Skip to content

feat: add in-memory OAuth token cache for read-only containers#51

Open
maierthomas wants to merge 2 commits into
camunda-community-hub:mainfrom
maierthomas:feat/in-memory-token
Open

feat: add in-memory OAuth token cache for read-only containers#51
maierthomas wants to merge 2 commits into
camunda-community-hub:mainfrom
maierthomas:feat/in-memory-token

Conversation

@maierthomas

@maierthomas maierthomas commented Mar 25, 2026

Copy link
Copy Markdown

Description

Adds an in-memory OAuthCredentialsCache implementation that can be activated via the ZEEBE_CLIENT_DISK_CACHE_DISABLE environment variable. When set, the client uses an in-memory token cache instead of persisting credentials to ~/.camunda/credentials.

Additional context

When running Zeebe clients in containers with read-only filesystems (readOnlyRootFilesystem: true in Kubernetes), the default YAML-based credentials cache fails because it cannot create or write to the cache file.
While a custom OAuthCredentialsCache can be injected programmatically via OAuthProviderConfig.Cache, an environment variable toggle is simpler for container deployments.

Note: If a custom cache is explicitly passed via OAuthProviderConfig.Cache, the environment variable is ignored.

Testing changes

  • 3 new unit tests for the in-memory cache (TestInMemoryCacheGetAndUpdate, TestInMemoryCacheRefreshIsNoOp, TestInMemoryCacheGetMiss)
  • 2 new integration tests for env var wiring (TestInMemoryCacheUsedWhenEnvSet, TestYamlCacheUsedWhenEnvNotSet)
  • All existing tests pass: go test ./pkg/zbc/...
  • go vet ./pkg/zbc/... clean

Types of changes

  • Bug fix (non-breaking change which fixes an existing open issue)
  • New feature (non-breaking change which adds functionality to an extension)
  • Breaking change (fix or feature that would cause existing functionality of an extension to change)
  • Documentation update (changes made to an existing piece of documentation)

Checklist:

  • My code adheres to the syntax used by this extension.
  • My pull request requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the Camunda Community Hub documentation.
  • I have read the Pull Request Process documentation.
  • I have added or suggested tests to cover my changes suggested in this pull request.
  • All new and existing CI/CD tests passed.
  • I will tag @/camunda-community-hub/devrel in a new comment on this issue if 30 days have passed since my pull request was opened and I have not received a response from the extension's maintainer.

maierthomas and others added 2 commits March 25, 2026 11:53
When running in containers with read-only filesystems, the default
disk-based credentials cache fails. This adds an in-memory alternative
activated via the CAMUNDA_TOKEN_DISK_CACHE_DISABLE environment variable,
consistent with the Node.js Zeebe SDK implementation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use ZEEBE_ prefix for consistency with all other environment
variables in this project.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@CLAassistant

CLAassistant commented Mar 25, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants