectReference)(unsafe.Pointer(in.BoundObjectRef))
+	return nil
+}
+
+// Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec is an autogenerated conversion function.
+func Convert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(in *authentication.TokenRequestSpec, out *v1.TokenRequestSpec, s conversion.Scope) error {
+	return autoConvert_authentication_TokenRequestSpec_To_v1_TokenRequestSpec(in, out, s)
+}
+
+func autoConvert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(in *v1.TokenRequestStatus, out *authentication.TokenRequestStatus, s conversion.Scope) error {
+	out.Token = in.Token
+	out.ExpirationTimestamp = in.ExpirationTimestamp
+	return nil
+}
+
+// Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus is an autogenerated conversion function.
+func Convert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(in *v1.TokenRequestStatus, out *authentication.TokenRequestStatus, s conversion.Scope) error {
+	return autoConvert_v1_TokenRequestStatus_To_authentication_TokenRequestStatus(in, out, s)
+}
+
+func autoConvert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(in *authentication.TokenRequestStatus, out *v1.TokenRequestStatus, s conversion.Scope) error {
+	out.Token = in.Token
+	out.ExpirationTimestamp = in.ExpirationTimestamp
+	return nil
+}
+
+// Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus is an autogenerated conversion function.
+func Convert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(in *authentication.TokenRequestStatus, out *v1.TokenRequestStatus, s conversion.Scope) error {
+	return autoConvert_authentication_TokenRequestStatus_To_v1_TokenRequestStatus(in, out, s)
+}
+
 func autoConvert_v1_TokenReview_To_authentication_TokenReview(in *v1.TokenReview, out *authentication.TokenReview, s conversion.Scope) error {
 	out.ObjectMeta = in.ObjectMeta
 	if err := Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(&in.Spec, &out.Spec, s); err != nil {

pkg/apis/authentication/v1beta1/BUILD

@@ -19,9 +19,11 @@ go_library(
     deps = [
         "//pkg/apis/authentication:go_default_library",
         "//vendor/k8s.io/api/authentication/v1beta1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )
 

pkg/apis/authentication/v1beta1/zz_generated.conversion.go

@@ -24,8 +24,10 @@ import (
 	unsafe "unsafe"
 
 	v1beta1 "k8s.io/api/authentication/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	runtime "k8s.io/apimachinery/pkg/runtime"
+	types "k8s.io/apimachinery/pkg/types"
 	authentication "k8s.io/kubernetes/pkg/apis/authentication"
 )
 
@@ -37,6 +39,14 @@ func init() {
 // Public to allow building arbitrary schemes.
 func RegisterConversions(scheme *runtime.Scheme) error {
 	return scheme.AddGeneratedConversionFuncs(
+		Convert_v1beta1_BoundObjectReference_To_authentication_BoundObjectReference,
+		Convert_authentication_BoundObjectReference_To_v1beta1_BoundObjectReference,
+		Convert_v1beta1_TokenRequest_To_authentication_TokenRequest,
+		Convert_authentication_TokenRequest_To_v1beta1_TokenRequest,
+		Convert_v1beta1_TokenRequestSpec_To_authentication_TokenRequestSpec,
+		Convert_authentication_TokenRequestSpec_To_v1beta1_TokenRequestSpec,
+		Convert_v1beta1_TokenRequestStatus_To_authentication_TokenRequestStatus,
+		Convert_authentication_TokenRequestStatus_To_v1beta1_TokenRequestStatus,
 		Convert_v1beta1_TokenReview_To_authentication_TokenReview,
 		Convert_authentication_TokenReview_To_v1beta1_TokenReview,
 		Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec,
@@ -48,6 +58,114 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 	)
 }
 
