cfengine
diff --git a/‎APPSTREAMS-ENHANCEMENTS-EXAMPLES.md‎
Lines changed: 337 additions & 0 deletions b/‎APPSTREAMS-ENHANCEMENTS-EXAMPLES.md‎
Lines changed: 337 additions & 0 deletions
@@ -0,0 +1,337 @@
+# AppStreams Promise Type Enhancements - Before/After Examples
+
+This document illustrates the improvements made to the appstreams promise type in commit f1a12a0.
+
+## Enhancement 1: Generic DNF Options Support
+
+### Before
+The appstreams promise type had no way to pass DNF configuration options. Users could not control behavior like weak dependency installation.
+
+**Policy (not possible before):**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.2",
+    profile => "minimal";
+    # No way to prevent weak dependencies from being installed
+```
+
+**Result:**
+```
+$ rpm -q httpd
+httpd-2.4.57-11.el9_4.1.x86_64  # Weak dependency was installed
+$ rpm -q php-cli
+php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64
+```
+
+### After
+New `options` attribute accepts any DNF configuration option.
+
+**Policy:**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.2",
+    profile => "minimal",
+    options => { "install_weak_deps=false" };  # NEW
+```
+
+**Result:**
+```
+$ rpm -q httpd
+package httpd is not installed  # Weak dependency excluded!
+$ rpm -q php-cli
+php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64
+```
+
+**DNF History:**
+```
+Command Line   : module install -y php:8.2/minimal --setopt=install_weak_deps=false
+Comment        : CFEngine appstreams promise: php state=installed
+```
+
+**Multiple options example:**
+```cfengine3
+appstreams:
+  "nodejs"
+    state => "installed",
+    stream => "20",
+    profile => "minimal",
+    options => { 
+      "install_weak_deps=false",
+      "best=true",
+      "skip_broken=false"
+    };
+```
+
+---
+
+## Enhancement 2: Automatic Stream Switching
+
+### Before
+If a module was already enabled at one stream and you requested a different stream, the promise would report KEPT without making changes or would fail.
+
+**Starting state:**
+```
+$ dnf module list php
+Name Stream  Profiles                Summary               
+php  8.1 [e] common [d], devel, minimal [i] PHP scripting language
+php  8.2     common [d], devel, minimal     PHP scripting language
+
+$ rpm -q php-cli
+php-cli-8.1.32-1.module+el9.7.0+40003+454ed3c4.x86_64
+```
+
+**Policy:**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.2",  # Want to upgrade to 8.2
+    profile => "minimal";
+```
+
+**Result (before fix):**
+```
+$ rpm -q php-cli
+php-cli-8.1.32-1.module+el9.7.0+40003+454ed3c4.x86_64  # Still on 8.1!
+```
+Promise would report KEPT because it detected the module was "installed", but didn't check if the stream matched.
+
+### After
+Automatic detection and handling of stream changes (both upgrades and downgrades).
+
+**Same policy, same starting state:**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.2",
+    profile => "minimal",
+    options => { "install_weak_deps=false" };
+```
+
+**CF-Agent output:**
+```
+info: Switching module php from stream 8.1 to 8.2
+info: Module php:8.2/minimal switched successfully
+```
+
+**Result:**
+```
+$ rpm -q php-cli
+php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64  # Upgraded!
+
+$ dnf module list php
+Name Stream  Profiles                Summary               
+php  8.1     common [d], devel, minimal     PHP scripting language
+php  8.2 [e] common [d], devel, minimal [i] PHP scripting language
+```
+
+**DNF History:**
+```
+Command Line   : module switch-to -y php:8.2/minimal --setopt=install_weak_deps=false
+Comment        : CFEngine appstreams promise: php state=installed
+Packages Altered:
+    Upgrade  php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64
+    Upgraded php-cli-8.1.32-1.module+el9.7.0+40003+454ed3c4.x86_64
+```
+
+**Downgrade example:**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.1",  # Downgrade from 8.2 to 8.1
+    profile => "minimal";
+```
+
+**Result:**
+```
+$ dnf history info last
+Command Line   : module switch-to -y php:8.1/minimal
+Packages Altered:
+    Downgrade  php-cli-8.1.32-1.module+el9.7.0+40003+454ed3c4.x86_64
+    Downgraded php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64
+```
+
+---
+
+## Enhancement 3: DNF History Command Line Tracking
+
+### Before
+DNF history showed blank command lines for CFEngine-initiated changes, making it impossible to see what options were used or reconstruct what happened.
+
+**DNF History (before):**
+```
+ID     | Command line             | Date and time    | Action(s)
+------------------------------------------------------------------------
+    33 |                          | 2026-04-21 21:00 | Downgrade
+    32 |                          | 2026-04-21 20:58 | Upgrade
+    31 |                          | 2026-04-21 20:57 | Downgrade
+```
+
+**Detail view:**
+```
+$ dnf history info 33
+Transaction ID : 33
+Command Line   :                    # BLANK - no audit trail!
