Update metadata and settings CLI docs

Author: akclace

content/docs/Actions/index.md

@@ -177,7 +177,7 @@ fs.file_access = ["$TEMPDIR", "/tmp"]
 To set this at the app level, run
 
 ```
-openrun app update-metadata conf --promote fs.file_access='["/var/tmp", "$TEMPDIR", "/tmp"]' /myapp
+openrun app update conf --promote fs.file_access='["/var/tmp", "$TEMPDIR", "/tmp"]' /myapp
 ```
 
 ## Multiple Actions

content/docs/Applications/Audit.md

@@ -32,7 +32,7 @@ The configurable options related to audit events are:
 The app config options can be set globally in the openrun.toml. It can also be set individually for an app by setting the app metadata. For example,
 
 ```sh
-openrun app update-metadata conf --promote 'audit.redact_url=true' /myapp
+openrun app update conf --promote 'audit.redact_url=true' /myapp
 ```
 
 The retention for audit events is configurable globally. The config settings in `openrun.toml` are:

content/docs/Applications/Lifecycle.md

@@ -121,6 +121,6 @@ Staging and Preview apps have read only access by default to plugin APIs. This m
 
 For cases where the plugin defines an API as Write, the app permission can overwrite the default type and define the operation to be a READ operation. For example, the disk_usage app runs the `du` command, which is a read operation. The [app config defines](https://github.com/openrundev/openrun/blob/49182d4ca1cacbd8e3463a77c2174a6da1fb66c9/examples/disk_usage/app.star#L45) the run plugin call as `type="READ"`, over-riding the default WRITE type defined in the plugin. If no type is specified in the permission, the type defined in the plugin takes effect.
 
-Staging and Preview apps are allowed only READ calls by default, even if the app permissions allow WRITE operations. To allow stage apps access to WRITE operations, run `openrun app update-settings stage-write-access true all`. Change `all` to the desired app glob pattern.
+Staging and Preview apps are allowed only READ calls by default, even if the app permissions allow WRITE operations. To allow stage apps access to WRITE operations, run `openrun app settings stage-write-access true all`. Change `all` to the desired app glob pattern.
 
-To allow preview apps access to WRITE operation, run `openrun app update-settings preview-write-access true example.com:/`. This changes the existing preview apps and any new preview apps created for example.com:/ to allow write operations, if the permissions have been approved.
+To allow preview apps access to WRITE operation, run `openrun app settings preview-write-access true example.com:/`. This changes the existing preview apps and any new preview apps created for example.com:/ to allow write operations, if the permissions have been approved.

content/docs/Applications/Overview.md

@@ -39,8 +39,8 @@ COMMANDS:
    approve          Approve app permissions
    reload           Reload the app source code
    promote          Promote the app from staging to production
-   update-settings  Update OpenRun apps settings. Settings changes are NOT staged, they apply immediately to matched stage, prod and preview apps.
-   update-metadata  Update OpenRun app metadata. Metadata updates are staged and have to be promoted to prod. Use "openrun param" to update app parameter metadata.
+   settings  Update OpenRun apps settings. Settings changes are NOT staged, they apply immediately to matched stage, prod and preview apps.
+   update  Update OpenRun app metadata. Metadata updates are staged and have to be promoted to prod. Use "openrun param" to update app parameter metadata.
    help, h          Shows a list of commands or help for one command
 ```
 
@@ -120,12 +120,12 @@ A star, like `PROD*` in the `app list` output indicates that there are staged ch
 
 By default, apps are created with the no authentication type. `system` auth uses `admin` as the username. The password is displayed on the screen during the initial setup of the OpenRun server config.
 
-To change app auth type, add `--auth system` to the `app create` command. After an app is created, the auth type can be changed by running `app update-settings auth system /myapp`. OAuth based authentication is also supported, see [authentication]({{< ref "docs/configuration/authentication" >}}) for details.
+To change app auth type, add `--auth system` to the `app create` command. After an app is created, the auth type can be changed by running `app update auth system /myapp`. OAuth based authentication is also supported, see [authentication]({{< ref "docs/configuration/authentication" >}}) for details.
 
 {{<callout type="warning" >}}
-Changes done to the app settings using the `app update-settings` command are not staged or versioned, they apply immediately to the stage/prod/preview apps. App settings are fundamental properties of the app, like what authentication type to use, what git auth key to use etc.
+Changes done to the app settings using the `app settings` command are **NOT** staged or versioned, they apply immediately to the stage/prod/preview apps.
 
-All other changes done to app metadata using `app update-metadata`, `app reload`, `param update` etc are staged before deployment. Use the `--promote` option on the change to promote the change immediately when applying it on the staging app. Use `app promote` command to promote later. When a promotion is done, **all** currently staged changes for that app are promoted, not just the most recent change. After promote, the prod app is exactly same as staging app.
+All other changes done to app metadata using `app update`, `app reload`, `param update` etc are staged before deployment. Use the `--promote` option on the change to promote the change immediately when applying it on the staging app. Use `app promote` command to promote later. When a promotion is done, **ALL** currently staged changes for that app are promoted, not just the most recent change. After promote, the prod app is exactly same as staging app.
 {{</callout>}}
 
 ## Declarative App Management

content/docs/Configuration/Authentication.md

@@ -6,7 +6,7 @@ summary: "Details about authentication mechanisms for app access, including OAut
 
 By default, apps are created with the `none` authentication type. A `system` auth is available which uses `admin` as the username. The password is displayed on the screen during the initial setup of the OpenRun server config.
 
-To set the auth type, add `--auth system` to the app create command. After an app is created, the auth type can be changed by running `app update-settings auth system /myapp`.
+To set the auth type, add `--auth system` to the app create command. After an app is created, the auth type can be changed by running `app update auth --promote system /myapp`.
 
 ## Default Authentication Type
 
@@ -36,7 +36,7 @@ ca_cert_file="/data/certs/ca1.crt"
 ca_cert_file="/data/certs/ca2.crt"
 ```
 
