Fix pamd error when inserting a new rule at the end. Fixes #28487 (#28488)

* When inserting a new rule in `insert_after_rule`, check if the old rule is
the last rule, to avoid a list index out of range error when attempting to
access the next rule.
* Add a test for inserting a new rule after the last rule.

lib/ansible/modules/system/pamd.py

@@ -483,7 +483,10 @@ def insert_after_rule(service, old_rule, new_rule):
         if (old_rule.rule_type == rule.rule_type and
                 old_rule.rule_control == rule.rule_control and
                 old_rule.rule_module_path == rule.rule_module_path):
-            if (new_rule.rule_type != service.rules[index + 1].rule_type or
+            if (index == len(service.rules) - 1):
+                service.rules.insert(len(service.rules), new_rule)
+                changed = True
+            elif (new_rule.rule_type != service.rules[index + 1].rule_type or
                     new_rule.rule_control !=
                     service.rules[index + 1].rule_control or
                     new_rule.rule_module_path !=

test/units/modules/system/test_pamd.py

@@ -191,6 +191,15 @@ session   \trequired\tpam_unix.so"""
         line_to_test += str(new_rule).rstrip()
         self.assertIn(line_to_test, str(self.pamd))
 
+    def test_insert_after_rule_last_rule(self):
+        old_rule = PamdRule.rulefromstring('session   	required	pam_unix.so')
+        new_rule = PamdRule.rulefromstring('session   	required	pam_permit.so arg1 arg2 arg3')
+        insert_after_rule(self.pamd, old_rule, new_rule)
+        line_to_test = str(old_rule).rstrip()
+        line_to_test += '\n'
+        line_to_test += str(new_rule).rstrip()
+        self.assertIn(line_to_test, str(self.pamd))
+
     def test_remove_module_arguments_one(self):
         old_rule = PamdRule.rulefromstring('auth      	sufficient	pam_unix.so nullok try_first_pass')
         new_rule = PamdRule.rulefromstring('auth      	sufficient	pam_unix.so try_first_pass')