[Cloud Security] Added 'x-elastic-internal-origin' to agentless axios request headers for Kibana 9.0 (#203188)

2025-04-24 01:38:56 -04:00 · 2024-12-06 14:21:42 -05:00 · 2024-12-06 14:21:42 -05:00 · e08d7126eb
commit e08d7126eb
parent 1d3bf85d19
2 changed files with 730 additions and 663 deletions
--- a/x-pack/plugins/fleet/server/services/agents/agentless_agent.test.ts
+++ b/x-pack/plugins/fleet/server/services/agents/agentless_agent.test.ts
--- a/x-pack/plugins/fleet/server/services/agents/agentless_agent.ts
+++ b/x-pack/plugins/fleet/server/services/agents/agentless_agent.ts
@ -113,16 +113,7 @@ class AgentlessAgentService {
        labels,
      },
      method: 'POST',
-      headers: {
-        'Content-type': 'application/json',
-        'X-Request-ID': traceId,
-      },
-      httpsAgent: new https.Agent({
-        rejectUnauthorized: tlsConfig.rejectUnauthorized,
-        cert: tlsConfig.certificate,
-        key: tlsConfig.key,
-        ca: tlsConfig.certificateAuthorities,
-      }),
+      ...this.getHeaders(tlsConfig, traceId),
    };

    const cloudSetup = appContextService.getCloud();
@ -157,6 +148,7 @@ class AgentlessAgentService {

  public async deleteAgentlessAgent(agentlessPolicyId: string) {
    const logger = appContextService.getLogger();
+    const traceId = apm.currentTransaction?.traceparent;
    const agentlessConfig = appContextService.getConfig()?.agentless;
    const tlsConfig = this.createTlsConfig(agentlessConfig);
    const requestConfig = {
@ -165,17 +157,9 @@ class AgentlessAgentService {
        `/deployments/${agentlessPolicyId}`
      ),
      method: 'DELETE',
-      headers: {
-        'Content-type': 'application/json',
-      },
-      httpsAgent: new https.Agent({
-        rejectUnauthorized: tlsConfig.rejectUnauthorized,
-        cert: tlsConfig.certificate,
-        key: tlsConfig.key,
-        ca: tlsConfig.certificateAuthorities,
-      }),
+      ...this.getHeaders(tlsConfig, traceId),
    };
-    const traceId = apm.currentTransaction?.traceparent;
+
    const errorMetadata: LogMeta = {
      trace: {
        id: traceId,
@ -220,6 +204,22 @@ class AgentlessAgentService {
    return response;
  }

+  private getHeaders(tlsConfig: SslConfig, traceId: string | undefined) {
+    return {
+      headers: {
+        'Content-type': 'application/json',
+        'X-Request-ID': traceId,
+        'x-elastic-internal-origin': 'Kibana',
+      },
+      httpsAgent: new https.Agent({
+        rejectUnauthorized: tlsConfig.rejectUnauthorized,
+        cert: tlsConfig.certificate,
+        key: tlsConfig.key,
+        ca: tlsConfig.certificateAuthorities,
+      }),
+    };
+  }
+
  private getAgentlessTags(agentlessAgentPolicy: AgentPolicy) {
    if (!agentlessAgentPolicy.global_data_tags) {
      return undefined;