Allow Launcher to use the same Keycloak instance as the OpenShift cluster it's running in

[david-martin]

Currently, when using Launcher with Keycloak it depends on there being 1 Client and at least 2 Identity Providers:

The identity providers are

• openShift-v3 (so launcher can create projects, buildconfigs, routes & deployments on your behalf). Note that this idp needs a very specific alias that matches the cluster id as configured in the launcher-clusters configmap
• github (so launcher can create repos in your a/c)

If you want to manage Launcher users in the Keycloak, then this setup should be sufficient. However, if you want to allow existing OpenShift cluster users to login to Launcher (and that OpenShift is also using Keycloak), you need another Identity provider.

• keycloak-oidc

It currently isn't possible to use a single Keycloak instance for use by OpenShift and Launcher.

Ideally, when using a single Keycloak instance a couple of things should happen that greatly improve the user experience:

• If I'm logged into OpenShift already, and I go to Launcher I am already logged in (no need to click anything, just automatically logged in)
• When I start the Launcher wizard, there should not be an option to 'Authorize' to a specific OpenShift cluster. This option doesn't make sense when Launcher is running in the context of a single cluster. Perhaps even the first option in the wizard (Select Target Environment) should be removed completely.