This document explains how to create an OIDC Identity Mapping via a Terraform script under a specific project in Artifactory.
Prerequisites:
1. The project should already be created in Artifactory.
2. OIDC integration should be configured under Manage integration (for which the new identity mapping will be created).
Steps to Create OIDC Identity Mapping:
Create a main.tf file with the following content:
terraform {
required_providers {
platform = {
source = "jfrog/platform"
version = "2.2.1"
}
}
}
provider "platform" {
url = "https://server.jfrog.io/artifactory"
access_token = "<TOKEN>"
}
resource "platform_oidc_identity_mapping" "my-github-oidc-project-roles-identity-mapping" {
name = "test"
description = "My GitHub OIDC Project role identity mapping"
provider_name = "github"
priority = 1
claims_json = jsonencode({
"sub" = "repo:humpty/access-oidc-poc:ref:refs/heads/main",
"workflow_ref" = "humpty/access-oidc-poc/.github/workflows/job.yaml@refs/heads/main"
})
token_spec = {
scope = "applied-permissions/roles:abc:\"Project Admin\",\"Developer\""
audience = "jfrog-github"
expires_in = 7200
}
project_key = "abc"
}
NOTES:
In the above script:
1. The provider_name and audience should be set to the name of the OIDC integration you created.
2. Under the token_spec section, the scope must include the project key defined by the parameter roles.
Execute the following actions:
Terraform Initialization: Run the command terraform init to initialize the Terraform environment and download the necessary providers.
Terraform Plan: Run terraform plan to preview the changes that will be made to the environment.
Terraform Apply: Execute terraform apply to apply the changes and create the identity mapping.
Once the terraform apply is executed successfully, you should see the identity mapping created under the "ashritha" project in the project section, as shown in the image below:
