review

go-acme · Aug 27, 2022 · 4df659a · 4df659a
1 parent 4ce2a9b
commit 4df659a
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 80 deletions.
diff --git a/docs/content/dns/zz_gen_yandexcloud.md b/docs/content/dns/zz_gen_yandexcloud.md
@@ -26,6 +26,12 @@ Configuration for [Yandex Cloud](https://cloud.yandex.com).
 Here is an example bash command using the Yandex Cloud provider:
 
 ```bash
+YANDEX_CLOUD_IAM_TOKEN=<base 64 IAM token> \
+YANDEX_CLOUD_FOLDER_ID=<folder/project id> \
+lego --email you@example.com --dns yandexcloud --domains "example.org" --domains "*.example.org" run
+
+# ---
+
 YANDEX_CLOUD_IAM_TOKEN=$(echo '{ \
   "id": "<string id>", \
   "service_account_id": "<string id>", \
@@ -65,7 +71,9 @@ The environment variable names can be suffixed by `_FILE` to reference a file in
 More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 
 ## IAM Token
-The simplest way to retrieve IAM access token is usage of yc-cli, follow [docs](https://cloud.yandex.ru/docs/iam/operations/iam-token/create-for-sa) to get it
+
+The simplest way to retrieve IAM access token is usage of yc-cli,
+follow [docs](https://cloud.yandex.ru/docs/iam/operations/iam-token/create-for-sa) to get it
 
 ```bash
 yc iam key create --service-account-name my-robot --output key.json

diff --git a/providers/dns/yandexcloud/yandexcloud.go b/providers/dns/yandexcloud/yandexcloud.go
@@ -54,7 +54,7 @@ func NewDefaultConfig() *Config {
 }
 
 type DNSProvider struct {
-	sdk    *ycsdk.SDK
+	client *ycsdk.SDK
 	config *Config
 }
 
@@ -79,45 +79,29 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 	}
 
 	if config.IamToken == "" {
-		return nil, fmt.Errorf("yandexcloud: some credentials information are missing iam token")
+		return nil, fmt.Errorf("yandexcloud: some credentials information are missing IAM token")
 	}
 
 	if config.FolderID == "" {
 		return nil, fmt.Errorf("yandexcloud: some credentials information are missing folder id")
 	}
 
-	ycCreds, err := decodeYcCredentials(config.IamToken)
+	creds, err := decodeCredentials(config.IamToken)
 	if err != nil {
 		return nil, fmt.Errorf("yandexcloud: iam token is malformed: %w", err)
 	}
 
-	sdk, err := ycsdk.Build(context.TODO(), ycsdk.Config{
-		Credentials: ycCreds,
-	})
+	client, err := ycsdk.Build(context.Background(), ycsdk.Config{Credentials: creds})
 	if err != nil {
 		return nil, errors.New("yandexcloud: unable to build yandex cloud sdk")
 	}
 
 	return &DNSProvider{
-		sdk:    sdk,
+		client: client,
 		config: config,
 	}, nil
 }
 
-// GetZones retrieves available zones from yandex cloud.
-func (r *DNSProvider) GetZones() ([]*ycdns.DnsZone, error) {
-	request := &ycdns.ListDnsZonesRequest{
-		FolderId: r.config.FolderID,
-	}
-
-	response, err := r.sdk.DNS().DnsZone().List(context.TODO(), request)
-	if err != nil {
-		return nil, errors.New("yandexcloud: unable to fetch dns zones")
-	}
-
-	return response.DnsZones, nil
-}
-
 // Present creates a TXT record to fulfill the dns-01 challenge.
 func (r *DNSProvider) Present(domain, _, keyAuth string) error {
 	fqdn, value := dns01.GetRecord(domain, keyAuth)
@@ -127,31 +111,33 @@ func (r *DNSProvider) Present(domain, _, keyAuth string) error {
 		return fmt.Errorf("yandexcloud: %w", err)
 	}
 
-	ycZones, err := r.GetZones()
+	ctx := context.Background()
+
+	zones, err := r.getZones(ctx)
 	if err != nil {
 		return fmt.Errorf("yandexcloud: %w", err)
 	}
 
-	var ycZoneID string
+	var zoneID string
 
-	for _, zone := range ycZones {
+	for _, zone := range zones {
 		if zone.GetZone() == authZone {
-			ycZoneID = zone.GetId()
+			zoneID = zone.GetId()
 		}
 	}
 
