Skip to content

Remove EOL adal dependency and Azure auth provider #2507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 2 commits into
base: master
Choose a base branch
from
+0 −217
Open

Remove EOL adal dependency and Azure auth provider #2507

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e6f30ca
Initial plan
Copilot Jan 27, 2026
79944f9
Remove adal dependency and Azure authentication support
Copilot Jan 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 0 additions & 50 deletions kubernetes/base/config/kube_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,6 @@
from .config_exception import ConfigException
from .dateutil import UTC, format_rfc3339, parse_rfc3339

try:
import adal
except ImportError:
pass

try:
import google.auth
import google.auth.transport.requests
Expand Down Expand Up @@ -318,55 +313,10 @@ def _load_auth_provider_token(self):
return
if provider['name'] == 'gcp':
return self._load_gcp_token(provider)
if provider['name'] == 'azure':
return self._load_azure_token(provider)
if provider['name'] == 'oidc':
return self._load_oid_token(provider)

def _azure_is_expired(self, provider):
expires_on = provider['config']['expires-on']
if expires_on.isdigit():
return int(expires_on) < time.time()
else:
exp_time = time.strptime(expires_on, '%Y-%m-%d %H:%M:%S.%f')
return exp_time < time.gmtime()

def _load_azure_token(self, provider):
if 'config' not in provider:
return
if 'access-token' not in provider['config']:
return
if 'expires-on' in provider['config']:
if self._azure_is_expired(provider):
self._refresh_azure_token(provider['config'])
self.token = 'Bearer %s' % provider['config']['access-token']
return self.token

def _refresh_azure_token(self, config):
if 'adal' not in globals():
raise ImportError('refresh token error, adal library not imported')

tenant = config['tenant-id']
authority = 'https://login.microsoftonline.com/{}'.format(tenant)
context = adal.AuthenticationContext(
authority, validate_authority=True, api_version='1.0'
)
refresh_token = config['refresh-token']
client_id = config['client-id']
apiserver_id = '00000002-0000-0000-c000-000000000000'
try:
apiserver_id = config['apiserver-id']
except ConfigException:
# We've already set a default above
pass
token_response = context.acquire_token_with_refresh_token(
refresh_token, client_id, apiserver_id)

provider = self._user['auth-provider']['config']
provider.value['access-token'] = token_response['accessToken']
provider.value['expires-on'] = token_response['expiresOn']
if self._config_persister:
self._config_persister()

def _load_gcp_token(self, provider):
if (('config' not in provider) or
Expand Down
166 changes: 0 additions & 166 deletions kubernetes/base/config/kube_config_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,6 @@ def _raise_exception(st):

TEST_OIDC_CA = _base64(TEST_CERTIFICATE_AUTH)

TEST_AZURE_LOGIN = TEST_OIDC_LOGIN
TEST_AZURE_TOKEN = "test-azure-token"
TEST_AZURE_TOKEN_FULL = "Bearer " + TEST_AZURE_TOKEN


class BaseTestCase(unittest.TestCase):

Expand Down Expand Up @@ -464,41 +460,6 @@ class TestKubeConfigLoader(BaseTestCase):
"user": "oidc"
}
},
{
"name": "azure",
"context": {
"cluster": "default",
"user": "azure"
}
},
{
"name": "azure_num",
"context": {
"cluster": "default",
"user": "azure_num"
}
},
{
"name": "azure_str",
"context": {
"cluster": "default",
"user": "azure_str"
}
},
{
"name": "azure_num_error",
"context": {
"cluster": "default",
"user": "azure_str_error"
}
},
{
"name": "azure_str_error",
"context": {
"cluster": "default",
"user": "azure_str_error"
}
},
{
"name": "expired_oidc",
"context": {
Expand Down Expand Up @@ -739,94 +700,6 @@ class TestKubeConfigLoader(BaseTestCase):
}
}
},
{
"name": "azure",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "00000002-0000-0000-c000-"
"000000000000",
"environment": "AzurePublicCloud",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "azure_num",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "00000002-0000-0000-c000-"
"000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "156207275",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "azure_str",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "00000002-0000-0000-c000-"
"000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "2018-10-18 00:52:29.044727",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "azure_str_error",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "00000002-0000-0000-c000-"
"000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "2018-10-18 00:52",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "azure_num_error",
"user": {
"auth-provider": {
"config": {
"access-token": TEST_AZURE_TOKEN,
"apiserver-id": "00000002-0000-0000-c000-"
"000000000000",
"environment": "AzurePublicCloud",
"expires-in": "0",
"expires-on": "-1",
"refresh-token": "refreshToken",
"tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
},
"name": "azure"
}
}
},
{
"name": "expired_oidc",
"user": {
Expand Down Expand Up @@ -1193,45 +1066,6 @@ def test_oidc_fails_if_invalid_padding_length(self):
None,
)

def test_azure_no_refresh(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure",
)
self.assertTrue(loader._load_auth_provider_token())
self.assertEqual(TEST_AZURE_TOKEN_FULL, loader.token)

def test_azure_with_expired_num(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure_num",
)
provider = loader._user['auth-provider']
self.assertTrue(loader._azure_is_expired(provider))

def test_azure_with_expired_str(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure_str",
)
provider = loader._user['auth-provider']
self.assertTrue(loader._azure_is_expired(provider))

def test_azure_with_expired_str_error(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure_str_error",
)
provider = loader._user['auth-provider']
self.assertRaises(ValueError, loader._azure_is_expired, provider)

def test_azure_with_expired_int_error(self):
loader = KubeConfigLoader(
config_dict=self.TEST_KUBE_CONFIG,
active_context="azure_num_error",
)
provider = loader._user['auth-provider']
self.assertRaises(ValueError, loader._azure_is_expired, provider)

def test_user_pass(self):
expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN)
Expand Down
1 change: 0 additions & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
# http://pypi.python.org/pypi/setuptools

EXTRAS = {
'adal': ['adal>=1.0.2'],
'google-auth': ['google-auth>=1.0.1']
}
REQUIRES = []
Expand Down