+func autoConvert_v1beta1_BoundObjectReference_To_authentication_BoundObjectReference(in *v1beta1.BoundObjectReference, out *authentication.BoundObjectReference, s conversion.Scope) error {
+	out.Kind = in.Kind
+	out.APIVersion = in.APIVersion
+	out.Name = in.Name
+	out.UID = types.UID(in.UID)
+	return nil
+}
+
+// Convert_v1beta1_BoundObjectReference_To_authentication_BoundObjectReference is an autogenerated conversion function.
+func Convert_v1beta1_BoundObjectReference_To_authentication_BoundObjectReference(in *v1beta1.BoundObjectReference, out *authentication.BoundObjectReference, s conversion.Scope) error {
+	return autoConvert_v1beta1_BoundObjectReference_To_authentication_BoundObjectReference(in, out, s)
+}
+
+func autoConvert_authentication_BoundObjectReference_To_v1beta1_BoundObjectReference(in *authentication.BoundObjectReference, out *v1beta1.BoundObjectReference, s conversion.Scope) error {
+	out.Kind = in.Kind
+	out.APIVersion = in.APIVersion
+	out.Name = in.Name
+	out.UID = types.UID(in.UID)
+	return nil
+}
+
+// Convert_authentication_BoundObjectReference_To_v1beta1_BoundObjectReference is an autogenerated conversion function.
+func Convert_authentication_BoundObjectReference_To_v1beta1_BoundObjectReference(in *authentication.BoundObjectReference, out *v1beta1.BoundObjectReference, s conversion.Scope) error {
+	return autoConvert_authentication_BoundObjectReference_To_v1beta1_BoundObjectReference(in, out, s)
+}
+
+func autoConvert_v1beta1_TokenRequest_To_authentication_TokenRequest(in *v1beta1.TokenRequest, out *authentication.TokenRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_v1beta1_TokenRequestSpec_To_authentication_TokenRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_v1beta1_TokenRequestStatus_To_authentication_TokenRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_v1beta1_TokenRequest_To_authentication_TokenRequest is an autogenerated conversion function.
+func Convert_v1beta1_TokenRequest_To_authentication_TokenRequest(in *v1beta1.TokenRequest, out *authentication.TokenRequest, s conversion.Scope) error {
+	return autoConvert_v1beta1_TokenRequest_To_authentication_TokenRequest(in, out, s)
+}
+
+func autoConvert_authentication_TokenRequest_To_v1beta1_TokenRequest(in *authentication.TokenRequest, out *v1beta1.TokenRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_authentication_TokenRequestSpec_To_v1beta1_TokenRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_authentication_TokenRequestStatus_To_v1beta1_TokenRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_authentication_TokenRequest_To_v1beta1_TokenRequest is an autogenerated conversion function.
+func Convert_authentication_TokenRequest_To_v1beta1_TokenRequest(in *authentication.TokenRequest, out *v1beta1.TokenRequest, s conversion.Scope) error {
+	return autoConvert_authentication_TokenRequest_To_v1beta1_TokenRequest(in, out, s)
+}
+
+func autoConvert_v1beta1_TokenRequestSpec_To_authentication_TokenRequestSpec(in *v1beta1.TokenRequestSpec, out *authentication.TokenRequestSpec, s conversion.Scope) error {
+	out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
+	if err := v1.Convert_Pointer_int64_To_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil {
+		return err
+	}
+	out.BoundObjectRef = (*authentication.BoundObjectReference)(unsafe.Pointer(in.BoundObjectRef))
+	return nil
+}
+
+// Convert_v1beta1_TokenRequestSpec_To_authentication_TokenRequestSpec is an autogenerated conversion function.
+func Convert_v1beta1_TokenRequestSpec_To_authentication_TokenRequestSpec(in *v1beta1.TokenRequestSpec, out *authentication.TokenRequestSpec, s conversion.Scope) error {
+	return autoConvert_v1beta1_TokenRequestSpec_To_authentication_TokenRequestSpec(in, out, s)
+}
+
+func autoConvert_authentication_TokenRequestSpec_To_v1beta1_TokenRequestSpec(in *authentication.TokenRequestSpec, out *v1beta1.TokenRequestSpec, s conversion.Scope) error {
+	out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
+	if err := v1.Convert_int64_To_Pointer_int64(&in.ExpirationSeconds, &out.ExpirationSeconds, s); err != nil {
+		return err
+	}
+	out.BoundObjectRef = (*v1beta1.BoundObjectReference)(unsafe.Pointer(in.BoundObjectRef))
+	return nil
+}
+
+// Convert_authentication_TokenRequestSpec_To_v1beta1_TokenRequestSpec is an autogenerated conversion function.
+func Convert_authentication_TokenRequestSpec_To_v1beta1_TokenRequestSpec(in *authentication.TokenRequestSpec, out *v1beta1.TokenRequestSpec, s conversion.Scope) error {
+	return autoConvert_authentication_TokenRequestSpec_To_v1beta1_TokenRequestSpec(in, out, s)
+}
+
+func autoConvert_v1beta1_TokenRequestStatus_To_authentication_TokenRequestStatus(in *v1beta1.TokenRequestStatus, out *authentication.TokenRequestStatus, s conversion.Scope) error {
+	out.Token = in.Token
+	out.ExpirationTimestamp = in.ExpirationTimestamp
+	return nil
+}
+
+// Convert_v1beta1_TokenRequestStatus_To_authentication_TokenRequestStatus is an autogenerated conversion function.
+func Convert_v1beta1_TokenRequestStatus_To_authentication_TokenRequestStatus(in *v1beta1.TokenRequestStatus, out *authentication.TokenRequestStatus, s conversion.Scope) error {
+	return autoConvert_v1beta1_TokenRequestStatus_To_authentication_TokenRequestStatus(in, out, s)
+}
+
+func autoConvert_authentication_TokenRequestStatus_To_v1beta1_TokenRequestStatus(in *authentication.TokenRequestStatus, out *v1beta1.TokenRequestStatus, s conversion.Scope) error {
+	out.Token = in.Token
+	out.ExpirationTimestamp = in.ExpirationTimestamp
+	return nil
+}
+
+// Convert_authentication_TokenRequestStatus_To_v1beta1_TokenRequestStatus is an autogenerated conversion function.
+func Convert_authentication_TokenRequestStatus_To_v1beta1_TokenRequestStatus(in *authentication.TokenRequestStatus, out *v1beta1.TokenRequestStatus, s conversion.Scope) error {
+	return autoConvert_authentication_TokenRequestStatus_To_v1beta1_TokenRequestStatus(in, out, s)
+}
+
 func autoConvert_v1beta1_TokenReview_To_authentication_TokenReview(in *v1beta1.TokenReview, out *authentication.TokenReview, s conversion.Scope) error {
 	out.ObjectMeta = in.ObjectMeta
 	if err := Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(&in.Spec, &out.Spec, s); err != nil {

