[
https://issues.apache.org/jira/browse/NIFI-15930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18080942#comment-18080942
]
ASF subversion and git services commented on NIFI-15930:
--------------------------------------------------------
Commit c9ec26629e34dd1da5fe539af285ddf8a4b6f089 in nifi's branch
refs/heads/main from Bob Paulin
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c9ec26629e3 ]
NIFI-15930 Inherited Controller Services before Parameter Providers for Secrets
(#11252)
- Moved inherit Controller Services before inherit Parameter Providers
- Enable Working Context to apply any changes in Connector Property Values and
Resolved values to the Parameter Context of the Working Flow Context
- Warn when a parameter provider is not found
Signed-off-by: David Handermann <[email protected]>
> [Connectors] Ensure Secrets are loaded properly from a Parameter Provider
> with Controller Service
> -------------------------------------------------------------------------------------------------
>
> Key: NIFI-15930
> URL: https://issues.apache.org/jira/browse/NIFI-15930
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Bob Paulin
> Priority: Major
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> {{ParameterProviderSecretsManager.getSecretProviders()}} builds the provider
> set by iterating the flow's parameter providers and _requiring each to be
> VALID_
>
> On a restart this happens when the Working Context is rebuilt within the
> VersionedFlowSynchronizer class
> {{inheritParameterProviders}} only constructs the node and applies its
> persisted properties It does not enable any Controller Service the provider
> depends on. Controller services are not enabled until
> {{{}inheritControllerServices{}}}, which runs after {{{}inheritConnectors{}}}.
>
> Most parameter providers that back secrets in real deployments depend on
> Controller Services for credentials.
> Those services have not been enabled yet, so the parameter provider is
> {{{}INVALID{}}}.
> {{getSecretProviders()}} skips it; {{findProvider()}} returns {{{}null{}}};
> {{secrets}} map back as {{null}} for every reference.
> {{resolvePropertyValues}} produces {{{}StringLiteralValue(null){}}}.
> The connector's {{onConfigurationStepConfigured}} runs against a config that
> has nulls where the secrets should be, so the Parameter Context gets
> populated with nulls (or empty strings).
> We should enable the Root (Management) Controller Services prior to
> inheritConnectors and then ensure that any updates get applied to the
> parameter context.
> Otherwise the UI makes it appear that a secret is configured however the
> value is not present in the working flow context to allow it to be used.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
