Bob Paulin created NIFI-15930:
---------------------------------
Summary: [Connectors] Ensure Secrets are loaded properly from a
Parameter Provider with Controller Service
Key: NIFI-15930
URL: https://issues.apache.org/jira/browse/NIFI-15930
Project: Apache NiFi
Issue Type: Improvement
Reporter: Bob Paulin
{{ParameterProviderSecretsManager.getSecretProviders()}} builds the provider
set by iterating the flow's parameter providers and _requiring each to be VALID_
On a restart this happens when the Working Context is rebuilt within the
VersionedFlowSynchronizer class
{{inheritParameterProviders}} only constructs the node and applies its
persisted properties It does not enable any Controller Service the provider
depends on. Controller services are not enabled until
{{{}inheritControllerServices{}}}, which runs after {{{}inheritConnectors{}}}.
Most parameter providers that back secrets in real deployments depend on
Controller Services for credentials.
Those services have not been enabled yet, so the parameter provider is
{{{}INVALID{}}}.
{{getSecretProviders()}} skips it; {{findProvider()}} returns {{{}null{}}};
{{secrets}} map back as {{null}} for every reference.
{{resolvePropertyValues}} produces {{{}StringLiteralValue(null){}}}.
The connector's {{onConfigurationStepConfigured}} runs against a config that
has nulls where the secrets should be, so the Parameter Context gets populated
with nulls (or empty strings).
We should enable the Root (Management) Controller Services prior to
inheritConnectors and then ensure that any updates get applied to the parameter
context.
Otherwise the UI makes it appear that a secret is configured however the value
is not present in the working flow context to allow it to be used.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
