Merge pull request #2507 from kubernetes-client/copilot/remove-adal-dependency

Remove EOL adal dependency and Azure auth provider

Author: k8s-ci-robot

kubernetes/base/config/kube_config.py

@@ -37,11 +37,6 @@
 from .config_exception import ConfigException
 from .dateutil import UTC, format_rfc3339, parse_rfc3339
 
-try:
-    import adal
-except ImportError:
-    pass
-
 try:
     import google.auth
     import google.auth.transport.requests
@@ -318,55 +313,10 @@ def _load_auth_provider_token(self):
             return
         if provider['name'] == 'gcp':
             return self._load_gcp_token(provider)
-        if provider['name'] == 'azure':
-            return self._load_azure_token(provider)
         if provider['name'] == 'oidc':
             return self._load_oid_token(provider)
 
-    def _azure_is_expired(self, provider):
-        expires_on = provider['config']['expires-on']
-        if expires_on.isdigit():
-            return int(expires_on) < time.time()
-        else:
-            exp_time = time.strptime(expires_on, '%Y-%m-%d %H:%M:%S.%f')
-            return exp_time < time.gmtime()
-
-    def _load_azure_token(self, provider):
-        if 'config' not in provider:
-            return
-        if 'access-token' not in provider['config']:
-            return
-        if 'expires-on' in provider['config']:
-            if self._azure_is_expired(provider):
-                self._refresh_azure_token(provider['config'])
-        self.token = 'Bearer %s' % provider['config']['access-token']
-        return self.token
 
-    def _refresh_azure_token(self, config):
-        if 'adal' not in globals():
-            raise ImportError('refresh token error, adal library not imported')
-
-        tenant = config['tenant-id']
-        authority = 'https://login.microsoftonline.com/{}'.format(tenant)
-        context = adal.AuthenticationContext(
-            authority, validate_authority=True, api_version='1.0'
-        )
-        refresh_token = config['refresh-token']
-        client_id = config['client-id']
-        apiserver_id = '00000002-0000-0000-c000-000000000000'
-        try:
-            apiserver_id = config['apiserver-id']
-        except ConfigException:
-            # We've already set a default above
-            pass
-        token_response = context.acquire_token_with_refresh_token(
-            refresh_token, client_id, apiserver_id)
-
-        provider = self._user['auth-provider']['config']
-        provider.value['access-token'] = token_response['accessToken']
-        provider.value['expires-on'] = token_response['expiresOn']
-        if self._config_persister:
-            self._config_persister()
 
     def _load_gcp_token(self, provider):
         if (('config' not in provider) or

kubernetes/base/config/kube_config_test.py

@@ -135,10 +135,6 @@ def _raise_exception(st):
 
 TEST_OIDC_CA = _base64(TEST_CERTIFICATE_AUTH)
 
-TEST_AZURE_LOGIN = TEST_OIDC_LOGIN
-TEST_AZURE_TOKEN = "test-azure-token"
-TEST_AZURE_TOKEN_FULL = "Bearer " + TEST_AZURE_TOKEN
-
 
 class BaseTestCase(unittest.TestCase):
 
