Skip to content

Commit 104fa85

Browse files
committed
Update metadata and settings CLI docs
1 parent 0f4a693 commit 104fa85

File tree

11 files changed

+23
-25
lines changed

11 files changed

+23
-25
lines changed

content/docs/Actions/index.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ fs.file_access = ["$TEMPDIR", "/tmp"]
177177
To set this at the app level, run
178178

179179
```
180-
openrun app update-metadata conf --promote fs.file_access='["/var/tmp", "$TEMPDIR", "/tmp"]' /myapp
180+
openrun app update conf --promote fs.file_access='["/var/tmp", "$TEMPDIR", "/tmp"]' /myapp
181181
```
182182

183183
## Multiple Actions

content/docs/Applications/Audit.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ The configurable options related to audit events are:
3232
The app config options can be set globally in the openrun.toml. It can also be set individually for an app by setting the app metadata. For example,
3333

3434
```sh
35-
openrun app update-metadata conf --promote 'audit.redact_url=true' /myapp
35+
openrun app update conf --promote 'audit.redact_url=true' /myapp
3636
```
3737

3838
The retention for audit events is configurable globally. The config settings in `openrun.toml` are:

content/docs/Applications/Lifecycle.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,6 @@ Staging and Preview apps have read only access by default to plugin APIs. This m
121121

122122
For cases where the plugin defines an API as Write, the app permission can overwrite the default type and define the operation to be a READ operation. For example, the disk_usage app runs the `du` command, which is a read operation. The [app config defines](https://github.com/openrundev/openrun/blob/49182d4ca1cacbd8e3463a77c2174a6da1fb66c9/examples/disk_usage/app.star#L45) the run plugin call as `type="READ"`, over-riding the default WRITE type defined in the plugin. If no type is specified in the permission, the type defined in the plugin takes effect.
123123

124-
Staging and Preview apps are allowed only READ calls by default, even if the app permissions allow WRITE operations. To allow stage apps access to WRITE operations, run `openrun app update-settings stage-write-access true all`. Change `all` to the desired app glob pattern.
124+
Staging and Preview apps are allowed only READ calls by default, even if the app permissions allow WRITE operations. To allow stage apps access to WRITE operations, run `openrun app settings stage-write-access true all`. Change `all` to the desired app glob pattern.
125125

126-
To allow preview apps access to WRITE operation, run `openrun app update-settings preview-write-access true example.com:/`. This changes the existing preview apps and any new preview apps created for example.com:/ to allow write operations, if the permissions have been approved.
126+
To allow preview apps access to WRITE operation, run `openrun app settings preview-write-access true example.com:/`. This changes the existing preview apps and any new preview apps created for example.com:/ to allow write operations, if the permissions have been approved.

content/docs/Applications/Overview.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@ COMMANDS:
3939
approve Approve app permissions
4040
reload Reload the app source code
4141
promote Promote the app from staging to production
42-
update-settings Update OpenRun apps settings. Settings changes are NOT staged, they apply immediately to matched stage, prod and preview apps.
43-
update-metadata Update OpenRun app metadata. Metadata updates are staged and have to be promoted to prod. Use "openrun param" to update app parameter metadata.
42+
settings Update OpenRun apps settings. Settings changes are NOT staged, they apply immediately to matched stage, prod and preview apps.
43+
update Update OpenRun app metadata. Metadata updates are staged and have to be promoted to prod. Use "openrun param" to update app parameter metadata.
4444
help, h Shows a list of commands or help for one command
4545
```
4646

@@ -120,12 +120,12 @@ A star, like `PROD*` in the `app list` output indicates that there are staged ch
120120

121121
By default, apps are created with the no authentication type. `system` auth uses `admin` as the username. The password is displayed on the screen during the initial setup of the OpenRun server config.
122122

123-
To change app auth type, add `--auth system` to the `app create` command. After an app is created, the auth type can be changed by running `app update-settings auth system /myapp`. OAuth based authentication is also supported, see [authentication]({{< ref "docs/configuration/authentication" >}}) for details.
123+
To change app auth type, add `--auth system` to the `app create` command. After an app is created, the auth type can be changed by running `app update auth system /myapp`. OAuth based authentication is also supported, see [authentication]({{< ref "docs/configuration/authentication" >}}) for details.
124124

125125
{{<callout type="warning" >}}
126-
Changes done to the app settings using the `app update-settings` command are not staged or versioned, they apply immediately to the stage/prod/preview apps. App settings are fundamental properties of the app, like what authentication type to use, what git auth key to use etc.
126+
Changes done to the app settings using the `app settings` command are **NOT** staged or versioned, they apply immediately to the stage/prod/preview apps.
127127

128-
All other changes done to app metadata using `app update-metadata`, `app reload`, `param update` etc are staged before deployment. Use the `--promote` option on the change to promote the change immediately when applying it on the staging app. Use `app promote` command to promote later. When a promotion is done, **all** currently staged changes for that app are promoted, not just the most recent change. After promote, the prod app is exactly same as staging app.
128+
All other changes done to app metadata using `app update`, `app reload`, `param update` etc are staged before deployment. Use the `--promote` option on the change to promote the change immediately when applying it on the staging app. Use `app promote` command to promote later. When a promotion is done, **ALL** currently staged changes for that app are promoted, not just the most recent change. After promote, the prod app is exactly same as staging app.
129129
{{</callout>}}
130130

131131
## Declarative App Management

content/docs/Configuration/Authentication.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ summary: "Details about authentication mechanisms for app access, including OAut
66

77
By default, apps are created with the `none` authentication type. A `system` auth is available which uses `admin` as the username. The password is displayed on the screen during the initial setup of the OpenRun server config.
88

9-
To set the auth type, add `--auth system` to the app create command. After an app is created, the auth type can be changed by running `app update-settings auth system /myapp`.
9+
To set the auth type, add `--auth system` to the app create command. After an app is created, the auth type can be changed by running `app update auth --promote system /myapp`.
1010

1111
## Default Authentication Type
1212

@@ -36,7 +36,7 @@ ca_cert_file="/data/certs/ca1.crt"
3636
ca_cert_file="/data/certs/ca2.crt"
3737
```
3838

