I'm using hudson v2.2.0 as a tool for build and deploy. Currently the authentication/authorisation is controlled by hudson's internal user-database. This has to change : LDAP has to be used for this in the future.
Some procedures (shell-scripts) use the HUDSON_USER environment variable to control parts of the flow (a bit wacky, I know). The fastest way to 'transform' the processes is to use the LDAP-roles for the same purpose (or is it?).
Question: how do I get the scripts to identify which role (or roles) the user has?
The LDAP authentication can control hudson, can information resulting from that be passed on to shell-scripts that are run by the hudson-jobs?
Winston Prakash Messages: 534 Registered: August 2011 Location: Fremont, CA USA
If you go to the <hudson-url>/systemInfo you will see HUDSOn_USER is listed as part of Environment Variables. Only these variables are passed. If you need to pass your own, then you have to parametrized the job (wiki.hudson-ci.org/display/HUDSON/Parameterized+Build).
Unless you have written your BuildWrapper (through your own plugin) which passes specific environment variable, by default, I don't think Hudson would pass environment variable such as LDAP roles to job builds
Thanks for your answer. The 'standard environment variables' I already was aware of. What you sketch (building my own hudson plugin) might be an option for the future, but is way to advanced for this moment .
We have implemented a kind of workaround (or maybe it is just the right way to do it!) by having a set of hudson-jobs for each LDAP authorisation group. These are tuned to the use for that group. That way there is no need for passing on the LDAB-group name to the underlying scripts.