[jira] [Resolved] (NIFI-15930) [Connectors] Ensure Secrets are loaded properly from a Parameter Provider with Controller Service

Thu, 14 May 2026 09:42:21 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-15930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Handermann resolved NIFI-15930.
-------------------------------------
    Fix Version/s: 2.10.0
         Assignee: Bob Paulin
       Resolution: Fixed

> [Connectors] Ensure Secrets are loaded properly from a Parameter Provider 
> with Controller Service
> -------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-15930
>                 URL: https://issues.apache.org/jira/browse/NIFI-15930
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Bob Paulin
>            Assignee: Bob Paulin
>            Priority: Major
>             Fix For: 2.10.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> {{ParameterProviderSecretsManager.getSecretProviders()}} builds the provider 
> set by iterating the flow's parameter providers and _requiring each to be 
> VALID_
>  
> On a restart this happens when the Working Context is rebuilt within the 
> VersionedFlowSynchronizer class
> {{inheritParameterProviders}} only constructs the node and applies its 
> persisted properties  It does not enable any Controller Service the provider 
> depends on. Controller services are not enabled until 
> {{{}inheritControllerServices{}}}, which runs after {{{}inheritConnectors{}}}.
>  
> Most parameter providers that back secrets in real deployments depend on 
> Controller Services for credentials.
> Those services have not been enabled yet, so the parameter provider is 
> {{{}INVALID{}}}.
> {{getSecretProviders()}} skips it; {{findProvider()}} returns {{{}null{}}}; 
> {{secrets}} map back as {{null}} for every reference.
> {{resolvePropertyValues}} produces {{{}StringLiteralValue(null){}}}.
> The connector's {{onConfigurationStepConfigured}} runs against a config that 
> has nulls where the secrets should be, so the Parameter Context gets 
> populated with nulls (or empty strings).
> We should enable the Root (Management) Controller Services prior to 
> inheritConnectors and then ensure that any updates get applied to the 
> parameter context.
> Otherwise the UI makes it appear that a secret is configured however the 
> value is not present in the working flow context to allow it to be used.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to