[Security Solution][Serverless] Use correct HTTP headers for serverless access to internal APIs (#163109)

## Summary - Adds the `x-elastic-internal-origin` HTTP header to the Cypress test suite
2025-04-24 09:48:58 -04:00 · 2023-08-03 17:18:00 -04:00 · 2023-08-03 17:18:00 -04:00 · 2e02a6cf00
commit 2e02a6cf00
parent b443c0cb9d
4 changed files with 21 additions and 9 deletions
--- a/x-pack/plugins/security_solution/public/management/cypress/tasks/common.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/tasks/common.ts
@ -10,7 +10,10 @@ export const API_AUTH = Object.freeze({
  pass: Cypress.env('KIBANA_PASSWORD') ?? Cypress.env('ELASTICSEARCH_PASSWORD'),
 });

-export const COMMON_API_HEADERS = Object.freeze({ 'kbn-xsrf': 'cypress' });
+export const COMMON_API_HEADERS = Object.freeze({
+  'kbn-xsrf': 'cypress',
+  'x-elastic-internal-origin': 'security-solution',
+});

 export const waitForPageToBeLoaded = () => {
  cy.getByTestSubj('globalLoadingIndicator-hidden').should('exist');
--- a/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/login.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/login.ts
@ -7,7 +7,8 @@

 import { request } from '@kbn/security-solution-plugin/public/management/cypress/tasks/common';
 import { isLocalhost } from '@kbn/security-solution-plugin/scripts/endpoint/common/is_localhost';
-import { ServerlessRoleName } from '../../../../../shared/lib';
+import type { ServerlessRoleName } from '../../../../../shared/lib';
+import { STANDARD_HTTP_HEADERS } from '../../../../../shared/lib/security/default_http_headers';

 /**
 * Send login via API
@ -26,7 +27,7 @@ const sendApiLoginRequest = (
  cy.log(`Authenticating [${username}] via ${url.toString()}`);

  return request({
-    headers: { 'kbn-xsrf': 'cypress-creds-via-env' },
+    headers: { ...STANDARD_HTTP_HEADERS },
    method: 'POST',
    url: url.toString(),
    body: {
--- a/x-pack/test_serverless/shared/lib/security/default_http_headers.ts
+++ b/x-pack/test_serverless/shared/lib/security/default_http_headers.ts
@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const STANDARD_HTTP_HEADERS = Object.freeze({
+  'kbn-xsrf': 'cypress-creds-via-env',
+  'x-elastic-internal-origin': 'security-solution',
+});
--- a/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts
+++ b/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts
@ -16,6 +16,7 @@ import {
  getServerlessSecurityKibanaRoleDefinitions,
  ServerlessSecurityRoles,
 } from './kibana_roles';
+import { STANDARD_HTTP_HEADERS } from '../default_http_headers';

 const ignoreHttp409Error = (error: AxiosError) => {
  if (error?.response?.status === 409) {
@ -25,10 +26,6 @@ const ignoreHttp409Error = (error: AxiosError) => {
  throw error;
 };

-const DEFAULT_HEADERS = Object.freeze({
-  'x-elastic-internal-product': 'security-solution',
-});
-
 export interface LoadedRoleAndUser {
  role: string;
  username: string;
@ -80,7 +77,7 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
        method: 'PUT',
        path: `/api/security/role/${roleName}`,
        headers: {
-          ...DEFAULT_HEADERS,
+          ...STANDARD_HTTP_HEADERS,
        },
        body: roleDefinition,
      })
@ -112,7 +109,7 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
        method: 'POST',
        path: `/internal/security/users/${username}`,
        headers: {
-          ...DEFAULT_HEADERS,
+          ...STANDARD_HTTP_HEADERS,
        },
        body: user,
      })