elb_network_lb: Update tests to use valid cert (#2142) (#2143)

This is a backport of PR #2142 as merged into main (f2f6284). SUMMARY The tests for network load balancers use an invalid cert: community.aws/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml Line 7 in d79e817 size: 4096 . As per AWS documentation Network load balancers only support RSA certs with up to 3072 bit keys. ISSUE TYPE Bugfix Pull Request COMPONENT NAME elb_network_lb ADDITIONAL INFORMATION https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificates Supported key algorithms RSA 1024-bit RSA 2048-bit RSA 3072-bit ECDSA 256-bit ECDSA 384-bit ECDSA 521-bit related to mattclay/aws-terminator#309 Reviewed-by: Alina Buzachis
ansible-collections · Oct 3, 2024 · c760c6a · c760c6a
1 parent cef8ee7
commit c760c6a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml b/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml
@@ -0,0 +1,2 @@
+trivial:
+  - elb_network_lb - Update tests to use valid cert RSA 3072-bit instead of 4096 (https://github.com/ansible-collections/community.aws/pull/2142).
diff --git a/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml b/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
@@ -4,7 +4,7 @@
 - name: 'Generate SSL Keys'
   community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/{{ item }}-key.pem'
-    size: 4096
+    size: 3072
   loop:
   - 'ca'
   - 'cert1'