-	if ycZoneID == "" {
+	if zoneID == "" {
 		return fmt.Errorf("yandexcloud: cant find dns zone %s in yandex cloud", authZone)
 	}
 
 	name := fqdn[:len(fqdn)-len(authZone)-1]
 
-	err = r.createOrUpdateRecord(ycZoneID, name, value)
+	err = r.createOrUpdateRecord(ctx, zoneID, name, value)
 	if err != nil {
 		return fmt.Errorf("yandexcloud: %w", err)
 	}
 
-	return err
+	return nil
 }
 
 // CleanUp removes the TXT record matching the specified parameters.
@@ -163,41 +149,69 @@ func (r *DNSProvider) CleanUp(domain, _, keyAuth string) error {
 		return fmt.Errorf("yandexcloud: %w", err)
 	}
 
-	ycZones, err := r.GetZones()
+	ctx := context.Background()
+
+	zones, err := r.getZones(ctx)
 	if err != nil {
 		return fmt.Errorf("yandexcloud: %w", err)
 	}
 
-	var ycZoneID string
+	var zoneID string
 
-	for _, zone := range ycZones {
+	for _, zone := range zones {
 		if zone.GetZone() == authZone {
-			ycZoneID = zone.GetId()
+			zoneID = zone.GetId()
 		}
 	}
 
-	if ycZoneID == "" {
+	if zoneID == "" {
 		return nil
 	}
 
 	name := fqdn[:len(fqdn)-len(authZone)-1]
 
-	_, err = r.removeRecord(ycZoneID, name)
+	_, err = r.removeRecord(ctx, zoneID, name)
 	if err != nil {
 		return fmt.Errorf("yandexcloud: %w", err)
 	}
 
 	return nil
 }
 
-func (r *DNSProvider) createOrUpdateRecord(zoneID string, name string, value string) error {
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (r *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return r.config.PropagationTimeout, r.config.PollingInterval
+}
+
+// Sequential All DNS challenges for this provider will be resolved sequentially.
+// Returns the interval between each iteration.
+func (r *DNSProvider) Sequential() time.Duration {
+	return r.config.SequenceInterval
+}
+
+// getZones retrieves available zones from yandex cloud.
+func (r *DNSProvider) getZones(ctx context.Context) ([]*ycdns.DnsZone, error) {
+	request := &ycdns.ListDnsZonesRequest{
+		FolderId: r.config.FolderID,
+	}
+
+	response, err := r.client.DNS().DnsZone().List(ctx, request)
+	if err != nil {
+		return nil, errors.New("yandexcloud: unable to fetch dns zones")
+	}
+
+	return response.DnsZones, nil
+}
+
+func (r *DNSProvider) createOrUpdateRecord(ctx context.Context, zoneID string, name string, value string) error {
 	get := &ycdns.GetDnsZoneRecordSetRequest{
 		DnsZoneId: zoneID,
 		Name:      name,
 		Type:      "TXT",
 	}
 
-	exists, _ := r.sdk.DNS().DnsZone().GetRecordSet(context.TODO(), get)
+	exists, _ := r.client.DNS().DnsZone().GetRecordSet(context.TODO(), get)
 
 	var deletions []*ycdns.RecordSet
 	if exists != nil {
@@ -207,31 +221,29 @@ func (r *DNSProvider) createOrUpdateRecord(zoneID string, name string, value str
 	update := &ycdns.UpdateRecordSetsRequest{
 		DnsZoneId: zoneID,
 		Deletions: deletions,
-		Additions: []*ycdns.RecordSet{
-			{
-				Name: name,
-				Type: "TXT",
-				Ttl:  int64(r.config.TTL),
-				Data: []string{
-					value,
-				},
+		Additions: []*ycdns.RecordSet{{
+			Name: name,
+			Type: "TXT",
+			Ttl:  int64(r.config.TTL),
+			Data: []string{
+				value,
 			},
-		},
+		}},
 	}
 