pkg/apis/authentication/zz_generated.deepcopy.go

@@ -24,6 +24,98 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference.
+func (in *BoundObjectReference) DeepCopy() *BoundObjectReference {
+	if in == nil {
+		return nil
+	}
+	out := new(BoundObjectReference)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequest) DeepCopyInto(out *TokenRequest) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest.
+func (in *TokenRequest) DeepCopy() *TokenRequest {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *TokenRequest) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	} else {
+		return nil
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec) {
+	*out = *in
+	if in.Audiences != nil {
+		in, out := &in.Audiences, &out.Audiences
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.BoundObjectRef != nil {
+		in, out := &in.BoundObjectRef, &out.BoundObjectRef
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(BoundObjectReference)
+			**out = **in
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec.
+func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequestSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus) {
+	*out = *in
+	in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus.
+func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequestStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenReview) DeepCopyInto(out *TokenReview) {
 	*out = *in

staging/src/k8s.io/api/authentication/v1/BUILD

@@ -22,6 +22,7 @@ go_library(
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )
 

staging/src/k8s.io/api/authentication/v1/generated.proto

@@ -29,6 +29,25 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "v1";
 
+// BoundObjectReference is a reference to an object that a token is bound to.
+message BoundObjectReference {
+  // Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
+  // +optional
+  optional string kind = 1;
+
+  // API version of the referent.
+  // +optional
+  optional string aPIVersion = 2;
+
+  // Name of the referent.
+  // +optional
+  optional string name = 3;
+
+  // UID of the referent.
+  // +optional
+  optional string uID = 4;
+}
+
 // ExtraValue masks the value so protobuf can generate
 // +protobuf.nullable=true
 // +protobuf.options.(gogoproto.goproto_stringer)=false
@@ -38,6 +57,48 @@ message ExtraValue {
   repeated string items = 1;
 }
 
+// TokenRequest requests a token for a given service account.
+message TokenRequest {
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  optional TokenRequestSpec spec = 2;
+
+  // +optional
+  optional TokenRequestStatus status = 3;
+}
+
+// TokenRequestSpec contains client provided parameters of a token request.
+message TokenRequestSpec {
+  // Audiences are the intendend audiences of the token. A recipient of a
+  // token must identitfy themself with an identifier in the list of
+  // audiences of the token, and otherwise should reject the token. A
+  // token issued for multiple audiences may be used to authenticate
+  // against any of the audiences listed but implies a high degree of
+  // trust between the target audiences.
+  repeated string audiences = 1;
+
+  // ExpirationSeconds is the requested duration of validity of the request. The
+  // token issuer may return a token with a different validity duration so a
+  // client needs to check the 'expiration' field in a response.
+  // +optional
+  optional int64 expirationSeconds = 4;
+
+  // BoundObjectRef is a reference to an object that the token will be bound to.
+  // The token will only be valid for as long as the bound objet exists.
+  // +optional
+  optional BoundObjectReference boundObjectRef = 3;
+}
+
+// TokenRequestStatus is the result of a token request.
+message TokenRequestStatus {
+  // Token is the opaque bearer token.
+  optional string token = 1;
+
+  // ExpirationTimestamp is the time of expiration of the returned token.
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2;
+}
+
 // TokenReview attempts to authenticate a token to a known user.
 // Note: TokenReview requests may be cached by the webhook token authenticator
 // plugin in the kube-apiserver.

