feat: add in-memory OAuth token cache for read-only containers#51
Open
maierthomas wants to merge 2 commits into
Open
feat: add in-memory OAuth token cache for read-only containers#51maierthomas wants to merge 2 commits into
maierthomas wants to merge 2 commits into
Conversation
When running in containers with read-only filesystems, the default disk-based credentials cache fails. This adds an in-memory alternative activated via the CAMUNDA_TOKEN_DISK_CACHE_DISABLE environment variable, consistent with the Node.js Zeebe SDK implementation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use ZEEBE_ prefix for consistency with all other environment variables in this project. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds an in-memory
OAuthCredentialsCacheimplementation that can be activated via theZEEBE_CLIENT_DISK_CACHE_DISABLEenvironment variable. When set, the client uses an in-memory token cache instead of persisting credentials to~/.camunda/credentials.Additional context
When running Zeebe clients in containers with read-only filesystems (
readOnlyRootFilesystem: truein Kubernetes), the default YAML-based credentials cache fails because it cannot create or write to the cache file.While a custom
OAuthCredentialsCachecan be injected programmatically viaOAuthProviderConfig.Cache, an environment variable toggle is simpler for container deployments.Note: If a custom cache is explicitly passed via
OAuthProviderConfig.Cache, the environment variable is ignored.Testing changes
TestInMemoryCacheGetAndUpdate,TestInMemoryCacheRefreshIsNoOp,TestInMemoryCacheGetMiss)TestInMemoryCacheUsedWhenEnvSet,TestYamlCacheUsedWhenEnvNotSet)go test ./pkg/zbc/...go vet ./pkg/zbc/...cleanTypes of changes
Checklist: