Add insecure option for TLS certificate verification skip

- Add insecure provider option to skip TLS verification
- Useful for self-signed or expired BMC certificates
- Support TURINGPI_INSECURE environment variable
- Use shared HTTP client with configurable TLS settings
- Update documentation and examples to v1.0.4

Author: jfreed-dev

.gitignore

@@ -1,6 +1,9 @@
 # Claude Code
 CLAUDE.md
 
+# Testing directory (may contain credentials)
+testing/
+
 # Go
 terraform-provider-turingpi
 turingpi-terraform-provider

CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.0.4] - 2025-12-22
+
+### Added
+- `insecure` provider option to skip TLS certificate verification
+- Useful for self-signed or expired BMC certificates
+- Environment variable support via `TURINGPI_INSECURE`
+
+### Changed
+- Shared HTTP client for all API requests with configurable TLS settings
+
 ## [1.0.3] - 2025-12-22
 
 ### Added
@@ -57,7 +67,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Release automation workflow with GoReleaser
 - Multi-platform binaries (linux/darwin/windows, amd64/arm64)
 
-[Unreleased]: https://github.com/jfreed-dev/terraform-provider-turingpi/compare/v1.0.3...HEAD
+[Unreleased]: https://github.com/jfreed-dev/terraform-provider-turingpi/compare/v1.0.4...HEAD
+[1.0.4]: https://github.com/jfreed-dev/terraform-provider-turingpi/compare/v1.0.3...v1.0.4
 [1.0.3]: https://github.com/jfreed-dev/terraform-provider-turingpi/compare/v1.0.2...v1.0.3
 [1.0.2]: https://github.com/jfreed-dev/terraform-provider-turingpi/compare/v1.0.1...v1.0.2
 [1.0.1]: https://github.com/jfreed-dev/terraform-provider-turingpi/compare/v1.0.0...v1.0.1

README.md

@@ -18,7 +18,7 @@ terraform {
   required_providers {
     turingpi = {
       source  = "jfreed-dev/turingpi"
-      version = "1.0.3"
+      version = "1.0.4"
     }
   }
 }
@@ -27,6 +27,7 @@ provider "turingpi" {
   username = "root"                      # or TURINGPI_USERNAME env var
   password = "turing"                    # or TURINGPI_PASSWORD env var
   endpoint = "https://turingpi.local"    # or TURINGPI_ENDPOINT env var (optional)
+  insecure = false                       # or TURINGPI_INSECURE env var (optional)
 }
 ```
 
@@ -36,6 +37,7 @@ Using environment variables:
 export TURINGPI_USERNAME=root
 export TURINGPI_PASSWORD=turing
 export TURINGPI_ENDPOINT=https://192.168.1.100  # optional
+export TURINGPI_INSECURE=true                   # optional, for self-signed/expired certs
 ```
 
 ```hcl

docs/index.md

@@ -23,7 +23,7 @@ terraform {
   required_providers {
     turingpi = {
       source  = "jfreed-dev/turingpi"
-      version = "1.0.3"
+      version = "1.0.4"
     }
   }
 }
@@ -49,13 +49,15 @@ The provider requires BMC credentials to authenticate with the Turing Pi board.
 - `username` - (Required) BMC username. Can also be set via `TURINGPI_USERNAME` environment variable.
 - `password` - (Required) BMC password. Can also be set via `TURINGPI_PASSWORD` environment variable.
 - `endpoint` - (Optional) BMC API endpoint URL. Defaults to `https://turingpi.local`. Can also be set via `TURINGPI_ENDPOINT` environment variable.
+- `insecure` - (Optional) Skip TLS certificate verification. Useful for self-signed or expired certificates. Defaults to `false`. Can also be set via `TURINGPI_INSECURE` environment variable.
 
 ### Using Environment Variables
 
 ```bash
 export TURINGPI_USERNAME=root
 export TURINGPI_PASSWORD=turing
 export TURINGPI_ENDPOINT=https://192.168.1.100
+export TURINGPI_INSECURE=true  # optional, for self-signed/expired certs
 ```
 
 ```hcl

examples/basic/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     turingpi = {
       source  = "jfreed-dev/turingpi"
-      version = "1.0.3"
+      version = "1.0.4"
     }
   }
 }

examples/flash-firmware/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     turingpi = {
       source  = "jfreed-dev/turingpi"
-      version = "1.0.3"
+      version = "1.0.4"
     }
   }
 }

examples/full-provisioning/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     turingpi = {
       source  = "jfreed-dev/turingpi"
-      version = "1.0.3"
+      version = "1.0.4"
     }
   }
 }

provider/auth.go

@@ -4,15 +4,14 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"net/http"
 )
 
 func authenticate(endpoint, username, password string) (string, error) {
 	url := fmt.Sprintf("%s/api/bmc/authenticate", endpoint)
 	data := map[string]string{"username": username, "password": password}
 	jsonData, _ := json.Marshal(data)
 
-	resp, err := http.Post(url, "application/json", bytes.NewBuffer(jsonData))
+	resp, err := HTTPClient.Post(url, "application/json", bytes.NewBuffer(jsonData))
 	if err != nil {
 		return "", err
 	}

provider/helpers.go

@@ -8,6 +8,8 @@ import (
 	"time"
 )
 
+// Note: Uses HTTPClient from provider.go for TLS configuration
+
 func checkPowerStatus(node int) string {
 	// Simulate checking power status
 	fmt.Printf("Checking power status for node %d\n", node)
@@ -32,7 +34,6 @@ func flashNode(node int, firmware string) {
 
 func checkBootStatus(endpoint string, node int, timeout int, token string) (bool, error) {
 	url := fmt.Sprintf("%s/api/bmc?opt=get&type=uart&node=%d", endpoint, node)
-	client := &http.Client{}
 
 	deadline := time.Now().Add(time.Duration(timeout) * time.Second)
 
@@ -43,7 +44,7 @@ func checkBootStatus(endpoint string, node int, timeout int, token string) (bool
 		}
 
 		req.Header.Set("Authorization", "Bearer "+token)
-		resp, err := client.Do(req)
+		resp, err := HTTPClient.Do(req)
 		if err != nil {
 			return false, fmt.Errorf("UART request failed: %v", err)
 		}

provider/provider.go

@@ -1,11 +1,17 @@
 package provider
 
 import (
+	"crypto/tls"
+	"net/http"
+
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 const defaultEndpoint = "https://turingpi.local"
 
+// HTTPClient is the shared HTTP client for all API requests
+var HTTPClient = &http.Client{}
+
 // ProviderConfig holds the configuration for the provider
 type ProviderConfig struct {
 	Token    string
@@ -34,6 +40,12 @@ func Provider() *schema.Provider {
 				DefaultFunc: schema.EnvDefaultFunc("TURINGPI_ENDPOINT", defaultEndpoint),
 				Description: "The BMC API endpoint URL (e.g., https://turingpi.local or https://192.168.1.100)",
 			},
+			"insecure": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("TURINGPI_INSECURE", false),
+				Description: "Skip TLS certificate verification (useful for self-signed or expired certificates)",
+			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"turingpi_power": resourcePower(),
@@ -48,6 +60,16 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
 	username := d.Get("username").(string)
 	password := d.Get("password").(string)
 	endpoint := d.Get("endpoint").(string)
+	insecure := d.Get("insecure").(bool)
+
+	// Configure HTTP client with TLS settings
+	if insecure {
+		HTTPClient = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
+		}
+	}
 
 	token, err := authenticate(endpoint, username, password)
 	if err != nil {