Attempt to add SkipTLSVerify to provider:

docs/index.md

@@ -39,6 +39,7 @@ terraform {
 provider "zitadel" {
   domain           = "localhost"
   insecure         = "true"
+  skip_tls_verify  = false
   port             = "8080"
   jwt_profile_file = "local-token"
 }
@@ -58,4 +59,5 @@ provider "zitadel" {
 - `jwt_profile_file` (String) Path to the file containing credentials to connect to ZITADEL. Either 'jwt_file', 'jwt_profile_file' or 'jwt_profile_json' is required
 - `jwt_profile_json` (String) JSON value of credentials to connect to ZITADEL. Either 'jwt_file', 'jwt_profile_file' or 'jwt_profile_json' is required
 - `port` (String) Used port if not the default ports 80 or 443 are configured
+- `skip_tls_verify` (Boolean) Skip TLS certificate verification
 - `token` (String) Path to the file containing credentials to connect to ZITADEL

zitadel/helper/client.go

@@ -23,6 +23,8 @@ const (
 	DomainDescription         = "Domain used to connect to the ZITADEL instance"
 	InsecureVar               = "insecure"
 	InsecureDescription       = "Use insecure connection"
+	SkipTLSVerifyVar          = "skip_tls_verify"
+	SkipTLSVerifyDescription  = "Skip TLS certificate verification"
 	TokenVar                  = "token"
 	TokenDescription          = "Path to the file containing credentials to connect to ZITADEL"
 	PortVar                   = "port"
@@ -43,7 +45,7 @@ type ClientInfo struct {
 	Options []zitadel.Option
 }
 
-func GetClientInfo(ctx context.Context, insecure bool, domain string, token string, jwtFile string, jwtProfileFile string, jwtProfileJSON string, port string) (*ClientInfo, error) {
+func GetClientInfo(ctx context.Context, insecure bool, skipTLSVerify bool, domain string, token string, jwtFile string, jwtProfileFile string, jwtProfileJSON string, port string) (*ClientInfo, error) {
 	options := make([]zitadel.Option, 0)
 	keyPath := ""
 	if token != "" {
@@ -68,6 +70,8 @@ func GetClientInfo(ctx context.Context, insecure bool, domain string, token stri
 	if insecure {
 		options = append(options, zitadel.WithInsecure())
 		issuerScheme = "http://"
+	} else if skipTLSVerify {
+		options = append(options, zitadel.WithInsecureSkipVerifyTLS())
 	}
 
 	issuerPort := port

zitadel/provider.go

@@ -112,6 +112,7 @@ func NewProviderPV6(option ...zitadel_go.Option) provider.Provider {
 
 type providerModel struct {
 	Insecure       types.Bool   `tfsdk:"insecure"`
+	SkipTLSVerify  types.Bool   `tfsdk:"skip_tls_verify"`
 	Domain         types.String `tfsdk:"domain"`
 	Port           types.String `tfsdk:"port"`
 	Token          types.String `tfsdk:"token"`
@@ -136,6 +137,11 @@ func (p *providerPV6) GetSchema(_ context.Context) (tfsdk.Schema, fdiag.Diagnost
 				Optional:    true,
 				Description: helper.InsecureDescription,
 			},
+			helper.SkipTLSVerifyVar: {
+				Type:        types.BoolType,
+				Optional:    true,
+				Description: helper.SkipTLSVerifyDescription,
+			},
 			helper.TokenVar: {
 				Type:        types.StringType,
 				Optional:    true,
@@ -175,6 +181,7 @@ func (p *providerPV6) Configure(ctx context.Context, req provider.ConfigureReque
 
 	info, err := helper.GetClientInfo(ctx,
 		config.Insecure.ValueBool(),
+		config.SkipTLSVerify.ValueBool(),
 		config.Domain.ValueString(),
 		config.Token.ValueString(),
 		config.JWTFile.ValueString(),
@@ -274,6 +281,11 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				Description: helper.InsecureDescription,
 			},
+			helper.SkipTLSVerifyVar: {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: helper.SkipTLSVerifyDescription,
+			},
 			helper.TokenVar: {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -373,6 +385,7 @@ func Provider() *schema.Provider {
 func ProviderConfigure(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {
 	clientinfo, err := helper.GetClientInfo(ctx,
 		d.Get(helper.InsecureVar).(bool),
+		d.Get(helper.SkipTLSVerifyVar).(bool),
 		d.Get(helper.DomainVar).(string),
 		d.Get(helper.TokenVar).(string),
 		d.Get(helper.JWTFileVar).(string),