[
https://issues.apache.org/jira/browse/NIFI-15648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard updated NIFI-15648:
----------------------------------
Status: Patch Available (was: Open)
> Resolve SECRET property values before fetchAllowableValues and verify in
> working flow context
> ---------------------------------------------------------------------------------------------
>
> Key: NIFI-15648
> URL: https://issues.apache.org/jira/browse/NIFI-15648
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Major
>
> When a connector calls {*}fetchAllowableValues{*}, the working flow context's
> *ConnectorConfigurationContext* may return *null* for properties with
> {*}PropertyType.SECRET{*}. This occurs because at the time the working flow
> context is cloned and *setProperties* resolves secrets, the backing
> *ParameterProvider* may not yet be valid, causing
> *ParameterProviderSecretsManager.getSecretProviders()* to return an empty
> set. The secret resolution silently stores {*}null{*}, and there is no
> subsequent re-resolution.
> This does not affect {*}verifyConfigurationStep{*}, which bypasses stored
> resolved values by accepting explicit *propertyValueOverrides* from the UI
> and creating a new context with *StringLiteralValue* entries.
> The fix adds *resolvePropertyValues()* calls in *StandardConnectorNode*
> before delegating to the connector's *fetchAllowableValues* (both overloads)
> and *verify* methods. This re-resolves *SecretReference* entries against the
> *SecretsManager* at the point of need, when the *ParameterProvider* is
> expected to be valid. This mirrors the existing pattern in {*}start(){*},
> which already calls *resolvePropertyValues()* on the active flow context
> before starting the connector.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