@@ -464,41 +460,6 @@ class TestKubeConfigLoader(BaseTestCase):
                     "user": "oidc"
                 }
             },
-            {
-                "name": "azure",
-                "context": {
-                    "cluster": "default",
-                    "user": "azure"
-                }
-            },
-            {
-                "name": "azure_num",
-                "context": {
-                    "cluster": "default",
-                    "user": "azure_num"
-                }
-            },
-            {
-                "name": "azure_str",
-                "context": {
-                    "cluster": "default",
-                    "user": "azure_str"
-                }
-            },
-            {
-                "name": "azure_num_error",
-                "context": {
-                    "cluster": "default",
-                    "user": "azure_str_error"
-                }
-            },
-            {
-                "name": "azure_str_error",
-                "context": {
-                    "cluster": "default",
-                    "user": "azure_str_error"
-                }
-            },
             {
                 "name": "expired_oidc",
                 "context": {
@@ -739,94 +700,6 @@ class TestKubeConfigLoader(BaseTestCase):
                     }
                 }
             },
-            {
-                "name": "azure",
-                "user": {
-                    "auth-provider": {
-                        "config": {
-                            "access-token": TEST_AZURE_TOKEN,
-                            "apiserver-id": "00000002-0000-0000-c000-"
-                                            "000000000000",
-                            "environment": "AzurePublicCloud",
-                            "refresh-token": "refreshToken",
-                            "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
-                        },
-                        "name": "azure"
-                    }
-                }
-            },
-            {
-                "name": "azure_num",
-                "user": {
-                    "auth-provider": {
-                        "config": {
-                            "access-token": TEST_AZURE_TOKEN,
-                            "apiserver-id": "00000002-0000-0000-c000-"
-                                            "000000000000",
-                            "environment": "AzurePublicCloud",
-                            "expires-in": "0",
-                            "expires-on": "156207275",
-                            "refresh-token": "refreshToken",
-                            "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
-                        },
-                        "name": "azure"
-                    }
-                }
-            },
-            {
-                "name": "azure_str",
-                "user": {
-                    "auth-provider": {
-                        "config": {
-                            "access-token": TEST_AZURE_TOKEN,
-                            "apiserver-id": "00000002-0000-0000-c000-"
-                                            "000000000000",
-                            "environment": "AzurePublicCloud",
-                            "expires-in": "0",
-                            "expires-on": "2018-10-18 00:52:29.044727",
-                            "refresh-token": "refreshToken",
-                            "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
-                        },
-                        "name": "azure"
-                    }
-                }
-            },
-            {
-                "name": "azure_str_error",
-                "user": {
-                    "auth-provider": {
-                        "config": {
-                            "access-token": TEST_AZURE_TOKEN,
-                            "apiserver-id": "00000002-0000-0000-c000-"
-                                            "000000000000",
-                            "environment": "AzurePublicCloud",
-                            "expires-in": "0",
-                            "expires-on": "2018-10-18 00:52",
-                            "refresh-token": "refreshToken",
-                            "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
-                        },
-                        "name": "azure"
-                    }
-                }
-            },
-            {
-                "name": "azure_num_error",
-                "user": {
-                    "auth-provider": {
-                        "config": {
-                            "access-token": TEST_AZURE_TOKEN,
-                            "apiserver-id": "00000002-0000-0000-c000-"
-                                            "000000000000",
-                            "environment": "AzurePublicCloud",
-                            "expires-in": "0",
-                            "expires-on": "-1",
-                            "refresh-token": "refreshToken",
-                            "tenant-id": "9d2ac018-e843-4e14-9e2b-4e0ddac75433"
-                        },
-                        "name": "azure"
-                    }
-                }
-            },
             {
                 "name": "expired_oidc",
                 "user": {
@@ -1193,45 +1066,6 @@ def test_oidc_fails_if_invalid_padding_length(self):
             None,
         )
 
-    def test_azure_no_refresh(self):
-        loader = KubeConfigLoader(
-            config_dict=self.TEST_KUBE_CONFIG,
-            active_context="azure",
-        )
-        self.assertTrue(loader._load_auth_provider_token())
-        self.assertEqual(TEST_AZURE_TOKEN_FULL, loader.token)
-
-    def test_azure_with_expired_num(self):
-        loader = KubeConfigLoader(
-            config_dict=self.TEST_KUBE_CONFIG,
-            active_context="azure_num",
-        )
-        provider = loader._user['auth-provider']
-        self.assertTrue(loader._azure_is_expired(provider))
-
-    def test_azure_with_expired_str(self):
-        loader = KubeConfigLoader(
-            config_dict=self.TEST_KUBE_CONFIG,
-            active_context="azure_str",
-        )
-        provider = loader._user['auth-provider']
-        self.assertTrue(loader._azure_is_expired(provider))
-
-    def test_azure_with_expired_str_error(self):
-        loader = KubeConfigLoader(
-            config_dict=self.TEST_KUBE_CONFIG,
-            active_context="azure_str_error",
-        )
-        provider = loader._user['auth-provider']
-        self.assertRaises(ValueError, loader._azure_is_expired, provider)
-
-    def test_azure_with_expired_int_error(self):
-        loader = KubeConfigLoader(
-            config_dict=self.TEST_KUBE_CONFIG,
-            active_context="azure_num_error",
-        )
-        provider = loader._user['auth-provider']
-        self.assertRaises(ValueError, loader._azure_is_expired, provider)
 
     def test_user_pass(self):
         expected = FakeConfig(host=TEST_HOST, token=TEST_BASIC_TOKEN)

setup.py

@@ -28,7 +28,6 @@
 # http://pypi.python.org/pypi/setuptools
 
 EXTRAS = {
-    'adal': ['adal>=1.0.2'],
     'google-auth': ['google-auth>=1.0.1']
 }
 REQUIRES = []