-	_, err := r.sdk.DNS().DnsZone().UpdateRecordSets(context.TODO(), update)
+	_, err := r.client.DNS().DnsZone().UpdateRecordSets(ctx, update)
 
 	return err
 }
 
-func (r *DNSProvider) removeRecord(zoneID string, name string) (*operation.Operation, error) {
+func (r *DNSProvider) removeRecord(ctx context.Context, zoneID string, name string) (*operation.Operation, error) {
 	get := &ycdns.GetDnsZoneRecordSetRequest{
 		DnsZoneId: zoneID,
 		Name:      name,
 		Type:      "TXT",
 	}
 
-	exists, _ := r.sdk.DNS().DnsZone().GetRecordSet(context.TODO(), get)
+	exists, _ := r.client.DNS().DnsZone().GetRecordSet(ctx, get)
 
 	var deletions []*ycdns.RecordSet
 	if exists != nil {
@@ -244,31 +256,18 @@ func (r *DNSProvider) removeRecord(zoneID string, name string) (*operation.Opera
 		Additions: []*ycdns.RecordSet{},
 	}
 
-	return r.sdk.DNS().DnsZone().UpdateRecordSets(context.TODO(), update)
+	return r.client.DNS().DnsZone().UpdateRecordSets(ctx, update)
 }
 
-// Timeout returns the timeout and interval to use when checking for DNS propagation.
-// Adjusting here to cope with spikes in propagation times.
-func (r *DNSProvider) Timeout() (timeout, interval time.Duration) {
-	return r.config.PropagationTimeout, r.config.PollingInterval
-}
-
-// Sequential All DNS challenges for this provider will be resolved sequentially.
-// Returns the interval between each iteration.
-func (r *DNSProvider) Sequential() time.Duration {
-	return r.config.SequenceInterval
-}
-
-// decodeYcCredentials converts base64 encoded json of iam token to struct.
-func decodeYcCredentials(ycAccountB64 string) (ycsdk.Credentials, error) {
-	ycAccountJSON, err := base64.StdEncoding.DecodeString(ycAccountB64)
+// decodeCredentials converts base64 encoded json of iam token to struct.
+func decodeCredentials(accountB64 string) (ycsdk.Credentials, error) {
+	account, err := base64.StdEncoding.DecodeString(accountB64)
 	if err != nil {
 		return nil, err
 	}
 
 	key := &iamkey.Key{}
-
-	err = json.Unmarshal(ycAccountJSON, key)
+	err = json.Unmarshal(account, key)
 	if err != nil {
 		return nil, err
 	}

diff --git a/providers/dns/yandexcloud/yandexcloud.toml b/providers/dns/yandexcloud/yandexcloud.toml
@@ -5,6 +5,12 @@ Code = "yandexcloud"
 Since = "v4.9.0"
 
 Example = '''
+YANDEX_CLOUD_IAM_TOKEN=<base 64 IAM token> \
+YANDEX_CLOUD_FOLDER_ID=<folder/project id> \
+lego --email you@example.com --dns yandexcloud --domains "example.org" --domains "*.example.org" run
+
+# ---
+
 YANDEX_CLOUD_IAM_TOKEN=$(echo '{ \
   "id": "<string id>", \
   "service_account_id": "<string id>", \
@@ -19,7 +25,9 @@ lego --email you@example.com --dns yandexcloud --domains "example.org" --domains
 
