(nifi) branch main updated: NIFI-15320 AwsSecretsManagerParameterProvider should retrieve non-string parameters (#10624)

Thu, 11 Dec 2025 10:27:07 -0800 

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 0b9b2b249b7 NIFI-15320 AwsSecretsManagerParameterProvider should 
retrieve non-string parameters (#10624)
0b9b2b249b7 is described below

commit 0b9b2b249b71a5a3f0e3f8cca3a7f7e058739f17
Author: Pierre Villard <[email protected]>
AuthorDate: Thu Dec 11 19:26:22 2025 +0100

    NIFI-15320 AwsSecretsManagerParameterProvider should retrieve non-string 
parameters (#10624)
    
    Signed-off-by: David Handermann <[email protected]>
---
 .../aws/AwsSecretsManagerParameterProvider.java    |  7 +--
 .../TestAwsSecretsManagerParameterProvider.java    | 53 ++++++++++++++++++++++
 .../AwsSecretsManagerParameterValueProvider.java   |  6 ++-
 .../TestSecretsManagerParameterValueProvider.java  | 35 ++++++++++++++
 4 files changed, 97 insertions(+), 4 deletions(-)

diff --git 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
index db02c50c836..9bd54e89a49 100644
--- 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
+++ 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/main/java/org/apache/nifi/parameter/aws/AwsSecretsManagerParameterProvider.java
@@ -282,11 +282,12 @@ public class AwsSecretsManagerParameterProvider extends 
AbstractParameterProvide
 
             for (final Map.Entry<String, JsonNode> field : 
secretObject.properties()) {
                 final String parameterName = field.getKey();
-                final String parameterValue = field.getValue().textValue();
-                if (parameterValue == null) {
-                    getLogger().debug("Secret [{}] Parameter [{}] has no 
value", secretName, parameterName);
+                final JsonNode valueNode = field.getValue();
+                if (!valueNode.isValueNode() || valueNode.isNull()) {
+                    getLogger().debug("Secret [{}] Parameter [{}] is null or 
not a supported value type", secretName, parameterName);
                     continue;
                 }
+                final String parameterValue = valueNode.asText();
 
                 parameters.add(createParameter(parameterName, parameterValue));
             }
diff --git 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
index a71549dff1d..da913ffcf98 100644
--- 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
+++ 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-providers/src/test/java/org/apache/nifi/parameter/aws/TestAwsSecretsManagerParameterProvider.java
@@ -130,6 +130,59 @@ public class TestAwsSecretsManagerParameterProvider {
         runProviderTest(defaultSecretsManager, 0, 
ConfigVerificationResult.Outcome.FAILED, "PATTERN", null);
     }
 
+    @Test
+    public void testFetchParametersWithNonStringValues() throws 
InitializationException {
+        // JSON with string, number, boolean, and null values
+        final String secretString = "{ \"stringParam\": \"stringValue\", 
\"numberParam\": 5432, \"booleanParam\": true, \"nullParam\": null }";
+
+        final SecretsManagerClient secretsManager = 
mock(SecretsManagerClient.class);
+        final GetSecretValueResponse response = 
GetSecretValueResponse.builder()
+                .name("MixedSecret")
+                .secretString(secretString)
+                .build();
+        
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest("MixedSecret")))).thenReturn(response);
+
+        final List<ParameterGroup> parameterGroups = 
runProviderTest(secretsManager, 3, ConfigVerificationResult.Outcome.SUCCESSFUL, 
"ENUMERATION", "MixedSecret");
+
+        assertEquals(1, parameterGroups.size());
+        final ParameterGroup group = parameterGroups.get(0);
+        assertEquals("MixedSecret", group.getGroupName());
+
+        final Map<String, String> parameterValues = 
group.getParameters().stream()
+                .collect(Collectors.toMap(p -> p.getDescriptor().getName(), 
Parameter::getValue));
+
+        assertEquals("stringValue", parameterValues.get("stringParam"));
+        assertEquals("5432", parameterValues.get("numberParam"));
+        assertEquals("true", parameterValues.get("booleanParam"));
+        // nullParam should not be included
+        assertEquals(3, parameterValues.size());
+    }
+
+    @Test
+    public void testFetchParametersWithNestedObjectsIgnored() throws 
InitializationException {
+        // JSON with nested objects and arrays that should be ignored
+        final String secretString = "{ \"validParam\": \"validValue\", 
\"nestedObject\": { \"inner\": \"value\" }, \"arrayParam\": [1, 2, 3] }";
+
+        final SecretsManagerClient secretsManager = 
mock(SecretsManagerClient.class);
+        final GetSecretValueResponse response = 
GetSecretValueResponse.builder()
+                .name("NestedSecret")
+                .secretString(secretString)
+                .build();
+        
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest("NestedSecret")))).thenReturn(response);
+
+        final List<ParameterGroup> parameterGroups = 
runProviderTest(secretsManager, 1, ConfigVerificationResult.Outcome.SUCCESSFUL, 
"ENUMERATION", "NestedSecret");
+
+        assertEquals(1, parameterGroups.size());
+        final ParameterGroup group = parameterGroups.get(0);
+
+        final Map<String, String> parameterValues = 
group.getParameters().stream()
+                .collect(Collectors.toMap(p -> p.getDescriptor().getName(), 
Parameter::getValue));
+
+        // Only the simple value param should be included
+        assertEquals(1, parameterValues.size());
+        assertEquals("validValue", parameterValues.get("validParam"));
+    }
+
     private AwsSecretsManagerParameterProvider getParameterProvider() {
         return spy(new AwsSecretsManagerParameterProvider());
     }
diff --git 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
index 6701418a5c1..7dac4d47248 100644
--- 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
+++ 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/main/java/org/apache/nifi/stateless/parameter/AwsSecretsManagerParameterValueProvider.java
@@ -118,8 +118,12 @@ public class AwsSecretsManagerParameterValueProvider 
extends AbstractSecretBased
                 logger.debug("Parameter [{}] not found", parameterName);
                 return null;
             }
+            if (!parameter.isValueNode() || parameter.isNull()) {
+                logger.debug("Parameter [{}] is null or not a supported value 
type", parameterName);
+                return null;
+            }
 
-            return parameter.textValue();
+            return parameter.asText();
         } catch (final JsonProcessingException e) {
             throw new IllegalArgumentException(String.format("Secret String 
for [%s] could not be parsed", parameterName), e);
         }
diff --git 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
index 25489bc5634..4341541c512 100644
--- 
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
+++ 
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-parameter-value-providers/src/test/java/org/apache/nifi/stateless/parameter/TestSecretsManagerParameterValueProvider.java
@@ -122,6 +122,34 @@ public class TestSecretsManagerParameterValueProvider {
         assertNull(provider.getParameterValue("Does not exist", PARAMETER));
     }
 
+    @Test
+    public void testGetParameterValueWithNonStringValues() {
+        // JSON with string, number, boolean, and null values
+        final String secretString = "{ \"stringParam\": \"stringValue\", 
\"numberParam\": 5432, \"booleanParam\": true, \"nullParam\": null }";
+        mockGetSecretValueWithRawJson("MixedSecret", secretString);
+
+        provider.init(createContext(CONFIG_FILE, null, 
Collections.emptyMap()));
+
+        assertEquals("stringValue", provider.getParameterValue("MixedSecret", 
"stringParam"));
+        assertEquals("5432", provider.getParameterValue("MixedSecret", 
"numberParam"));
+        assertEquals("true", provider.getParameterValue("MixedSecret", 
"booleanParam"));
+        assertNull(provider.getParameterValue("MixedSecret", "nullParam"));
+    }
+
+    @Test
+    public void testGetParameterValueWithNestedObjectsReturnsNull() {
+        // JSON with nested objects and arrays that should return null
+        final String secretString = "{ \"validParam\": \"validValue\", 
\"nestedObject\": { \"inner\": \"value\" }, \"arrayParam\": [1, 2, 3] }";
+        mockGetSecretValueWithRawJson("NestedSecret", secretString);
+
+        provider.init(createContext(CONFIG_FILE, null, 
Collections.emptyMap()));
+
+        assertEquals("validValue", provider.getParameterValue("NestedSecret", 
"validParam"));
+        // Nested objects and arrays should return null
+        assertNull(provider.getParameterValue("NestedSecret", "nestedObject"));
+        assertNull(provider.getParameterValue("NestedSecret", "arrayParam"));
+    }
+
     private void runGetParameterValueTest(final String configFileName) throws 
JsonProcessingException {
         runGetParameterValueTest(CONTEXT, PARAMETER, configFileName);
     }
@@ -155,6 +183,13 @@ public class TestSecretsManagerParameterValueProvider {
         }
     }
 
+    private void mockGetSecretValueWithRawJson(final String context, final 
String rawJsonSecretString) {
+        final GetSecretValueResponse response = 
GetSecretValueResponse.builder()
+                .secretString(rawJsonSecretString)
+                .build();
+        
when(secretsManager.getSecretValue(argThat(matchesGetSecretValueRequest(context)))).thenReturn(response);
+    }
+
     private static String getSecretName(final String context) {
         return context == null ? DEFAULT_SECRET_NAME : context;
     }

Reply via email to