Pierre Villard created NIFI-15648:
-------------------------------------
Summary: Resolve SECRET property values before
fetchAllowableValues and verify in working flow context
Key: NIFI-15648
URL: https://issues.apache.org/jira/browse/NIFI-15648
Project: Apache NiFi
Issue Type: Bug
Reporter: Pierre Villard
Assignee: Pierre Villard
When a connector calls {*}fetchAllowableValues{*}, the working flow context's
*ConnectorConfigurationContext* may return *null* for properties with
{*}PropertyType.SECRET{*}. This occurs because at the time the working flow
context is cloned and *setProperties* resolves secrets, the backing
*ParameterProvider* may not yet be valid, causing
*ParameterProviderSecretsManager.getSecretProviders()* to return an empty set.
The secret resolution silently stores {*}null{*}, and there is no subsequent
re-resolution.
This does not affect {*}verifyConfigurationStep{*}, which bypasses stored
resolved values by accepting explicit *propertyValueOverrides* from the UI and
creating a new context with *StringLiteralValue* entries.
The fix adds *resolvePropertyValues()* calls in *StandardConnectorNode* before
delegating to the connector's *fetchAllowableValues* (both overloads) and
*verify* methods. This re-resolves *SecretReference* entries against the
*SecretsManager* at the point of need, when the *ParameterProvider* is expected
to be valid. This mirrors the existing pattern in {*}start(){*}, which already
calls *resolvePropertyValues()* on the active flow context before starting the
connector.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
