[Feature Request] In debug logging, don't log "Dd-Api-Key" / "Dd-Application-Key" HTTP headers

[ktham]

Terraform Version

0.13.4

Affected Resource(s)

All resources

Debug Output

2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: 2020/10/30 01:57:11 
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: GET /api/v1/monitor/22357882 HTTP/1.1
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: Host: api.datadoghq.com
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: User-Agent: terraform-provider-datadog/2.13.0 (terraform 1.15.0; terraform-cli 0.13.4) datadog-api-client-go/1.0.0-beta.8 (go go1.15.1; os linux; arch amd64)
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: Accept: application/json
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: Dd-Api-Key: [REDACTED]
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: Dd-Application-Key: [REDACTED]
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: Dd-Operation-Id: GetMonitor
2020-10-30T01:57:11.067Z [DEBUG] plugin.terraform-provider-datadog_v2.13.0: Accept-Encoding: gzip

Expected Behavior

The Dd-Application-Key and Dd-Api-Key HTTP headers either should not be logged, or the value should be redacted.

Actual Behavior

The api keys are printed in raw text in the debug logs.

Steps to Reproduce

terraform plan with TF_LOG=DEBUG

My recommendation would be to create a whitelist of HTTP header fields that are allowed to be written to DEBUG level logs.

[nmuesch]

Hey @ktham Thanks for raising. We just merged in a PR to the underlying client to redact keys in the debug logging - DataDog/datadog-api-client-go#618

This should go live with the next version of the provider

[ktham]

@nmuesch Thank you!!!

[therve]

Fixes by #795