[BUG] Azure Java libs gets several dependencies creating conflicts

[purijatin]

Describe the bug

I find Azure SDK Java libs pretty demanding. It has been a constant pain point.

In a larger project, the role of Azure-SDK is not core to what one is trying to build. But quite often it plays a spoilt-sport in creating conflicts, as it brings along several dependencies.

Let's say when we pull in: azure-identity, you can look at the number of dependencies it gets along: https://mvnrepository.com/artifact/com.azure/azure-identity/1.4.3 . It fetches 30+ dependencies to include some popular ones like Netty (and family), Jackson, Guava. These are pretty well-known libraries and usually create conflicts.

This makes us force-fit the above libs versions in our app, to be compatible against what Azure java libs get. And sometimes it is not feasible.

I understand Azure-SDK has tried mitigating problems by releasing BOM. BOM resolves issues within azure's own jars. But in a larger project, where similar dependencies are also fetched, it becomes really difficult to resolve conflicts (particularly netty and jackson related ones). Some of these issues would not have occurred if these dependencies weren't used (Simple ones like Guava, to begin with, are completely avoidable). In fact, Azure's own libs are not very compatible with each other (check references).

Let's do a comparison against AWS.

Name	Number of Dependencies
aws-java-sdk-core	11
azure-storage-blob	31

attached is dependency tree for both (dependencyList.txt)

Suggestion: Minimize external dependencies. Make it lean. Get rid of Netty/jackson and use something else instead. It will increase the adoption.

References:

Some of the challenges that we have faced with Azure Java Libs:

1. [BUG] Jackson issues with Azure SDK when run on Azure Synapse Analytics #25734 (comment)
2. Synapse due to netty conflicts because of its own dependency. io.netty.handler.ssl.SslProvider can be found at netty-all-4.1.51.Final.jar and TokenLibrary-assembly-1.0.jar . Both are available at runtime, so there is nothing we can do
3. Synapse Runtime is not compatible with several azure libs like EventGrid etc.
4. Cases where azure-analytics-synapse-spark is neither compatible with azure-sdk-bom 1.0.6​ nor 1.1.0​.
5. Guava and azure-core-http-netty conflicts here: https://stackoverflow.com/a/70738201/894565

Common cause in some of the conflicts above: Netty.

[joshfree]

Thank you so much for sharing this, @purijatin. @pallavit could you follow up with @purijatin on the challenges and suggestions above?

[rajmadhu]

I agree. Azure Java libs are a pain in large projects. Frustrating to use.

[tinolazreg]

We are also seeing major issues caused by this, and Netty is often the culprit.

[troyhofeling]

Is there some resolution? I am trying to use the Azure libs for Java to use Event Hubs Schema Registry but after hours of various versions of a handful of azure libraries it always ends in a failed Maven build (Stack Overflow error). It seems like there is some endless dependency recursion.

[github-actions]

Hi @purijatin, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.