Un maintained Opensource package being used in this project : com.microsoft.azure:adal4j

[vijeyanidhi]

Describe the bug

This opensource software is using an unsupported package com.microsoft.azure:adal4j https://github.com/AzureAD/azure-activedirectory-library-for-java which has been in maintenance in 2021 and archived in 2023.

the project has been shifted to https://github.com/AzureAD/microsoft-authentication-library-for-java should be used in this particular project instead of the older un maintained project artifact.

Client Version
20.0.0

Kubernetes Version
Not required here

Java Version
Java 8, 11, 17

To Reproduce
Steps to reproduce the behavior:

Expected behavior
A clear and concise description of what you expected to happen.

KubeConfig
If applicable, add a KubeConfig file with secrets redacted.

Server (please complete the following information):

• OS: [e.g. Linux]
• Environment [e.g. container]
• Cloud [e.g. Azure]

Additional context
Add any other context about the problem here.

[vijeyanidhi]

dependency tree

[INFO] +- io.kubernetes:client-java:jar:20.0.0:compile
[INFO] |  +- io.prometheus:simpleclient:jar:0.16.0:compile
[INFO] |  |  +- io.prometheus:simpleclient_tracer_otel:jar:0.16.0:compile
[INFO] |  |  |  \- io.prometheus:simpleclient_tracer_common:jar:0.16.0:compile
[INFO] |  |  \- io.prometheus:simpleclient_tracer_otel_agent:jar:0.16.0:compile
[INFO] |  +- io.prometheus:simpleclient_httpserver:jar:0.16.0:compile
[INFO] |  |  \- io.prometheus:simpleclient_common:jar:0.16.0:compile
[INFO] |  +- io.kubernetes:client-java-api:jar:20.0.0:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  |  +- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] |  |  +- io.swagger:swagger-annotations:jar:1.6.13:compile
[INFO] |  |  +- com.squareup.okhttp3:logging-interceptor:jar:4.10.0:compile
[INFO] |  |  \- io.gsonfire:gson-fire:jar:1.9.0:compile
[INFO] |  +- io.kubernetes:client-java-proto:jar:20.0.0:compile
[INFO] |  +- org.yaml:snakeyaml:jar:2.0:compile
[INFO] |  +- org.apache.commons:commons-compress:jar:1.21:compile
[INFO] |  +- org.slf4j:slf4j-api:jar:2.0.9:compile
[INFO] |  +- org.bouncycastle:bcpkix-jdk18on:jar:1.77:compile
[INFO] |  |  \- org.bouncycastle:bcutil-jdk18on:jar:1.77:compile
[INFO] |  +- com.microsoft.azure:adal4j:jar:1.6.7:compile
[INFO] |  |  \- com.nimbusds:oauth2-oidc-sdk:jar:9.4:compile
[INFO] |  |     +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] |  |     +- com.nimbusds:content-type:jar:2.1:compile
[INFO] |  |     +- com.nimbusds:lang-tag:jar:1.5:compile
[INFO] |  |     \- com.nimbusds:nimbus-jose-jwt:jar:9.8.1:compile

[vijeyanidhi]

https://mvnrepository.com/artifact/com.microsoft.azure/adal4j/1.6.7

last release was done in 2021 April

[brendandburns]

Given that this code is being deprecated in newer Kubernetes versions, we should consider just ripping out this code entirely.

[vijeyanidhi]

Given that this code is being deprecated in newer Kubernetes versions, we should consider just ripping out this code entirely.

so I am assuming this is going to be released in version 21 or version 22? and not anytime in this week?

[codefromthecrypt]

I took a look and also tried the migration guide. It isn't straight-forward and very likely to introduce bugs.

My recommendation would be to plan to remove the code using this dependency as @brendandburns mentioned, and do nothing about it otherwise. To do something otherwise would both require very strong rationale, and also be in concert with an actual user of this project and specifically the active directory component.

My 2p, and I'm not a maintainer, so take it for what it's worth.

[codefromthecrypt]

raised this to buy some time #3175