NIFI-15930: Re-init Secrets from a Provider with Controller Service

[bobpaulin]

• Pre-Enable Parameter Provider Controller Services to ensure they are valid prior to secret resolution
• Enable Working Context to apply any changes in Connector Property Values and Resolved values to the Parameter Context of the Working Flow Context
• Warn when a parameter provider is not found

Summary

NIFI-15930

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

• Apache NiFi Jira issue created

Pull Request Tracking

• Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
• Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000
• Pull request contains commits signed with a registered key indicating Verified status

Pull Request Formatting

• Pull Request based on current revision of the main branch
• Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

• Build completed using ./mvnw clean install -P contrib-check
  • JDK 21
  • JDK 25

Licensing

• New dependencies are compatible with the Apache License 2.0 according to the License Policy
• New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

• Documentation formatting appears as expected in rendered files

[markap14]

Hey @bobpaulin thanks for looking into this. Looking at the code, I think we can probably simplify things quite a bit. In particular, we're picking and choosing which Controller Services we "pre-enable" and then handling those separately from the rest. I presume this is due to this comment in the code:

                // Inherit Parameter Providers and Connectors first. Because Connectors are a bit different, in that updates could result in Exceptions being thrown,
                // due to the fact that they manipulate the flow, and changes can be aborted, we handle them first. This way, if there's any Exception,
                // we can fail before updating parts of the flow that are not managed by Connectors.
                // Because Connectors may depend on Parameter Providers, we need to ensure that we inherit Parameter Providers first.

But I don't think this is really necessary. Instead, what if we just inherit the Controller Services before we inherit the Parameter Providers & Connectors? That comment was really more of a "let's do connectors first, just in case there are issues." So we'd avoid inheriting a Controller Service locally if there was a failure inheriting Connectors. At the time, it seemed like this was largely "free." But now, this approach introduces significant complexity and confusion because Controller Services are selectively handled here or there.

IMO, I think we should look at just inheriting the root-level Controller Services before Parameter Providers.

[exceptionfactory]

Concurring with @markap14, I agree that inheriting controller-level Controller Services before Parameter Providers should be a more straightforward way to go.