Always emit Turnstile domains, even when empty

When Turnstile is configured with an empty list of domains, no validation
is performed by Cloudflare - the widget can be used anywhere. The website
owner is responsible for validating the challenge was solved on the "right"
website.
This feature is gated behind an entitlement, and `domains = []` is used to
enable this. This is *not* a default value for domains, it must be picked
explicitly.

Fixes #655.

internal/app/cf-terraforming/cmd/generate.go

@@ -931,6 +931,12 @@ func generateResources() func(cmd *cobra.Command, args []string) {
 
 				for i := 0; i < resourceCount; i++ {
 					jsonStructData[i].(map[string]interface{})["id"] = jsonStructData[i].(map[string]interface{})["sitekey"]
+
+					// We always want to emit a list of domains, even if it is empty.
+					// The empty list is used to enable the "Allow on any hostname" feature, it is *not* a default value.
+					if jsonStructData[i].(map[string]interface{})["domains"] == nil {
+						jsonStructData[i].(map[string]interface{})["domains"] = []string{}
+					}
 				}
 			case "cloudflare_url_normalization_settings":
 				jsonPayload, err := api.URLNormalizationSettings(context.Background(), &cloudflare.ResourceContainer{Identifier: zoneID, Level: cloudflare.ZoneRouteLevel})

internal/app/cf-terraforming/cmd/util.go

@@ -293,6 +293,8 @@ func writeAttrLine(key string, value interface{}, parentName string, body *hclwr
 				vals = append(vals, cty.StringVal(item))
 			}
 			body.SetAttributeValue(key, cty.ListVal(vals))
+		} else {
+			body.SetAttributeValue(key, cty.ListValEmpty(cty.String))
 		}
 	case string:
 		if parentName == "query" && key == "value" && value == "" {

testdata/terraform/cloudflare_turnstile_widget_no_domains/test.tf

@@ -1,5 +1,6 @@
 resource "cloudflare_turnstile_widget" "terraform_managed_resource" {
   account_id = "f037e56e89293a057740de681ac9abbe"
+  domains    = []
   mode       = "non-interactive"
   name       = "example sitekey with no domains"
   region     = "world"