[1.18] zeebe oauth support

[MyMirelHub]

Description

Adds OAuth 2.0 client-credentials support for the Zeebe bindings (zeebe.command and zeebe.jobworker), covering end-to-end: client wiring, metadata validation, documentation, and certification tests.

Changes

bindings/zeebe/client.go

• Extended ClientMetadata with OAuth fields: clientId, clientSecret, authorizationServerUrl, tokenAudience, tokenScope, clientConfigPath.
• Added validateOAuthMetadata() that returns a component-owned ErrInvalidOAuthMetadata error when only a subset of the required OAuth fields is set (requires clientId, clientSecret, authorizationServerUrl, and tokenAudience together).
• Clarified behavior: tokenScope and clientConfigPath are optional OAuth fields, but they are valid only when used alongside the required OAuth field set above.
• newCredentialsProvider() calls validation before building the Zeebe OAuthCredentialsProvider, with optional YAML credentials cache path support.

bindings/zeebe/client_test.go

• Added metadata parsing tests covering all new OAuth fields and their defaults.
• Added unit tests for newCredentialsProvider: no-op when OAuth is not configured, component-owned error (ErrorIs) when required fields are missing, success path with optional cache path.

bindings/zeebe/command/metadata.yaml / bindings/zeebe/jobworker/metadata.yaml

• Documented all new OAuth metadata fields.
• clientSecret marked sensitive: true.
• Field descriptions clarify which fields must be set together when OAuth is enabled.

bindings/zeebe/jobworker/jobworker.go

• GetComponentMetadata() now reflects both zeebe.ClientMetadata and jobWorkerMetadata via a composed componentMetadata type with mapstructure:",squash" tags, so OAuth/connection fields appear in runtime introspection alongside job-worker-specific fields.

tests/certification/bindings/zeebe/command/topology_oauth_test.go

• New certification test: starts an in-process OAuth mock server and runs the topology operation end-to-end through a Dapr sidecar, asserting token caching (only one OAuth request for two topology calls).

tests/certification/bindings/zeebe/jobworker/oauth_jobworker_test.go

• New certification test: validates the job-worker binding initializes and processes jobs correctly when OAuth metadata is configured.

Issue reference

Closes #4329

Checklist

• Code compiles correctly
• Created/updated tests (unit + certification)
• clientSecret marked sensitive: true in component metadata
• Component metadata descriptions clarify required OAuth field combinations
• Extended the documentation
  • Created the dapr/docs PR: Add OAuth configuration fields to Zeebe command and JobWorker binding docs#5106

Note: A corresponding dapr/docs PR will be opened to document the new OAuth metadata fields for bindings.zeebe.command and bindings.zeebe.jobworker.

[Copilot]

Pull request overview

Adds OAuth credential support for the Zeebe bindings client and covers it with unit + certification tests, along with updating component metadata docs to expose the new configuration knobs.

Changes:

• Extend ClientMetadata with OAuth settings and wire a Zeebe CredentialsProvider into client creation.
• Add unit tests for OAuth credentials provider creation/validation behavior.
• Add certification tests for OAuth-enabled Zeebe command and jobworker scenarios; update component metadata YAML for new OAuth fields.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
tests/certification/bindings/zeebe/jobworker/oauth_jobworker_test.go	New certification test validating jobworker behavior when OAuth metadata is configured.
tests/certification/bindings/zeebe/command/topology_oauth_test.go	New certification test validating command topology operation when OAuth metadata is configured.
bindings/zeebe/jobworker/metadata.yaml	Document new OAuth-related metadata options for the jobworker binding.
bindings/zeebe/command/metadata.yaml	Document new OAuth-related metadata options for the command binding (and fix missing type for CA cert).
bindings/zeebe/client.go	Add OAuth metadata fields and create/configure Zeebe OAuth credentials provider.
bindings/zeebe/client_test.go	Extend metadata parsing tests and add unit tests for OAuth provider creation behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.