-defines two client_auth configs: `cert_test1` using ca1.crt and `cert_test2` using ca2.crt. Apps can be updated to use this auth config by running `app update-settings auth cert_test1 /myapp` or `app update-settings auth cert_test2 /myapp`.
+defines two client_auth configs: `cert_test1` using ca1.crt and `cert_test2` using ca2.crt. Apps can be updated to use this auth config by running `app update auth --promote cert_test1 /myapp` or `app update auth --promote  cert_test2 /myapp`.
 
 Any API call to the app has to pass the client certificates. Using curl, the call would look like:
 

content/docs/Configuration/Overview.md

@@ -38,7 +38,7 @@ audit.redact_url = true
 sets the redact property to true for all apps. The property can be further configured individually for one or more apps in the app metadata using
 
 ```sh
-openrun app update-metadata conf --promote 'audit.redact_url=true' /myapp
+openrun app update conf --promote 'audit.redact_url=true' /myapp
 ```
 
 ## Config Access from Code

content/docs/Configuration/Secrets.md

@@ -148,5 +148,5 @@ security.default_secrets_provider = "env"
 The `env` provider is used by default if it is enabled in the config. The default can be changed per app by setting
 
 ```sh
-openrun app update-metadata conf --promote 'security.default_secrets_provider="prop_myfile"' /myapp
+openrun app update conf --promote 'security.default_secrets_provider="prop_myfile"' /myapp
 ```

content/docs/Configuration/Security.md

@@ -71,7 +71,7 @@ See [appsecurity]({{< ref "appsecurity" >}}) for details about the application l
 
 ## CSRF Protection
 
-CSRF protection is automatically enabled for OpenRun internal APIs and for API calls to apps. This uses the [CrossOriginProtection](https://pkg.go.dev/net/http#CrossOriginProtection) middleware. Use `app_config.security.disable_csrf_protection = true` in `openrun.toml` to disable globally for all apps. CSRF protection can be disabled individually for apps by running `openrun app update-metadata conf --promote 'security.disable_csrf_protection=true' /myapp`
+CSRF protection is automatically enabled for OpenRun internal APIs and for API calls to apps. This uses the [CrossOriginProtection](https://pkg.go.dev/net/http#CrossOriginProtection) middleware. Use `app_config.security.disable_csrf_protection = true` in `openrun.toml` to disable globally for all apps. CSRF protection can be disabled individually for apps by running `openrun app update conf --promote 'security.disable_csrf_protection=true' /myapp`
 
 ## Private Repository Access
 
@@ -115,11 +115,9 @@ default_git_auth = "mykey"
 This git key is used for `apply` and `sync` also. To change the git auth key for an app, run:
 
 ```bash
-openrun app update-settings git-auth newkey /myapp
+openrun app update git-auth --promote newkey /myapp
 ```
 
-The git auth is not a staged changed, it applies immediately for the staging and prod apps and preview apps.
-
 ## GitLab Groups and Subgroups
 
 GitLab Cloud and on-prem supports [group and sub-groups](https://docs.gitlab.com/user/group/). By default in OpenRun, a git path like `gitlab.com/myuser/a/b/c` is assumed to be referencing `myuser` user or org, repo `a` and folder `b/c`. If using groups in GitLab, this might be incorrect. Two forward slashes `//` are required to indicate the end of the repo name. If `b` is the repo name, the above path would have to be referenced as `gitlab.com/myuser/a/b//c`. In that case, repo will be `a/b` and folder will be `c`.

