From cffc2656b0ede33511e74f0cc2f65967e11f82df Mon Sep 17 00:00:00 2001 From: Jan Husak Date: Wed, 12 Nov 2025 09:47:08 +0100 Subject: [PATCH] add tls skip to provider --- provider.go | 14 ++++++++++---- resource_token.go | 31 ++++++++++++++++++++++++------- 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/provider.go b/provider.go index f7caf0b..ef92df9 100644 --- a/provider.go +++ b/provider.go @@ -17,8 +17,9 @@ func NewProvider() provider.Provider { type bitbucketTokenProvider struct{} type bitbucketTokenProviderModel struct { - AuthHeader types.String `tfsdk:"auth_header"` - ServerURL types.String `tfsdk:"server_url"` + AuthHeader types.String `tfsdk:"auth_header"` + ServerURL types.String `tfsdk:"server_url"` + TLSSkipVerify types.Bool `tfsdk:"tls_skip_verify"` } func (p *bitbucketTokenProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) { @@ -38,6 +39,10 @@ func (p *bitbucketTokenProvider) Schema(_ context.Context, _ provider.SchemaRequ Description: "Base URL of the Bitbucket server (e.g. https://stash.example.com). Must not end with a slash.", Required: true, }, + "tls_skip_verify": schema.BoolAttribute{ + Description: "If true, disables TLS certificate verification. Use only for testing or internal servers.", + Optional: true, + }, }, } } @@ -66,8 +71,9 @@ func (p *bitbucketTokenProvider) Configure(ctx context.Context, req provider.Con } providerData := &ProviderData{ - AuthHeader: config.AuthHeader.ValueString(), - ServerURL: config.ServerURL.ValueString(), + AuthHeader: config.AuthHeader.ValueString(), + ServerURL: config.ServerURL.ValueString(), + TLSSkipVerify: config.TLSSkipVerify.ValueBool(), // <-- passes TLS flag through } resp.DataSourceData = providerData diff --git a/resource_token.go b/resource_token.go index ca5f369..2a0c498 100644 --- a/resource_token.go +++ b/resource_token.go @@ -3,6 +3,7 @@ package main import ( "bytes" "context" + "crypto/tls" "encoding/json" "fmt" "io" @@ -15,13 +16,15 @@ import ( ) type ProviderData struct { - AuthHeader string - ServerURL string + AuthHeader string + ServerURL string + TLSSkipVerify bool } type BitbucketTokenResource struct { - authHeader string - serverURL string + authHeader string + serverURL string + tlsSkipVerify bool } func NewBitbucketTokenResource() resource.Resource { @@ -92,11 +95,23 @@ func (r *BitbucketTokenResource) Configure(ctx context.Context, req resource.Con r.authHeader = providerData.AuthHeader r.serverURL = providerData.ServerURL + r.tlsSkipVerify = providerData.TLSSkipVerify +} + +func (r *BitbucketTokenResource) httpClient() *http.Client { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: r.tlsSkipVerify}, + } + return &http.Client{ + Timeout: 15 * time.Second, + Transport: tr, + } } func (r *BitbucketTokenResource) getExistingToken(auth, baseURL, project, repo, name string) (string, error) { apiURL := fmt.Sprintf("%s/rest/access-tokens/latest/projects/%s/repos/%s?limit=10000", baseURL, project, repo) - client := &http.Client{Timeout: 15 * time.Second} + + client := r.httpClient() reqGet, _ := http.NewRequest("GET", apiURL, nil) reqGet.Header.Add("Authorization", "Basic "+auth) @@ -145,7 +160,9 @@ func (r *BitbucketTokenResource) createToken(auth, baseURL, project, repo, name } payloadBytes, _ := json.Marshal(payload) - client := &http.Client{Timeout: 15 * time.Second} + + client := r.httpClient() + reqPut, _ := http.NewRequest("PUT", putURL, bytes.NewReader(payloadBytes)) reqPut.Header.Add("Authorization", "Basic "+auth) reqPut.Header.Add("Content-Type", "application/json") @@ -293,7 +310,7 @@ func (r *BitbucketTokenResource) Delete(ctx context.Context, req resource.Delete name := data.TokenName.ValueString() baseURL := r.serverURL - client := &http.Client{Timeout: 15 * time.Second} + client := r.httpClient() tokenID, err := r.getExistingToken(auth, baseURL, project, repo, name) if err != nil {