add tls skip to provider

provider.go

@@ -17,8 +17,9 @@ func NewProvider() provider.Provider {
 type bitbucketTokenProvider struct{}
 
 type bitbucketTokenProviderModel struct {
-	AuthHeader types.String `tfsdk:"auth_header"`
+	AuthHeader    types.String `tfsdk:"auth_header"`
-	ServerURL  types.String `tfsdk:"server_url"`
+	ServerURL     types.String `tfsdk:"server_url"`
+	TLSSkipVerify types.Bool   `tfsdk:"tls_skip_verify"`
 }
 
 func (p *bitbucketTokenProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) {
@@ -38,6 +39,10 @@ func (p *bitbucketTokenProvider) Schema(_ context.Context, _ provider.SchemaRequ
 				Description: "Base URL of the Bitbucket server (e.g. https://stash.example.com). Must not end with a slash.",
 				Required:    true,
 			},
+			"tls_skip_verify": schema.BoolAttribute{
+				Description: "If true, disables TLS certificate verification. Use only for testing or internal servers.",
+				Optional:    true,
+			},
 		},
 	}
 }
@@ -66,8 +71,9 @@ func (p *bitbucketTokenProvider) Configure(ctx context.Context, req provider.Con
 	}
 
 	providerData := &ProviderData{
-		AuthHeader: config.AuthHeader.ValueString(),
+		AuthHeader:    config.AuthHeader.ValueString(),
-		ServerURL:  config.ServerURL.ValueString(),
+		ServerURL:     config.ServerURL.ValueString(),
+		TLSSkipVerify: config.TLSSkipVerify.ValueBool(), // <-- passes TLS flag through
 	}
 
 	resp.DataSourceData = providerData

resource_token.go

@@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -15,13 +16,15 @@ import (
 )
 
 type ProviderData struct {
-	AuthHeader string
+	AuthHeader    string
-	ServerURL  string
+	ServerURL     string
+	TLSSkipVerify bool
 }
 
 type BitbucketTokenResource struct {
-	authHeader string
+	authHeader    string
-	serverURL  string
+	serverURL     string
+	tlsSkipVerify bool
 }
 
 func NewBitbucketTokenResource() resource.Resource {
@@ -92,11 +95,23 @@ func (r *BitbucketTokenResource) Configure(ctx context.Context, req resource.Con
 
 	r.authHeader = providerData.AuthHeader
 	r.serverURL = providerData.ServerURL
+	r.tlsSkipVerify = providerData.TLSSkipVerify
+}
+
+func (r *BitbucketTokenResource) httpClient() *http.Client {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: r.tlsSkipVerify},
+	}
+	return &http.Client{
+		Timeout:   15 * time.Second,
+		Transport: tr,
+	}
 }
 
 func (r *BitbucketTokenResource) getExistingToken(auth, baseURL, project, repo, name string) (string, error) {
 	apiURL := fmt.Sprintf("%s/rest/access-tokens/latest/projects/%s/repos/%s?limit=10000", baseURL, project, repo)
-	client := &http.Client{Timeout: 15 * time.Second}
+
+	client := r.httpClient()
 
 	reqGet, _ := http.NewRequest("GET", apiURL, nil)
 	reqGet.Header.Add("Authorization", "Basic "+auth)
@@ -145,7 +160,9 @@ func (r *BitbucketTokenResource) createToken(auth, baseURL, project, repo, name
 	}
 
 	payloadBytes, _ := json.Marshal(payload)
-	client := &http.Client{Timeout: 15 * time.Second}
+
+	client := r.httpClient()
+
 	reqPut, _ := http.NewRequest("PUT", putURL, bytes.NewReader(payloadBytes))
 	reqPut.Header.Add("Authorization", "Basic "+auth)
 	reqPut.Header.Add("Content-Type", "application/json")
@@ -293,7 +310,7 @@ func (r *BitbucketTokenResource) Delete(ctx context.Context, req resource.Delete
 	name := data.TokenName.ValueString()
 	baseURL := r.serverURL
 
-	client := &http.Client{Timeout: 15 * time.Second}
+	client := r.httpClient()
 
 	tokenID, err := r.getExistingToken(auth, baseURL, project, repo, name)
 	if err != nil {