From f651ac3bcd531e7a23880fa7b79a7d33a4d32e2a Mon Sep 17 00:00:00 2001
From: Tom Harvey <tombuildsstuff@users.noreply.github.com>
Date: Mon, 22 Oct 2018 09:49:04 -0700
Subject: [PATCH] Ensuring the Authorization header isn't present in the logs
 (#2131)

---
 azurerm/config.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/azurerm/config.go b/azurerm/config.go
index ceaeb004ae78..9a5f5b896c09 100644
--- a/azurerm/config.go
+++ b/azurerm/config.go
@@ -330,6 +330,13 @@ func (c *ArmClient) configureClient(client *autorest.Client, auth autorest.Autho
 func withRequestLogging() autorest.SendDecorator {
 	return func(s autorest.Sender) autorest.Sender {
 		return autorest.SenderFunc(func(r *http.Request) (*http.Response, error) {
+			// strip the authorization header prior to printing
+			authHeaderName := "Authorization"
+			auth := r.Header.Get(authHeaderName)
+			if auth != "" {
+				r.Header.Del(authHeaderName)
+			}
+
 			// dump request to wire format
 			if dump, err := httputil.DumpRequestOut(r, true); err == nil {
 				log.Printf("[DEBUG] AzureRM Request: \n%s\n", dump)
@@ -338,6 +345,11 @@ func withRequestLogging() autorest.SendDecorator {
 				log.Printf("[DEBUG] AzureRM Request: %s to %s\n", r.Method, r.URL)
 			}
 
+			// add the auth header back
+			if auth != "" {
+				r.Header.Add(authHeaderName, auth)
+			}
+
 			resp, err := s.Do(r)
 			if resp != nil {
 				// dump response to wire format