staging/src/k8s.io/api/authentication/v1/types_swagger_doc_generated.go

@@ -27,6 +27,47 @@ package v1
 // Those methods can be generated by using hack/update-generated-swagger-docs.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE
+var map_BoundObjectReference = map[string]string{
+	"":           "BoundObjectReference is a reference to an object that a token is bound to.",
+	"kind":       "Kind of the referent. Valid kinds are 'Pod' and 'Secret'.",
+	"apiVersion": "API version of the referent.",
+	"name":       "Name of the referent.",
+	"uid":        "UID of the referent.",
+}
+
+func (BoundObjectReference) SwaggerDoc() map[string]string {
+	return map_BoundObjectReference
+}
+
+var map_TokenRequest = map[string]string{
+	"": "TokenRequest requests a token for a given service account.",
+}
+
+func (TokenRequest) SwaggerDoc() map[string]string {
+	return map_TokenRequest
+}
+
+var map_TokenRequestSpec = map[string]string{
+	"":                  "TokenRequestSpec contains client provided parameters of a token request.",
+	"audiences":         "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
+	"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.",
+	"boundObjectRef":    "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound objet exists.",
+}
+
+func (TokenRequestSpec) SwaggerDoc() map[string]string {
+	return map_TokenRequestSpec
+}
+
+var map_TokenRequestStatus = map[string]string{
+	"":                    "TokenRequestStatus is the result of a token request.",
+	"token":               "Token is the opaque bearer token.",
+	"expirationTimestamp": "ExpirationTimestamp is the time of expiration of the returned token.",
+}
+
+func (TokenRequestStatus) SwaggerDoc() map[string]string {
+	return map_TokenRequestStatus
+}
+
 var map_TokenReview = map[string]string{
 	"":       "TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.",
 	"spec":   "Spec holds information about the request being evaluated",

staging/src/k8s.io/api/authentication/v1/zz_generated.deepcopy.go

@@ -24,6 +24,107 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference.
+func (in *BoundObjectReference) DeepCopy() *BoundObjectReference {
+	if in == nil {
+		return nil
+	}
+	out := new(BoundObjectReference)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequest) DeepCopyInto(out *TokenRequest) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest.
+func (in *TokenRequest) DeepCopy() *TokenRequest {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *TokenRequest) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	} else {
+		return nil
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec) {
+	*out = *in
+	if in.Audiences != nil {
+		in, out := &in.Audiences, &out.Audiences
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ExpirationSeconds != nil {
+		in, out := &in.ExpirationSeconds, &out.ExpirationSeconds
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(int64)
+			**out = **in
+		}
+	}
+	if in.BoundObjectRef != nil {
+		in, out := &in.BoundObjectRef, &out.BoundObjectRef
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(BoundObjectReference)
+			**out = **in
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec.
+func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequestSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus) {
+	*out = *in
+	in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus.
+func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequestStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenReview) DeepCopyInto(out *TokenReview) {
 	*out = *in

staging/src/k8s.io/api/authentication/v1beta1/BUILD

@@ -22,6 +22,7 @@ go_library(
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
     ],
 )
 

staging/src/k8s.io/api/authentication/v1beta1/generated.proto

@@ -29,6 +29,25 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "v1beta1";
 
+// BoundObjectReference is a reference to an object that a token is bound to.
+message BoundObjectReference {
+  // Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
+  // +optional
+  optional string kind = 1;
+
+  // API version of the referent.
+  // +optional
+  optional string aPIVersion = 2;
+
+  // Name of the referent.
+  // +optional
+  optional string name = 3;
+
+  // UID of the referent.
+  // +optional
+  optional string uID = 4;
+}
+
 // ExtraValue masks the value so protobuf can generate
 // +protobuf.nullable=true
 // +protobuf.options.(gogoproto.goproto_stringer)=false
@@ -38,6 +57,48 @@ message ExtraValue {
   repeated string items = 1;
 }
 