39-
defines two client_auth configs: `cert_test1` using ca1.crt and `cert_test2` using ca2.crt. Apps can be updated to use this auth config by running `app update-settings auth cert_test1 /myapp` or `app update-settings auth cert_test2 /myapp`.
39+
defines two client_auth configs: `cert_test1` using ca1.crt and `cert_test2` using ca2.crt. Apps can be updated to use this auth config by running `app update auth --promote cert_test1 /myapp` or `app update auth --promote cert_test2 /myapp`.
4040

4141
Any API call to the app has to pass the client certificates. Using curl, the call would look like:
4242

content/docs/Configuration/Overview.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ audit.redact_url = true
3838
sets the redact property to true for all apps. The property can be further configured individually for one or more apps in the app metadata using
3939

4040
```sh
41-
openrun app update-metadata conf --promote 'audit.redact_url=true' /myapp
41+
openrun app update conf --promote 'audit.redact_url=true' /myapp
4242
```
4343

4444
## Config Access from Code

content/docs/Configuration/Secrets.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,5 +148,5 @@ security.default_secrets_provider = "env"
148148
The `env` provider is used by default if it is enabled in the config. The default can be changed per app by setting
149149

150150
```sh
151-
openrun app update-metadata conf --promote 'security.default_secrets_provider="prop_myfile"' /myapp
151+
openrun app update conf --promote 'security.default_secrets_provider="prop_myfile"' /myapp
152152
```

content/docs/Configuration/Security.md

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ See [appsecurity]({{< ref "appsecurity" >}}) for details about the application l
7171

7272
## CSRF Protection
7373

74-
CSRF protection is automatically enabled for OpenRun internal APIs and for API calls to apps. This uses the [CrossOriginProtection](https://pkg.go.dev/net/http#CrossOriginProtection) middleware. Use `app_config.security.disable_csrf_protection = true` in `openrun.toml` to disable globally for all apps. CSRF protection can be disabled individually for apps by running `openrun app update-metadata conf --promote 'security.disable_csrf_protection=true' /myapp`
74+
CSRF protection is automatically enabled for OpenRun internal APIs and for API calls to apps. This uses the [CrossOriginProtection](https://pkg.go.dev/net/http#CrossOriginProtection) middleware. Use `app_config.security.disable_csrf_protection = true` in `openrun.toml` to disable globally for all apps. CSRF protection can be disabled individually for apps by running `openrun app update conf --promote 'security.disable_csrf_protection=true' /myapp`
7575

7676
## Private Repository Access
7777

@@ -115,11 +115,9 @@ default_git_auth = "mykey"
115115
This git key is used for `apply` and `sync` also. To change the git auth key for an app, run:
116116

117117
```bash
118-
openrun app update-settings git-auth newkey /myapp
118+
openrun app update git-auth --promote newkey /myapp
119119
```
120120

121-
The git auth is not a staged changed, it applies immediately for the staging and prod apps and preview apps.
122-
123121
## GitLab Groups and Subgroups
124122

125123
GitLab Cloud and on-prem supports [group and sub-groups](https://docs.gitlab.com/user/group/). By default in OpenRun, a git path like `gitlab.com/myuser/a/b/c` is assumed to be referencing `myuser` user or org, repo `a` and folder `b/c`. If using groups in GitLab, this might be incorrect. Two forward slashes `//` are required to indicate the end of the repo name. If `b` is the repo name, the above path would have to be referenced as `gitlab.com/myuser/a/b//c`. In that case, repo will be `a/b` and folder will be `c`.

content/docs/Container/Config.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ The `openrun.toml` can be updated to have a different value for any of the prope
3838
To apply the config at the app level, the app metadata can be updated. For example the command
3939

4040
```sh
41-
openrun app update-metadata conf --promote container.idle_shutdown_secs=600 /myapp
41+
openrun app update conf --promote container.idle_shutdown_secs=600 /myapp
4242
```
4343

4444
changes the idle timeout for the `/myapp` app to 600 secs. Without the `--promote` option, the change will be staged and can be verified on the staging app. App metadata level setting take precedence over the defaults in the `openrun.toml`. Using `all` as the app name will apply the change for all current apps (but not for any new apps created later).

content/docs/Container/Overview.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,11 @@ will create an app at `https://localhost:25223/streamlit_app`. On the first API
3232

3333
The specs defined currently are:
3434

35-
| Spec Name | Required Params | Optional Params | Supports Path Routing | Notes | Example |
36-
| :---------------------- | :------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------- | :-------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------ |
35+
| Spec Name | Required Params | Optional Params | Supports Path Routing | Notes | Example |
36+
| :---------------------- | :------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------- | :-------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------- |
3737
| container | | <ul><li><b>port</b> : The port number within container, optional if EXPOSE directive is present</li></ul> | Depends on app | Requires app code to have a Containerfile/Dockerfile |
3838
| image | <ul><li><b>image</b>: The image to use for the container</li> <li><b>port</b> : The port number within container</li></ul> | | Depends on app | No source url required when creating app, use - as url | `openrun app create --spec image --approve --param image=nginx --param port=80 - nginxapp.localhost:/` |
39-
| proxy | <ul><li><b>url</b>: The url to which requests should be proxied</li> </ul> | | No | No source url required when creating app, use - as url | `openrun app create --spec proxy --approve -param url=https://openrun.dev - proxyapp.localhost:/` |
39+
| proxy | <ul><li><b>url</b>: The url to which requests should be proxied</li> </ul> | | No | No source url required when creating app, use - as url | `openrun app create --spec proxy --approve -param url=https://openrun.dev - proxyapp.localhost:/` |
4040
| python-wsgi | | <ul><li><b>APP_MODULE</b>: The module:app for the WSGI app. Defaults to app:app, meaning app in app.py</li> </ul> | Depends on app | Runs Web Server Gateway Interface (WSGI) apps using gunicorn |
4141
| python-asgi | | <ul><li><b>APP_MODULE</b>: The module:app for the ASGI app. Defaults to app:app, meaning app in app.py</li> </ul> | Depends on app | Runs Asynchronous Server Gateway Interface (ASGI) apps using uvicorn |
4242
| python-flask | | <ul><li><b>port</b> : The port number within container. If EXPOSE directive is present, that is used. Defaults to 5000</li></ul> | Depends on app | Runs app using flask dev server |
@@ -94,7 +94,7 @@ openrun app create --approve --spec python-fasthtml \
9494
To update args, run
9595

9696
```sh
97-
openrun app update-metadata carg PYTHON_VERSION=3.11.2 fasthtmlapp.localhost:/
97+
openrun app update carg PYTHON_VERSION=3.11.2 fasthtmlapp.localhost:/
9898
```
9999

100100
Like all metadata updates, arg updates are staged. Pass `--promote` to promote immediately or run `app promote` to promote from stage to prod.
@@ -119,7 +119,7 @@ sets the CPU shares for the container to 1000.
119119
To update container options, run
120120

121121
```sh
122-
openrun app update-metadata copt cpu-shares=500 fasthtmlapp.localhost:/
122+
openrun app update copt cpu-shares=500 fasthtmlapp.localhost:/
123123
```
124124

125125
Like all metadata updates, option updates are staged. Pass `--promote` to promote immediately or run `app promote` to promote from stage to prod.
@@ -160,7 +160,7 @@ To define the volume in the app config, add
160160
To set the volume info in the app metadata, run
161161

162162
```sh
163-
openrun app update-metadata cvol --promote "cl_secret:secret.tmpl:/app/secret.ini" /APPPATH
163+
openrun app update cvol --promote "cl_secret:secret.tmpl:/app/secret.ini" /APPPATH
164164
```
165165

166166
multiple values are supported for `cvol`.

0 commit comments

Comments
 (0)