From c760c6a96cf3a2dc645402cf94b27e54d8af75a4 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Thu, 3 Oct 2024 22:02:55 +0000
Subject: [PATCH] elb_network_lb: Update tests to use valid cert (#2142)
 (#2143)

This is a backport of PR #2142 as merged into main (f2f6284).
SUMMARY

The tests for network load balancers use an invalid cert:


      community.aws/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml


         Line 7
      in
      d79e817







           size: 4096




.
As per AWS documentation Network load balancers only support RSA certs with up to 3072 bit keys.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

elb_network_lb
ADDITIONAL INFORMATION


https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificates
Supported key algorithms
RSA 1024-bit
RSA 2048-bit
RSA 3072-bit
ECDSA 256-bit
ECDSA 384-bit
ECDSA 521-bit

related to mattclay/aws-terminator#309

Reviewed-by: Alina Buzachis
---
 .../2142-elb_network_lb-update-tests-to-use-valid-cert.yml      | 2 ++
 .../integration/targets/elb_network_lb/tasks/generate-certs.yml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml

diff --git a/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml b/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml
new file mode 100644
index 00000000000..9fb16b1e437
--- /dev/null
+++ b/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml
@@ -0,0 +1,2 @@
+trivial:
+  - elb_network_lb - Update tests to use valid cert RSA 3072-bit instead of 4096 (https://github.com/ansible-collections/community.aws/pull/2142).
diff --git a/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml b/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
index a79289a958d..dccfa6df65b 100644
--- a/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
+++ b/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
@@ -4,7 +4,7 @@
 - name: 'Generate SSL Keys'
   community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/{{ item }}-key.pem'
-    size: 4096
+    size: 3072
   loop:
   - 'ca'
   - 'cert1'