+Comment        : CFEngine appstreams promise: php state=installed
+```
+
+### After
+Full command line with all options visible in DNF history.
+
+**DNF History (after):**
+```
+ID     | Command line                          | Date and time    | Action(s)
+------------------------------------------------------------------------------------
+    41 | module switch-to -y php:8.3/minimal   | 2026-04-21 21:35 | Upgrade
+    40 | module install -y php:8.2/minimal     | 2026-04-21 21:33 | Install
+```
+
+**Detail view:**
+```
+$ dnf history info 41
+Transaction ID : 41
+Command Line   : module switch-to -y php:8.3/minimal --setopt=install_weak_deps=false
+Comment        : CFEngine appstreams promise: php state=installed
+Releasever     : 9
+User           :  <vagrant>
+Return-Code    : Success
+```
+
+Now auditors can see exactly what DNF command was used, including all options.
+
+---
+
+## Enhancement 4: Correct Package Versions Using ModuleBase API
+
+### Before
+When using the old module package container (mpc) API, packages might be installed from the wrong stream or default stream instead of the requested module stream.
+
+**Policy:**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.2",  # Request 8.2 specifically
+    profile => "minimal";
+```
+
+**Result (with old mpc.enable/install API):**
+```
+$ rpm -q php-cli
+php-cli-8.0.30-5.el9_7.x86_64  # Got 8.0 (default stream) instead of 8.2!
+```
+
+**DNF History showed the intent but wrong execution:**
+```
+Command Line   : module install -y php:8.2/minimal
+Packages Altered:
+    Install php-cli-8.0.30-5.el9_7.x86_64    # Wrong version!
+```
+
+### After
+Using `ModuleBase` API ensures packages come from the correct module stream context.
+
+**Same policy:**
+```cfengine3
+appstreams:
+  "php"
+    state => "installed",
+    stream => "8.2",
+    profile => "minimal";
+```
+
+**Result:**
+```
+$ rpm -q php-cli
+php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64  # Correct 8.2 version!
+```
+
+**DNF History shows correct execution:**
+```
+Command Line   : module install -y php:8.2/minimal
+Packages Altered:
+    Install php-cli-8.2.30-1.module+el9.7.0+40073+569087df.x86_64  # Correct!
+    Install php-common-8.2.30-1.module+el9.7.0+40073+569087df.x86_64
+```
+
+---
+
+## Combined Real-World Example
+
+**Use Case:** Install PHP 8.2 minimal profile without documentation and weak dependencies, then upgrade to 8.3 when needed.
+
+### Initial Installation
+```cfengine3
+bundle agent webserver
+{
+  appstreams:
+    "php"
+      state => "installed",
+      stream => "8.2",
+      profile => "minimal",
+      options => { 
+        "install_weak_deps=false"
+      };
+}
+```
+
+**Result:**
+- ✅ PHP 8.2.30 installed (correct version)
+- ✅ httpd NOT installed (weak dependency excluded)
+- ✅ Only minimal profile packages installed
+- ✅ Full audit trail in DNF history
+
+### Later Upgrade to PHP 8.3
+Just change the stream in policy:
+```cfengine3
+bundle agent webserver
+{
+  appstreams:
+    "php"
+      state => "installed",
+      stream => "8.3",  # Changed from 8.2
+      profile => "minimal",
+      options => { 
+        "install_weak_deps=false"
+      };
+}
+```
+
+**Result:**
+- ✅ Automatic detection of stream change
+- ✅ Clean upgrade from 8.2 → 8.3
+- ✅ Weak dependencies still excluded
+- ✅ DNF history shows: `module switch-to -y php:8.3/minimal --setopt=install_weak_deps=false`
+
+**No manual intervention needed!**
+
+---
+
+## Summary of Improvements
+
+| Feature | Before | After |
+|---------|--------|-------|
+| **DNF Options** | Not supported | Any option via `options` attribute |
+| **Stream Switching** | Manual intervention required | Automatic detection and switching |
+| **Package Versions** | Sometimes wrong stream | Always correct via ModuleBase API |
+| **DNF History Command** | Blank | Full command with all options |
+| **DNF History Comment** | Not supported | CFEngine context included |
+| **Weak Deps Control** | Always installed | Can exclude with `install_weak_deps=false` |
+| **Audit Trail** | Incomplete | Complete reconstruction possible |
+
+## Technical Implementation
+
+The enhancements use:
+1. **`base.conf.set_or_append_opt_value()`** for generic option handling
+2. **`ModuleBase.install()`** for correct module package context
+3. **`ModuleBase.switch_to()`** for stream changes
+4. **`base.args`** for DNF history command line tracking
+5. **`base.conf.comment`** for CFEngine context in audit trail (from upstream)
+
+All changes maintain backward compatibility - existing policies without `options` continue to work as before.