hbactest was not collecting or returning messages

hbactest does a number of internal searches, one of which can exceed the configured sizelimit: hbacrule-find Collect any messages returned from thsi call and display them to the user on the cli. Fixes: https://pagure.io/freeipa/issue/9486 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2023-11-27 16:11:08 -05:00
parent dc2ab91681
commit 48846e98e5
2 changed files with 13 additions and 3 deletions
--- a/ipaclient/plugins/hbactest.py
+++ b/ipaclient/plugins/hbactest.py
@@ -38,6 +38,8 @@ class hbactest(CommandOverride):
        # Note that we don't actually use --detail below to see if details need
        # to be printed as our execute() method will return None for corresponding
        # entries and None entries will be skipped.
+        self.log_messages(output)
+
        for o in self.output:
            if o == 'value':
                continue
--- a/ipaserver/plugins/hbactest.py
+++ b/ipaserver/plugins/hbactest.py
@@ -24,6 +24,8 @@ from ipalib import Command, Str, Flag, Int
 from ipalib import _
 from ipapython.dn import DN
 from ipalib.plugable import Registry
+from ipalib.messages import VersionMissing
+
 if api.env.in_server:
    try:
        import ipaserver.dcerpc
@@ -323,6 +325,9 @@ class hbactest(Command):
        # 2. Required options are (user, target host, service)
        # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output
        rules = []
+        result = {
+            'warning':None, 'matched':None, 'notmatched':None, 'error':None
+        }

        # Use all enabled IPA rules by default
        all_enabled = True
@@ -351,8 +356,12 @@ class hbactest(Command):

        hbacset = []
        if len(testrules) == 0:
-            hbacset = self.api.Command.hbacrule_find(
-                sizelimit=sizelimit, no_members=False)['result']
+            hbacrules = self.api.Command.hbacrule_find(
+                sizelimit=sizelimit, no_members=False)
+            hbacset = hbacrules['result']
+            for message in hbacrules['messages']:
+                if message['code'] != VersionMissing.errno:
+                    result.setdefault('messages', []).append(message)
        else:
            for rule in testrules:
                try:
@@ -469,7 +478,6 @@ class hbactest(Command):
        error_rules = []
        warning_rules = []

-        result = {'warning':None, 'matched':None, 'notmatched':None, 'error':None}
        if not options['nodetail']:
            # Validate runs rules one-by-one and reports failed ones
            for ipa_rule in rules: