resource: fix support for remote resources

We were missing remote_resource_id.

.envrc.example

@@ -0,0 +1,11 @@
+export OPAL_AUTH_TOKEN=Token for testing locally with dev_overrides
+export OPAL_TEST_TOKEN=Token used for running acceptance tests
+export OPAL_TEST_KNOWN_USER_ID_1=A user ID in the test org
+export OPAL_TEST_KNOWN_USER_ID_2=Another user ID in the test org
+export OPAL_TEST_BASE_URL=The url of your Opal installation to test with.
+export OPAL_TEST_KNOWN_CUSTOM_APP_ID=App ID for a custom app in the test org
+export OPAL_TEST_KNOWN_CUSTOM_APP_ADMIN_OWNER_ID=Owner ID for the owner of OPAL_TEST_KNOWN_CUSTOM_APP_ID
+export OPAL_TEST_KNOWN_REQUEST_TEMPLATE_ID=Request Template ID in the test org
+export OPAL_TEST_KNOWN_GITHUB_APP_ID=App ID for a github app connection set up in the test org
+export OPAL_TEST_KNOWN_GITHUB_APP_METADATA='{"git_hub_repo"={"org_name"="example-org", "repo_name"="example-repo"}}'
+export OPAL_TEST_KNOWN_GITHUB_APP_REMOTE_RESOURCE_ID=example-org/example-repo

.github/workflows/test.yml

@@ -30,6 +30,9 @@ jobs:
           OPAL_TEST_KNOWN_CUSTOM_APP_ID: ${{ secrets.OPAL_TEST_KNOWN_CUSTOM_APP_ID }}
           OPAL_TEST_KNOWN_CUSTOM_APP_ADMIN_OWNER_ID: ${{ secrets.OPAL_TEST_KNOWN_CUSTOM_APP_ADMIN_OWNER_ID }}
           OPAL_TEST_KNOWN_REQUEST_TEMPLATE_ID: ${{ secrets.OPAL_TEST_KNOWN_REQUEST_TEMPLATE_ID }}
+          OPAL_TEST_KNOWN_GITHUB_APP_ID: ${{ secrets.OPAL_TEST_KNOWN_GITHUB_APP_ID }}
+          OPAL_TEST_KNOWN_GITHUB_APP_METADATA: ${{ secrets.OPAL_TEST_KNOWN_GITHUB_APP_METADATA }}
+          OPAL_TEST_KNOWN_GITHUB_APP_REMOTE_RESOURCE_ID: ${{ secrets.OPAL_TEST_KNOWN_GITHUB_APP_REMOTE_RESOURCE_ID }}
       - name: Clean up test organization
         run: make sweep
         env:
@@ -40,6 +43,9 @@ jobs:
           OPAL_TEST_KNOWN_CUSTOM_APP_ID: ${{ secrets.OPAL_TEST_KNOWN_CUSTOM_APP_ID }}
           OPAL_TEST_KNOWN_CUSTOM_APP_ADMIN_OWNER_ID: ${{ secrets.OPAL_TEST_KNOWN_CUSTOM_APP_ADMIN_OWNER_ID }}
           OPAL_TEST_KNOWN_REQUEST_TEMPLATE_ID: ${{ secrets.OPAL_TEST_KNOWN_REQUEST_TEMPLATE_ID }}
+          OPAL_TEST_KNOWN_GITHUB_APP_ID: ${{ secrets.OPAL_TEST_KNOWN_GITHUB_APP_ID }}
+          OPAL_TEST_KNOWN_GITHUB_APP_METADATA: ${{ secrets.OPAL_TEST_KNOWN_GITHUB_APP_METADATA }}
+          OPAL_TEST_KNOWN_GITHUB_APP_REMOTE_RESOURCE_ID: ${{ secrets.OPAL_TEST_KNOWN_GITHUB_APP_REMOTE_RESOURCE_ID }}
       - name: Generate docs
         run: go generate
       - name: Check for doc changes

