From dd0a2cbff964f9a754880d8a393ffbaef85ede06 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasurde@redhat.com>
Date: Fri, 14 Mar 2025 23:36:54 -0700
Subject: [PATCH] sudoers: display stderr raised while validation (#9871)

* sudoers: display stderr raised while validation

* Print stdout and stderr raised from sudoers validation

Fixes: #9674

Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
---
 changelogs/fragments/sudoers.yml                 | 3 +++
 plugins/modules/sudoers.py                       | 2 +-
 tests/integration/targets/sudoers/tasks/main.yml | 6 ++++--
 3 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/sudoers.yml

diff --git a/changelogs/fragments/sudoers.yml b/changelogs/fragments/sudoers.yml
new file mode 100644
index 0000000000..f16a007de9
--- /dev/null
+++ b/changelogs/fragments/sudoers.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - sudoers - display stdout and stderr raised while failed validation (https://github.com/ansible-collections/community.general/issues/9674, https://github.com/ansible-collections/community.general/pull/9871).
diff --git a/plugins/modules/sudoers.py b/plugins/modules/sudoers.py
index 54a52faad4..ac1ff91ff5 100644
--- a/plugins/modules/sudoers.py
+++ b/plugins/modules/sudoers.py
@@ -246,7 +246,7 @@ class Sudoers(object):
         rc, stdout, stderr = self.module.run_command(check_command, data=self.content())
 
         if rc != 0:
-            raise Exception('Failed to validate sudoers rule:\n{stdout}'.format(stdout=stdout))
+            self.module.fail_json(msg='Failed to validate sudoers rule:\n{stdout}'.format(stdout=stdout or stderr), stdout=stdout, stderr=stderr)
 
     def run(self):
         if self.state == 'absent':
diff --git a/tests/integration/targets/sudoers/tasks/main.yml b/tests/integration/targets/sudoers/tasks/main.yml
index 36397f41ad..fa03b71dac 100644
--- a/tests/integration/targets/sudoers/tasks/main.yml
+++ b/tests/integration/targets/sudoers/tasks/main.yml
@@ -229,7 +229,7 @@
   ignore_errors: true
   when: ansible_os_family != 'Darwin'
   register: edge_case_3
-  
+
 - name: Revoke non-existing rule
   community.general.sudoers:
     name: non-existing-rule
@@ -278,12 +278,14 @@
     that:
       - not revoke_rule_1_stat.stat.exists
       - not revoke_non_existing_rule_stat.stat.exists
-      
+
 - name: Check edge case responses
   ansible.builtin.assert:
     that:
       - edge_case_1 is failed
       - "'Failed to validate sudoers rule' in edge_case_1.msg"
+      - edge_case_1.stdout is defined
+      - edge_case_1.stderr is defined
       - edge_case_2 is not failed
 
 - name: Check missing validation edge case