#  OTA Integration Tests

The OTATest uses the IoT OTA system to test receipt of large payloads.

## Prerequisites

### Locally

1. Create a test code signing certificate. This will be used below.

### S3

1. Create a bucket to store the OTA binary, e.g., "ios-sdk-iot-ota-integ-test"
1. Upload a file to use as the "firmware update" for the test. It should be 500KB - 1MB in size to provide a reasonable test. Call it "ota_integ_test.bin"

### IoT Core

1. Create a Thing Group named `OTA_INTEG_TEST`
  - Optionally set an attribute `ota_integ_test` to have a value of `1`
1. Create an IAM role called "OTAIntegTest", with the following inline policy.
  - Replace `ios-sdk-iot-ota-integ-test` in the policy with the bucket name you created above.
  - Replace `<account id>` with your test account's ID
    ```json
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "VisualEditor0",
          "Effect": "Allow",
          "Action": [
            "s3:PutObject",
            "s3:GetObject",
            "s3:GetObjectVersion"
          ],
          "Resource": [
            "arn:aws:s3:::<bucket name>",
            "arn:aws:s3:::<bucket name>*"
          ]
        },
        {
          "Sid": "PassRole",
          "Effect": "Allow",
          "Action": [
            "iam:PassRole"
          ],
          "Resource": [
            "arn:aws:iam::<account id>:role/OTAIntegTest"
          ]
        },
        {
          "Sid": "DeleteJob",
          "Effect": "Allow",
          "Action": [
            "iot:DeleteJob"
          ],
          "Resource": [
            "arn:aws:iot:*:*:job/AFR_OTA*"
          ]
        },
        {
          "Sid": "VisualEditor1",
          "Effect": "Allow",
          "Action": [
            "iot:CreateJob",
            "iot:CreateStream",
            "signer:DescribeSigningJob",
            "signer:GetSigningProfile",
            "signer:PutSigningProfile",
            "signer:StartSigningJob",
            "s3:ListAllMyBuckets",
            "s3:ListBucket",
            "s3:GetBucketLocation"
          ],
          "Resource": "*"
        },
        {
          "Sid": "VisualEditor2",
          "Effect": "Allow",
          "Action": "iot:DeleteStream",
          "Resource": "arn:aws:iot:*:*:stream/AFR_OTA*"
        }
      ]
    }
    ```
1. Create an OTA Job
  1. In IoT Core console, go to Manage > Jobs > "Create a job"
  1. Select "Create OTA update job" from the "Create an Amazon FreeRTOS OTA update job" section
  1. In the "Select devices to update" section, select the `OTA_INTEG_TEST` Thing Group you created above
  1. Select "Sign a new firmware image for me"
  1. Create a code signing profile:
    - **Profile name**: `OTA_INTEG_TEST`
    - **Hardware platform**: Any value is fine, e.g., `Windows Simulator`
    - **Code signing certificate**: Import the code signing certificate created above. If you used a test self-signed certificate, you will also need the self-signed root CA.
    - **Pathname of code signing certificate on device**: Any value is fine, e.g. `/path/to/cert`
  1. **Select your firmware image in S3 or upload it**: select the bucket and "firmware image" you uploaded to S3 above
  1. **Pathname of firmware image on device**: Any value is fine, e.g., `/path/to/firmware`
  1. **IAM role for OTA update job**: Select the role you created above, that gives access to the S3 bucket you created above
  1. Select **Your job will continue deploying to any devices added to the selected groups (continuous)**
  1. **ID**: Select a meaningful ID (e.g. `OTA_INTEG_TEST_<YYYYMMDD>`). The ID is only used for easy identification in the console, so it doesn't have to conform to any particular naming convention. The ID of the job will be *appended* after the string "AFR_OTA".

### IAM

Ensure the Unauth role assumed during the integration test is authorized to perform `iam:PassRole` on the `OTAIntegTest` role created above.