no way to debug failed recipe

[hboetes]

Hi there,

I just ran a basic recipe and it failed like this in debug mode.

parse error in /etc/sudoers.d/admin_users20170320-2854-12yxwku near line 11
Error: /Stage[main]/Main/Node[default]/Sudo::Sudoers[admin_users]/File[/etc/sudoers.d/admin_users]/ensure: change from absent to file failed: Execution of '/usr/sbin/visudo -c -f /etc/sudoers.d/admin_users20170320-2854-12yxwku' returned 1: >>> /etc/sudoers.d/admin_users20170320-2854-12yxwku: syntax error near line 11 <<<
parse error in /etc/sudoers.d/admin_users20170320-2854-12yxwku near line 11

OK, good that the file was removed since it wasn't working, but now I can't see what was on line 11 since the file has been removed so I have no idea what went wrong.
Since you can install those recipes anywhere you like would it be an idea to install them in /tmp first and only if they succeed install them in /etc/sudoers.d

I mean if puppet would crash for some reason just before it could remove the file you would have created a lock out as well.

Or simply show the failed recipe in the debug log?

[hboetes]

 Ah! Look here: 

sudo will read each file in /etc/sudoers.d, skipping file names that end
in ‘~’ or contain a ‘.’ character to avoid causing problems with package
manager or editor temporary/backup files.