From 48846e98e5e988d600ddf81c937f353fcecdea1a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Dec 19 2023 11:58:50 +0000
Subject: hbactest was not collecting or returning messages


hbactest does a number of internal searches, one of which
can exceed the configured sizelimit: hbacrule-find

Collect any messages returned from thsi call and display them
to the user on the cli.

Fixes: https://pagure.io/freeipa/issue/9486

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

---

diff --git a/ipaclient/plugins/hbactest.py b/ipaclient/plugins/hbactest.py
index 1b54530..e0f93b9 100644
--- a/ipaclient/plugins/hbactest.py
+++ b/ipaclient/plugins/hbactest.py
@@ -38,6 +38,8 @@ class hbactest(CommandOverride):
         # Note that we don't actually use --detail below to see if details need
         # to be printed as our execute() method will return None for corresponding
         # entries and None entries will be skipped.
+        self.log_messages(output)
+
         for o in self.output:
             if o == 'value':
                 continue
diff --git a/ipaserver/plugins/hbactest.py b/ipaserver/plugins/hbactest.py
index 887a35b..568c131 100644
--- a/ipaserver/plugins/hbactest.py
+++ b/ipaserver/plugins/hbactest.py
@@ -24,6 +24,8 @@ from ipalib import Command, Str, Flag, Int
 from ipalib import _
 from ipapython.dn import DN
 from ipalib.plugable import Registry
+from ipalib.messages import VersionMissing
+
 if api.env.in_server:
     try:
         import ipaserver.dcerpc
@@ -323,6 +325,9 @@ class hbactest(Command):
         # 2. Required options are (user, target host, service)
         # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output
         rules = []
+        result = {
+            'warning':None, 'matched':None, 'notmatched':None, 'error':None
+        }
 
         # Use all enabled IPA rules by default
         all_enabled = True
@@ -351,8 +356,12 @@ class hbactest(Command):
 
         hbacset = []
         if len(testrules) == 0:
-            hbacset = self.api.Command.hbacrule_find(
-                sizelimit=sizelimit, no_members=False)['result']
+            hbacrules = self.api.Command.hbacrule_find(
+                sizelimit=sizelimit, no_members=False)
+            hbacset = hbacrules['result']
+            for message in hbacrules['messages']:
+                if message['code'] != VersionMissing.errno:
+                    result.setdefault('messages', []).append(message)
         else:
             for rule in testrules:
                 try:
@@ -469,7 +478,6 @@ class hbactest(Command):
         error_rules = []
         warning_rules = []
 
-        result = {'warning':None, 'matched':None, 'notmatched':None, 'error':None}
         if not options['nodetail']:
             # Validate runs rules one-by-one and reports failed ones
             for ipa_rule in rules: