Issue
Legacy API tokens do not get removed in the Client Masters or Managed Masters.
Environment
- CloudBees CI (CloudBees Core)
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
- CloudBees CI (CloudBees Core) on traditional platforms - Client Master
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
- CloudBees Jenkins Enterprise
- CloudBees Jenkins Enterprise - Managed Master
- CloudBees Jenkins Enterprise - Operations Center
- CloudBees Jenkins Platform - Client Master
- CloudBees Jenkins Platform - Operations Center
Resolution
After upgrading Operations Center (OC), Managed Masters (MM) or Client Masters (CM) to 2.129+ and removing all the previous API tokens in either MMs and/or CMs following Security Hardening: New API token system in Jenkins 2.129+, the legacy API tokens appears again.
The Legacy API token clean up must be performed firstly in Operations Center as there is an users synchronization between OC and CMs/MMs which will overwrite what was performed at CM/MM level. After the Legacy API token clean up at OC level, you might want not to wait for the synchronization to happen and perform the clean up at CM at MM as well.
0 Comments