+// TokenRequest requests a token for a given service account.
+message TokenRequest {
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  optional TokenRequestSpec spec = 2;
+
+  // +optional
+  optional TokenRequestStatus status = 3;
+}
+
+// TokenRequestSpec contains client provided parameters of a token request.
+message TokenRequestSpec {
+  // Audiences are the intendend audiences of the token. A recipient of a
+  // token must identitfy themself with an identifier in the list of
+  // audiences of the token, and otherwise should reject the token. A
+  // token issued for multiple audiences may be used to authenticate
+  // against any of the audiences listed but implies a high degree of
+  // trust between the target audiences.
+  repeated string audiences = 1;
+
+  // ExpirationSeconds is the requested duration of validity of the request. The
+  // token issuer may return a token with a different validity duration so a
+  // client needs to check the 'expiration' field in a response.
+  // +optional
+  optional int64 expirationSeconds = 4;
+
+  // BoundObjectRef is a reference to an object that the token will be bound to.
+  // The token will only be valid for as long as the bound objet exists.
+  // +optional
+  optional BoundObjectReference boundObjectRef = 3;
+}
+
+// TokenRequestStatus is the result of a token request.
+message TokenRequestStatus {
+  // Token is the opaque bearer token.
+  optional string token = 1;
+
+  // ExpirationTimestmap is the time of expiration of the returned token.
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2;
+}
+
 // TokenReview attempts to authenticate a token to a known user.
 // Note: TokenReview requests may be cached by the webhook token authenticator
 // plugin in the kube-apiserver.

staging/src/k8s.io/api/authentication/v1beta1/types_swagger_doc_generated.go

@@ -27,6 +27,47 @@ package v1beta1
 // Those methods can be generated by using hack/update-generated-swagger-docs.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE
+var map_BoundObjectReference = map[string]string{
+	"":           "BoundObjectReference is a reference to an object that a token is bound to.",
+	"kind":       "Kind of the referent. Valid kinds are 'Pod' and 'Secret'.",
+	"apiVersion": "API version of the referent.",
+	"name":       "Name of the referent.",
+	"uid":        "UID of the referent.",
+}
+
+func (BoundObjectReference) SwaggerDoc() map[string]string {
+	return map_BoundObjectReference
+}
+
+var map_TokenRequest = map[string]string{
+	"": "TokenRequest requests a token for a given service account.",
+}
+
+func (TokenRequest) SwaggerDoc() map[string]string {
+	return map_TokenRequest
+}
+
+var map_TokenRequestSpec = map[string]string{
+	"":                  "TokenRequestSpec contains client provided parameters of a token request.",
+	"audiences":         "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
+	"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.",
+	"boundObjectRef":    "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound objet exists.",
+}
+
+func (TokenRequestSpec) SwaggerDoc() map[string]string {
+	return map_TokenRequestSpec
+}
+
+var map_TokenRequestStatus = map[string]string{
+	"":                    "TokenRequestStatus is the result of a token request.",
+	"token":               "Token is the opaque bearer token.",
+	"expirationTimestamp": "ExpirationTimestmap is the time of expiration of the returned token.",
+}
+
+func (TokenRequestStatus) SwaggerDoc() map[string]string {
+	return map_TokenRequestStatus
+}
+
 var map_TokenReview = map[string]string{
 	"":       "TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.",
 	"spec":   "Spec holds information about the request being evaluated",

staging/src/k8s.io/api/authentication/v1beta1/zz_generated.deepcopy.go

@@ -24,6 +24,107 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BoundObjectReference) DeepCopyInto(out *BoundObjectReference) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BoundObjectReference.
+func (in *BoundObjectReference) DeepCopy() *BoundObjectReference {
+	if in == nil {
+		return nil
+	}
+	out := new(BoundObjectReference)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequest) DeepCopyInto(out *TokenRequest) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequest.
+func (in *TokenRequest) DeepCopy() *TokenRequest {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *TokenRequest) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	} else {
+		return nil
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequestSpec) DeepCopyInto(out *TokenRequestSpec) {
+	*out = *in
+	if in.Audiences != nil {
+		in, out := &in.Audiences, &out.Audiences
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ExpirationSeconds != nil {
+		in, out := &in.ExpirationSeconds, &out.ExpirationSeconds
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(int64)
+			**out = **in
+		}
+	}
+	if in.BoundObjectRef != nil {
+		in, out := &in.BoundObjectRef, &out.BoundObjectRef
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(BoundObjectReference)
+			**out = **in
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestSpec.
+func (in *TokenRequestSpec) DeepCopy() *TokenRequestSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequestSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TokenRequestStatus) DeepCopyInto(out *TokenRequestStatus) {
+	*out = *in
+	in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequestStatus.
+func (in *TokenRequestStatus) DeepCopy() *TokenRequestStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(TokenRequestStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenReview) DeepCopyInto(out *TokenReview) {
 	*out = *in