Hi all, seeing strange behaviour with newer Jenkins image versions, API tokens, and Jenkins on Kubernetes. We're using the Jenkins helm chart and API tokens so that our own microservice can talk to it - we've noticed a problem when upgrading the base Jenkins image beyond 2.153 however. It seems our tokens are invalidated after the Jenkins pod terminates. Any version before this and our API tokens are fine (so we can do a wget from our pod to the jenkins service for example) but with newer versions it's always reporting an invalid password. I'd really like to up the Jenkins base version as I see lots of bug fixes and CVE fixes at the Jenkins changelog. Unfortunately jenkins/jenkins:lts has the same problem for us.
I know the API token behaviour changed many releases ago and so I'm wondering if any other internals have changed that could be causing this? I know If I create a new API token using the UI, I can use that completely fine, but we want to reuse the same token inbetween Jenkins restarts. Has anybody seen this also? Our requests were previously working with the following code, an example being wget http://admin:atokenhere@my-jenkins:8080/user/admin/configure <http://admin:be652e0e60b0af067c2b54cd04720df3@microclimate-jenkins:8080/user/admin/configure> Constructed with the pattern (in our Go code): url := strings.Split(jenkinsURL, "://")[0] + "://" + jenkinsUser + ":" + seedAPIToken + "@" + strings.Split(jenkinsURL, "://")[1] + "/user/admin/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken?newTokenName=temporary" req, err := http.NewRequest("POST", url, nil) I know of curl -X POST -s -u admin:$PASS -H `curl -s -u admin:$PASS $URL'crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'` $URL'me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken' | jq -r .data.tokenValue via https://github.com/jenkins-x/jx/pull/2459 so I'm going to give this a try as well. Would be great to figure out what exactly has changed and if the above is considered best practice, thanks! -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/503be664-33a3-40d9-aad6-f0b85d608fd3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
