Add an upgrade test to confirm upgrades can succeed when a binary download proxy is configured #4322
Description
Relates:
- Fall back PGP download from Fleet server ignores Fleet server proxy configuration #4241
- Verifier does not honor proxy settings #4237
- Custom download settings are not used by managed elastic-agent #10994
- Fix download settings reload #10993
We have unit tests covering the underlying functionality now that #4241 is resolved, but in the process of fixing that issue we uncovered another problem with the fallback GPG URL using the wrong proxy in #4241
We need to add a test that confirms an upgrade can succeed when a binary download proxy is configured in Fleet. For a reference if choosing to solve this with an integration test, see the existing test ensuring that the Fleet proxy configuration works correctly. https://github.com/elastic/elastic-agent/blob/main/testing/integration/proxy_url_test.go
We need to extend those tests to cover the proxy for the upgrade download URL. That proxy URL was not respected for signature verification and this problem was able to hide in the code for a long time because this test is missing.
Update Nov 2025
We have now had an additional problem introduced because of lack of test coverage in this area with #10993, where the binary download settings were accidentally made to initialize once and never reload, causing the proxy configuration provided by Fleet to be ignored.
This test should start with no proxy configured in the policy, confirm the download fails, then configure a proxy URL for binary download settings and confirm the upgrade succeeds via the configured proxy.
Acceptance Criteria
- A test exists showing that the
agent.downloadsettings are reloadable for both standalone and Fleet managed agents - A test exists showing that an agent configured to upgrade with a source URI that is only reachable through a proxy succeeds.