Un maintained Opensource package being used in this project : com.microsoft.azure:adal4j

[vijeyanidhi]

Describe the bug

This opensource software is using an unsupported package com.microsoft.azure:adal4j https://github.com/AzureAD/azure-activedirectory-library-for-java which has been in maintenance in 2021 and archived in 2023.

the project has been shifted to https://github.com/AzureAD/microsoft-authentication-library-for-java should be used in this particular project instead of the older un maintained project artifact.

Client Version
20.0.0

Kubernetes Version
Not required here

Java Version
Java 8, 11, 17

To Reproduce
Steps to reproduce the behavior:

Expected behavior
A clear and concise description of what you expected to happen.

KubeConfig
If applicable, add a KubeConfig file with secrets redacted.

Server (please complete the following information):

• OS: [e.g. Linux]
• Environment [e.g. container]
• Cloud [e.g. Azure]

Additional context
Add any other context about the problem here.

[vijeyanidhi]

dependency tree

[INFO] +- io.kubernetes:client-java:jar:20.0.0:compile
[INFO] |  +- io.prometheus:simpleclient:jar:0.16.0:compile
[INFO] |  |  +- io.prometheus:simpleclient_tracer_otel:jar:0.16.0:compile
[INFO] |  |  |  \- io.prometheus:simpleclient_tracer_common:jar:0.16.0:compile
[INFO] |  |  \- io.prometheus:simpleclient_tracer_otel_agent:jar:0.16.0:compile
[INFO] |  +- io.prometheus:simpleclient_httpserver:jar:0.16.0:compile
[INFO] |  |  \- io.prometheus:simpleclient_common:jar:0.16.0:compile
[INFO] |  +- io.kubernetes:client-java-api:jar:20.0.0:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  |  +- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] |  |  +- io.swagger:swagger-annotations:jar:1.6.13:compile
[INFO] |  |  +- com.squareup.okhttp3:logging-interceptor:jar:4.10.0:compile
[INFO] |  |  \- io.gsonfire:gson-fire:jar:1.9.0:compile
[INFO] |  +- io.kubernetes:client-java-proto:jar:20.0.0:compile
[INFO] |  +- org.yaml:snakeyaml:jar:2.0:compile
[INFO] |  +- org.apache.commons:commons-compress:jar:1.21:compile
[INFO] |  +- org.slf4j:slf4j-api:jar:2.0.9:compile
[INFO] |  +- org.bouncycastle:bcpkix-jdk18on:jar:1.77:compile
[INFO] |  |  \- org.bouncycastle:bcutil-jdk18on:jar:1.77:compile
[INFO] |  +- com.microsoft.azure:adal4j:jar:1.6.7:compile
[INFO] |  |  \- com.nimbusds:oauth2-oidc-sdk:jar:9.4:compile
[INFO] |  |     +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] |  |     +- com.nimbusds:content-type:jar:2.1:compile
[INFO] |  |     +- com.nimbusds:lang-tag:jar:1.5:compile
[INFO] |  |     \- com.nimbusds:nimbus-jose-jwt:jar:9.8.1:compile

[vijeyanidhi]

https://mvnrepository.com/artifact/com.microsoft.azure/adal4j/1.6.7

last release was done in 2021 April

[brendandburns]

Given that this code is being deprecated in newer Kubernetes versions, we should consider just ripping out this code entirely.

[vijeyanidhi]

Given that this code is being deprecated in newer Kubernetes versions, we should consider just ripping out this code entirely.

so I am assuming this is going to be released in version 21 or version 22? and not anytime in this week?

[codefromthecrypt]

I took a look and also tried the migration guide. It isn't straight-forward and very likely to introduce bugs.

My recommendation would be to plan to remove the code using this dependency as @brendandburns mentioned, and do nothing about it otherwise. To do something otherwise would both require very strong rationale, and also be in concert with an actual user of this project and specifically the active directory component.

My 2p, and I'm not a maintainer, so take it for what it's worth.

[codefromthecrypt]

raised this to buy some time #3175

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.