content/docs/Container/Config.md

@@ -38,7 +38,7 @@ The `openrun.toml` can be updated to have a different value for any of the prope
 To apply the config at the app level, the app metadata can be updated. For example the command
 
 ```sh
-openrun app update-metadata conf --promote container.idle_shutdown_secs=600 /myapp
+openrun app update conf --promote container.idle_shutdown_secs=600 /myapp
 ```
 
 changes the idle timeout for the `/myapp` app to 600 secs. Without the `--promote` option, the change will be staged and can be verified on the staging app. App metadata level setting take precedence over the defaults in the `openrun.toml`. Using `all` as the app name will apply the change for all current apps (but not for any new apps created later).

content/docs/Container/Overview.md

@@ -32,11 +32,11 @@ will create an app at `https://localhost:25223/streamlit_app`. On the first API
 
 The specs defined currently are:
 
-| Spec Name               | Required Params                                                                                                            | Optional Params                                                                                                                                                         | Supports Path Routing | Notes                                                                 | Example                                                                                                                                                       |
-| :---------------------- | :------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------- | :-------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Spec Name               | Required Params                                                                                                            | Optional Params                                                                                                                                                         | Supports Path Routing | Notes                                                                 | Example                                                                                                                                                         |
+| :---------------------- | :------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------- | :-------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | container               |                                                                                                                            | <ul><li><b>port</b> : The port number within container, optional if EXPOSE directive is present</li></ul>                                                               | Depends on app        | Requires app code to have a Containerfile/Dockerfile                  |
 | image                   | <ul><li><b>image</b>: The image to use for the container</li> <li><b>port</b> : The port number within container</li></ul> |                                                                                                                                                                         | Depends on app        | No source url required when creating app, use - as url                | `openrun app create --spec image --approve --param image=nginx --param port=80 - nginxapp.localhost:/`                                                          |
-| proxy                   | <ul><li><b>url</b>: The url to which requests should be proxied</li> </ul>                                                 |                                                                                                                                                                         | No                    | No source url required when creating app, use - as url                | `openrun app create --spec proxy --approve -param url=https://openrun.dev - proxyapp.localhost:/`                                                                  |
+| proxy                   | <ul><li><b>url</b>: The url to which requests should be proxied</li> </ul>                                                 |                                                                                                                                                                         | No                    | No source url required when creating app, use - as url                | `openrun app create --spec proxy --approve -param url=https://openrun.dev - proxyapp.localhost:/`                                                               |
 | python-wsgi             |                                                                                                                            | <ul><li><b>APP_MODULE</b>: The module:app for the WSGI app. Defaults to app:app, meaning app in app.py</li> </ul>                                                       | Depends on app        | Runs Web Server Gateway Interface (WSGI) apps using gunicorn          |
 | python-asgi             |                                                                                                                            | <ul><li><b>APP_MODULE</b>: The module:app for the ASGI app. Defaults to app:app, meaning app in app.py</li> </ul>                                                       | Depends on app        | Runs Asynchronous Server Gateway Interface (ASGI) apps using uvicorn  |
 | python-flask            |                                                                                                                            | <ul><li><b>port</b> : The port number within container. If EXPOSE directive is present, that is used. Defaults to 5000</li></ul>                                        | Depends on app        | Runs app using flask dev server                                       |
@@ -94,7 +94,7 @@ openrun app create --approve --spec python-fasthtml \
 To update args, run
 
 ```sh
-openrun app update-metadata carg PYTHON_VERSION=3.11.2 fasthtmlapp.localhost:/
+openrun app update carg PYTHON_VERSION=3.11.2 fasthtmlapp.localhost:/
 ```
 
 Like all metadata updates, arg updates are staged. Pass `--promote` to promote immediately or run `app promote` to promote from stage to prod.
@@ -119,7 +119,7 @@ sets the CPU shares for the container to 1000.
 To update container options, run
 
 ```sh
-openrun app update-metadata copt cpu-shares=500 fasthtmlapp.localhost:/
+openrun app update copt cpu-shares=500 fasthtmlapp.localhost:/
 ```
 
 Like all metadata updates, option updates are staged. Pass `--promote` to promote immediately or run `app promote` to promote from stage to prod.
@@ -160,7 +160,7 @@ To define the volume in the app config, add
 To set the volume info in the app metadata, run
 
 ```sh
-openrun app update-metadata cvol --promote "cl_secret:secret.tmpl:/app/secret.ini" /APPPATH
+openrun app update cvol --promote "cl_secret:secret.tmpl:/app/secret.ini" /APPPATH
 ```
 
 multiple values are supported for `cvol`.