feat(Makefile): introduce admin console deployment to Cloud Run with IAP

feat(Makefile): add IAP configuration management for both launchpad and admin
feat(Makefile): refactor IAP user management commands for reusability
feat(Makefile): add Dockerfile for admin-web to containerize the application
feat(Makefile): remove App Engine deployment targets for admin-web

This commit introduces significant changes to the deployment process
for the admin console, migrating it from App Engine to Cloud Run and
integrating Identity-Aware Proxy (IAP) for enhanced security.

The key changes include:

- **Admin Console Deployment to Cloud Run:** The admin console is now
 deployed to Cloud Run using a Dockerfile that builds and
 containerizes the application. This provides a more scalable and
 flexible deployment environment.
- **IAP Integration:** IAP is now enabled for the admin console,
 restricting access to authorized users only. This enhances the
 security of the application and protects sensitive data.
- **IAP Configuration Management:** New commands have been added to
 the Makefile to manage IAP configuration for both the launchpad and
 admin console. These commands allow for easy addition and removal
 of IAP users.
- **Refactored IAP User Management Commands:** The IAP user management
 commands have been refactored to be more reusable and generic. This
 allows for easier management of IAP users for both the launchpad and
 admin console.
- **Removal of App Engine Deployment Targets:** The App Engine
 deployment targets for the admin console have been removed, as the
 application is now deployed to Cloud Run.

These changes provide a more secure, scalable, and maintainable
deployment process for the admin console.

admin-web/Dockerfile

@@ -0,0 +1,38 @@
+# STAGE 1: Build the React application
+FROM node:20-alpine AS build
+
+WORKDIR /app
+
+# Copy package files and install dependencies
+COPY package.json package-lock.json ./
+RUN npm install
+
+# Copy the rest of the application source code
+COPY . .
+
+# Build the application for production
+RUN npm run build
+
+# STAGE 2: Serve the static files with Nginx
+FROM nginx:alpine
+
+# Copy the built files from the build stage
+COPY --from=build /app/dist /usr/share/nginx/html
+
+# Copy our custom Nginx configuration
+# This config is for a Single Page Application (SPA) and listens on port 8080 for Cloud Run
+RUN echo 'server { 
+    listen 8080; 
+    server_name _; 
+    root /usr/share/nginx/html; 
+    index index.html; 
+    location / { 
+        try_files $uri $uri/ /index.html; 
+    }
+}' > /etc/nginx/conf.d/default.conf
+
+# Expose the port Nginx is listening on
+EXPOSE 8080
+
+# Command to run Nginx in the foreground
+CMD ["nginx", "-g", "daemon off;"]

admin-web/app.dev.yaml

@@ -1,13 +0,0 @@
-runtime: nodejs20
-service: admin-web-dev
-
-handlers:
-  # Servir les fichiers statiques (js, css, images, etc.)
-  - url: /(.*\.(js|css|svg|png|jpg|ico|txt))$
-    static_files: dist/\1
-    upload: dist/.*\.(js|css|svg|png|jpg|ico|txt)$
-
-  # Servir l'index.html pour toutes les autres routes (pour le routing côté client de React)
-  - url: /.*
-    static_files: dist/index.html
-    upload: dist/index.html

admin-web/app.staging.yaml

@@ -1,13 +0,0 @@
-runtime: nodejs20
-service: admin-web-staging
-
-handlers:
-  # Servir les fichiers statiques (js, css, images, etc.)
-  - url: /(.*\.(js|css|svg|png|jpg|ico|txt))$
-    static_files: dist/\1
-    upload: dist/.*\.(js|css|svg|png|jpg|ico|txt)$
-
-  # Servir l'index.html pour toutes les autres routes (pour le routing côté client de React)
-  - url: /.*
-    static_files: dist/index.html
-    upload: dist/index.html

admin-web/iap-users.txt

@@ -0,0 +1,8 @@
+# List of authorized users for the Admin Console
+# Format: one email per line, lines starting with # are comments
+#
+# IMPORTANT: These users must belong to the 'krowwithus.com' organization.
+# This is a known limitation of enabling IAP directly on Cloud Run.
+# See: https://docs.cloud.google.com/run/docs/securing/identity-aware-proxy-cloud-run#known_limitations
+
+user:admin@krowwithus.com