From a90e5dc658d88ed95ff8d7b30c2efc2280028780 Mon Sep 17 00:00:00 2001
From: Mandar Kulkarni <mandar242@gmail.com>
Date: Tue, 10 Sep 2024 02:13:32 -0700
Subject: [PATCH] elb_network_lb: Update tests to use valid cert (#2142)

SUMMARY

The tests for network load balancers use an invalid cert:

      community.aws/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml

         Line 7
      in
      d79e817

           size: 4096

.
As per AWS documentation Network load balancers only support RSA certs with up to 3072 bit keys.

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

elb_network_lb
ADDITIONAL INFORMATION

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#tls-listener-certificates
Supported key algorithms
RSA 1024-bit
RSA 2048-bit
RSA 3072-bit
ECDSA 256-bit
ECDSA 384-bit
ECDSA 521-bit

related to mattclay/aws-terminator#309

Reviewed-by: Mark Chappell
(cherry picked from commit f2f62847c6fd3209847b63ae753405d64e612522)
---
 .../2142-elb_network_lb-update-tests-to-use-valid-cert.yml      | 2 ++
 .../integration/targets/elb_network_lb/tasks/generate-certs.yml | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml

diff --git a/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml b/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml
new file mode 100644
index 00000000000..9fb16b1e437
--- /dev/null
+++ b/changelogs/fragments/2142-elb_network_lb-update-tests-to-use-valid-cert.yml
@@ -0,0 +1,2 @@
+trivial:
+  - elb_network_lb - Update tests to use valid cert RSA 3072-bit instead of 4096 (https://github.com/ansible-collections/community.aws/pull/2142).
diff --git a/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml b/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
index a79289a958d..dccfa6df65b 100644
--- a/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
+++ b/tests/integration/targets/elb_network_lb/tasks/generate-certs.yml
@@ -4,7 +4,7 @@
 - name: 'Generate SSL Keys'
   community.crypto.openssl_privatekey:
     path: '{{ remote_tmp_dir }}/{{ item }}-key.pem'
-    size: 4096
+    size: 3072
   loop:
   - 'ca'
   - 'cert1'