docs/resources/resource.md

@@ -27,7 +27,8 @@ An Opal Resource resource.
 - `auto_approval` (Boolean) Automatically approve all requests for this resource without review.
 - `description` (String) The description of the resource.
 - `max_duration` (Number) The maximum duration for which this resource can be requested (in minutes). By default, the max duration is indefinite access.
-- `metadata` (String) The JSON metadata about the remote resource. Include only for items linked to remote systems. See [the guide](https://docs.opal.dev/reference/how-opal).
+- `metadata` (String) The JSON metadata about the remote resource. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/how-opal) for details on how to specify this field.
+- `remote_resource_id` (String) The ID of the resource on the remote system. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/how-opal) for details on how to specify this field.
 - `request_template_id` (String) The ID of a request template for this resource. You can get this ID from the URL in the Opal web app.
 - `require_manager_approval` (Boolean) Require the requester's manager's approval for requests to this resource.
 - `require_mfa_to_approve` (Boolean) Require that reviewers MFA to approve requests for this resource.

opal/resource.go

@@ -44,6 +44,7 @@ func resourceResource() *schema.Resource {
 				}
 				return nil
 			},
+			// XXX: We could enforce that remote_resource_id/metadata must be passed for resource types that need it.
 		),
 		Schema: map[string]*schema.Schema{
 			"id": {
@@ -110,9 +111,14 @@ func resourceResource() *schema.Resource {
 				Type:        schema.TypeString,
 				Optional:    true,
 			},
-			// XXX: remote resource id
+			"remote_resource_id": {
+				Description: "The ID of the resource on the remote system. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/how-opal) for details on how to specify this field.",
+				Type:        schema.TypeString,
+				ForceNew:    true,
+				Optional:    true,
+			},
 			"metadata": {
-				Description:  "The JSON metadata about the remote resource. Include only for items linked to remote systems. See [the guide](https://docs.opal.dev/reference/how-opal).",
+				Description:  "The JSON metadata about the remote resource. Include only for items linked to remote systems. See [this guide](https://docs.opal.dev/reference/how-opal) for details on how to specify this field.",
 				Type:         schema.TypeString,
 				Optional:     true,
 				ForceNew:     true,
@@ -174,6 +180,9 @@ func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, m any)
 	if metadataI, ok := d.GetOk("metadata"); ok {
 		createInfo.SetMetadata(metadataI.(string))
 	}
+	if remoteResourceIDI, ok := d.GetOk("remote_resource_id"); ok {
+		createInfo.SetRemoteResourceId(remoteResourceIDI.(string))
+	}
 
 	resource, _, err := client.ResourcesApi.CreateResource(ctx).CreateResourceInfo(*createInfo).Execute()
 	if err != nil {

opal/resource_test.go

@@ -170,7 +170,36 @@ auto_approval = true
 	})
 }
 
-// XXX: Test metadata / Remote ID
+var knownGithubAppID = os.Getenv("OPAL_TEST_KNOWN_GITHUB_APP_ID")
+var knownGithubAppMetadata = os.Getenv("OPAL_TEST_KNOWN_GITHUB_APP_METADATA")
+var knownGithubAppRemoteResourceID = os.Getenv("OPAL_TEST_KNOWN_GITHUB_APP_REMOTE_RESOURCE_ID")
+
+// TestAccResource_Remote tests creating a resource with a remote system.
+func TestAccResource_Remote(t *testing.T) {
+	baseName := "tf_acc_test_resource_" + acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
+	resourceName := "opal_resource." + baseName
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckResourceDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`resource "opal_resource" "%s" {
+	name = "%s"
+	app_id = "%s"
+	resource_type = "GIT_HUB_REPO"
+	metadata = jsonencode(%s)
+	remote_resource_id = "%s"
+}
+`, baseName, baseName, knownGithubAppID, knownGithubAppMetadata, knownGithubAppRemoteResourceID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "name", baseName),
+				),
+			},
+		},
+	})
+}
 
 func testAccResourceResource(tfName, name, additional string) string {
 	return fmt.Sprintf(`