Ensuring the Authorization header isn't present in the logs (#2131)

hashicorp · Oct 22, 2018 · f651ac3 · f651ac3
1 parent 0825169
commit f651ac3
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/azurerm/config.go b/azurerm/config.go
@@ -330,6 +330,13 @@ func (c *ArmClient) configureClient(client *autorest.Client, auth autorest.Autho
 func withRequestLogging() autorest.SendDecorator {
 	return func(s autorest.Sender) autorest.Sender {
 		return autorest.SenderFunc(func(r *http.Request) (*http.Response, error) {
+			// strip the authorization header prior to printing
+			authHeaderName := "Authorization"
+			auth := r.Header.Get(authHeaderName)
+			if auth != "" {
+				r.Header.Del(authHeaderName)
+			}
+
 			// dump request to wire format
 			if dump, err := httputil.DumpRequestOut(r, true); err == nil {
 				log.Printf("[DEBUG] AzureRM Request: \n%s\n", dump)
@@ -338,6 +345,11 @@ func withRequestLogging() autorest.SendDecorator {
 				log.Printf("[DEBUG] AzureRM Request: %s to %s\n", r.Method, r.URL)
 			}
 
+			// add the auth header back
+			if auth != "" {
+				r.Header.Add(authHeaderName, auth)
+			}
+
 			resp, err := s.Do(r)
 			if resp != nil {
 				// dump response to wire format