[jira] [Commented] (NIFI-15648) Resolve SECRET property values before fetchAllowableValues and verify in working flow context

Wed, 25 Feb 2026 11:52:31 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-15648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18061154#comment-18061154
 ] 

ASF subversion and git services commented on NIFI-15648:
--------------------------------------------------------

Commit b32bf1fd52970c943ded63699d15b4a546acc572 in nifi's branch 
refs/heads/NIFI-15258 from Pierre Villard
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b32bf1fd52 ]

NIFI-15648 - Resolve SECRET property values before fetchAllowableValues and 
verify in working flow context


> Resolve SECRET property values before fetchAllowableValues and verify in 
> working flow context
> ---------------------------------------------------------------------------------------------
>
>                 Key: NIFI-15648
>                 URL: https://issues.apache.org/jira/browse/NIFI-15648
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Pierre Villard
>            Assignee: Pierre Villard
>            Priority: Major
>
> When a connector calls {*}fetchAllowableValues{*}, the working flow context's 
> *ConnectorConfigurationContext* may return *null* for properties with 
> {*}PropertyType.SECRET{*}. This occurs because at the time the working flow 
> context is cloned and *setProperties* resolves secrets, the backing 
> *ParameterProvider* may not yet be valid, causing 
> *ParameterProviderSecretsManager.getSecretProviders()* to return an empty 
> set. The secret resolution silently stores {*}null{*}, and there is no 
> subsequent re-resolution.
> This does not affect {*}verifyConfigurationStep{*}, which bypasses stored 
> resolved values by accepting explicit *propertyValueOverrides* from the UI 
> and creating a new context with *StringLiteralValue* entries.
> The fix adds *resolvePropertyValues()* calls in *StandardConnectorNode* 
> before delegating to the connector's *fetchAllowableValues* (both overloads) 
> and *verify* methods. This re-resolves *SecretReference* entries against the 
> *SecretsManager* at the point of need, when the *ParameterProvider* is 
> expected to be valid. This mirrors the existing pattern in {*}start(){*}, 
> which already calls *resolvePropertyValues()* on the active flow context 
> before starting the connector.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to