Importing existing platform_oidc_identity_mapping results in invalid resource configuration

[nbaju1]

Describe the bug
I'm attempting to import an existing identity mapping to inspect the resulting syntax in the Terraform config. The imported resource in the state does not match the actual mapping in the GUI and also has values not allowed by the provider.

Identity mapping in the GUI:

Resource in state after import:

{
      "mode": "managed",
      "type": "platform_oidc_identity_mapping",
      "name": "setup",
      "provider": "provider[\"registry.terraform.io/jfrog/platform\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "claims_json": "{\"roles\":[\"jfrog_user\"]}",
            "description": "OAuth used for client setup",
            "name": "setup",
            "priority": 1,
            "provider_name": "jfrog-setup",
            "token_spec": {
              "audience": "jfrt@* jfac@* jfmc@* jfmd@* jfevt@* jfxfer@* jflnk@* jfint@* jfwks@*",
              "expires_in": 60,
              "scope": "",
              "username": null
            }
          },
          "sensitive_attributes": []
        }
      ]
    }

Requirements for and issue
Provider version: 1.15.1
Terraform version: 1.9.3
Artifactory version: 7.98.2

Expected behavior
Resource imported with correct values.

[alexhung]

@nbaju1 Which version of Artifactory are you on?

[nbaju1]

@nbaju1 Which version of Artifactory are you on?

Sorry, forgot to add that. 7.98.2.

[alexhung]

@nbaju1 Thanks! The reason I asked is that I don't see that field "Pattern" in our dev and test environments.

Which type of OIDC provider are you using? I don't think this changes the OIDC mapping screen but would be good to know.

[nbaju1]

@alexhung The resource in question is using the Azure OIDC provider.

[alexhung]

@alexhung This is what I see when configuring a OIDC Identity Mapping for Azure OIDC integration:

Note it is the "User name" field, not "Pattern" here.

The REST API also (AFAIK) only support username.

[alexhung]

@nbaju1 Are you setting up OIDC identity mapping with Project (vs Global)?

[nbaju1]

@alexhung Global. If changing to Project, the below image is the identity mapping screen. Which options do you have for the "Token scope" with Global? We have "Admin", "User", "Group", "User Mapping" and "Groups Mapping". User and Groups Mapping has the "Pattern" input.

[alexhung]

@nbaju1 Thanks! Now I see the "Pattern" field in the UI as well as the API response. I'll add this to our plan to add to the resource.