This commit introduces a more secure method for verifying user
access to the internal launchpad by hashing email addresses.
- Replaces the plain-text email list with SHA-256 hashes.
- Adds a script to generate these hashes from `iap-users.txt`.
- Updates the launchpad HTML to hash the input email and compare
it against the `allowed-hashes.json` file.
- Updates Makefile to generate hashes before deploy and serve.
- Adds .keep file for krow_client folder.
feat(firebase.json): remove site property from api-harness hosting config
feat(firebase): migrate launchpad to firebase hosting with auth
This commit migrates the internal launchpad from Cloud Run with IAP
to Firebase Hosting with Firebase Authentication. This change
simplifies the deployment process and leverages Firebase's authentication
capabilities for user access control.
The following changes were made:
- Updated the Makefile to remove Cloud Run deployment tasks and add
Firebase Hosting deployment tasks.
- Removed the Dockerfile and .gcloudignore files, as they are no longer
needed for Firebase Hosting.
- Updated the firebase.json file to configure Firebase Hosting for the
launchpad.
- Modified the launchpad's index.html to include Firebase Authentication
logic.
- Updated the iap-users.txt file to be used as a whitelist for Firebase
Authentication.
- Added a launchpad-dev target to run the launchpad locally using the
Firebase Hosting emulator.
- Removed the configure-iap-launchpad target, as IAP is no longer used.
- Removed the site property from the api-harness hosting configuration
in firebase.json, as it is not needed.
The migration to Firebase Hosting provides the following benefits:
- Simplified deployment process.
- Firebase Authentication for user access control.
- Improved scalability and reliability.
- Reduced operational overhead.
feat(Makefile): add IAP configuration management for both launchpad and admin
feat(Makefile): refactor IAP user management commands for reusability
feat(Makefile): add Dockerfile for admin-web to containerize the application
feat(Makefile): remove App Engine deployment targets for admin-web
This commit introduces significant changes to the deployment process
for the admin console, migrating it from App Engine to Cloud Run and
integrating Identity-Aware Proxy (IAP) for enhanced security.
The key changes include:
- **Admin Console Deployment to Cloud Run:** The admin console is now
deployed to Cloud Run using a Dockerfile that builds and
containerizes the application. This provides a more scalable and
flexible deployment environment.
- **IAP Integration:** IAP is now enabled for the admin console,
restricting access to authorized users only. This enhances the
security of the application and protects sensitive data.
- **IAP Configuration Management:** New commands have been added to
the Makefile to manage IAP configuration for both the launchpad and
admin console. These commands allow for easy addition and removal
of IAP users.
- **Refactored IAP User Management Commands:** The IAP user management
commands have been refactored to be more reusable and generic. This
allows for easier management of IAP users for both the launchpad and
admin console.
- **Removal of App Engine Deployment Targets:** The App Engine
deployment targets for the admin console have been removed, as the
application is now deployed to Cloud Run.
These changes provide a more secure, scalable, and maintainable
deployment process for the admin console.
This commit removes legacy App Engine deployment artifacts and updates the Makefile to reflect the successful migration of the `internal-launchpad` service to Cloud Run.
The following changes were made:
- Deleted obsolete permission scripts:
- `fix-appengine-permissions-complete.sh`
- `fix-project-level-permissions.sh`
- `create-missing-repository.sh`
- Removed the `firebase/internal-launchpad/app.yaml` file.
- Updated `firebase.json` to remove the `launchpad` hosting configuration.
These changes streamline the repository, reduce developer confusion, and prevent the accidental use of outdated deployment logic.