 Additional = '''
 ## IAM Token
-The simplest way to retrieve IAM access token is usage of yc-cli, follow [docs](https://cloud.yandex.ru/docs/iam/operations/iam-token/create-for-sa) to get it
+
+The simplest way to retrieve IAM access token is usage of yc-cli,
+follow [docs](https://cloud.yandex.ru/docs/iam/operations/iam-token/create-for-sa) to get it
 
 ```bash
 yc iam key create --service-account-name my-robot --output key.json

diff --git a/providers/dns/yandexcloud/yandexcloud_test.go b/providers/dns/yandexcloud/yandexcloud_test.go
@@ -1,16 +1,25 @@
 package yandexcloud
 
 import (
+	"encoding/base64"
 	"testing"
 
 	"github.com/go-acme/lego/v4/platform/tester"
 	"github.com/stretchr/testify/require"
 )
 
-const (
-	envDomain = envNamespace + "DOMAIN"
-	fakeToken = "ewogICJpZCI6ICJhYmNkZWZnaGlqa2xtbm9wcXJzdCIsCiAgInNlcnZpY2VfYWNjb3VudF9pZCI6ICJhYmNkZWZnaGlqa2xtbm9wcXJzdCIsCiAgImNyZWF0ZWRfYXQiOiAiMjAwMC0wMS0wMVQwMDowMDowMC4wMDAwMDAwMDBaIiwKICAia2V5X2FsZ29yaXRobSI6ICJSU0FfMjA0OCIsCiAgInB1YmxpY19rZXkiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBa1ZGMkhqVHg0djlyR29mNU9IR09cbkdrYSs1WEpjK3B4Mktrekcwa0cySDBmdGFsOG4xTGFZMnJBUm1HcDFUMS9weDgwclIzYW1KOW1obm1CK2pINStcbnR3eFdyK3FWd1ZuSnJrbEJvemdFdGw2d1h6Qjd6TnFDM2tWNXJYWjRPbXZuNmRhS3VpY3pmZ0xMN04veVlRemtcblNLUllPQ3lnQmJQb3hWR1M1MFpMVmRDV1d0ejFpRmJObUVsbnNNNEtRam54V0JWUkR3UjJINU9JVTg0Tm9uVXpcbk5jSERrVkJYL2Q4cGtTZzdpQjROeUQxQXF2SnRGMXBTMDNOUW0zMm42OWJzZlJzSnhycVI2TEsvYXFsMzc5cmtcbmhnQTdTeXpNTEpjTGNrS3VnK0tmVENwa3Ryd3ppMkFwcFVQRDdrZUtKaWxPZmhTckNHUWdsTXI2UTNhbzAzU1pcbmNRSURBUUFCXG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1JVWFllTlBIaS8yc2FcbmgvazRjWTRhUnI3bGNsejZuSFlxVE1iU1FiWWZSKzFxWHlmVXRwamFzQkdZYW5WUFgrbkh6U3RIZHFZbjJhR2VcbllINk1mbjYzREZhdjZwWEJXY211U1VHak9BUzJYckJmTUh2TTJvTGVSWG10ZG5nNmErZnAxb3E2SnpOK0FzdnNcbjMvSmhET1JJcEZnNExLQUZzK2pGVVpMblJrdFYwSlphM1BXSVZzMllTV2V3emdwQ09mRllGVkVQQkhZZms0aFRcbnpnMmlkVE0xd2NPUlVGZjkzeW1SS0R1SUhnM0lQVUNxOG0wWFdsTFRjMUNiZmFmcjF1eDlHd25HdXBIb3NyOXFcbnFYZnYydVNHQUR0TExNd3Nsd3R5UXE2RDRwOU1LbVMydkRPTFlDbWxROFB1UjRvbUtVNStGS3NJWkNDVXl2cERcbmRxalRkSmx4QWdNQkFBRUNnZ0VBT3pHN3M4Sk5aZkkxWnJGTXk3azE4VzR3QkxiNU9QelRCWmdReFVVUE10N1Jcbnp5ckR4dG82bVpwdkVHOE5LakFmd3N2SWZXdlBjeHdyd1ovODdLMzZZQVllcWJvZEZvM0VvY0lsZ3A4bkRFSzJcbkJaQnlYWmdGQnhXMTR2c0hMb1VXQ3lMaGo4SzRMdlJrclREc1FxeEZzWEdBbmlGUGJnTkRKbDE4UWNsWWxyT3Jcbm5uOVpGN1cwdDJkMGpudXp3QjlrOEwxOFJxUllXb3ZDQWpuRkNTMHRYNXVRS3RqU1lEMEpSRzdDaUtxZDRydXZcbnRKMUdvNGJvK3JSY2FFYkZnRHlmOEJFVmE2dDlWSlgxTVZqTDJ4bTB0b1FVanRBK1pUdUFBZzRoQ2liRW9ydThcbllvNTUrUjY1SEhJOUI4blp4ZnAwa0VWeXpBaFFXb3Y5MUpiSHpoUmlBUUtCZ1FETTh5dUo0dERBUTUzUkRtREZcblg1ZXIyRjlUZUpvMkFSaUZCMkMrNGg5STg4akMxTEozS2dkMTYxTU8xbVkzU1ZmTk1IWFpjMHRwUkRyKzV4ZG5cblVOS3VWOEFTK084MEZhbjVlSlgyNDViSmlYcjdRNzN0VjFQalZ3Sm1Ya01UK0dhSVRxS3NHeU9acDFtczYxRWRcblAvWWFEZlM3YXoxS2VJR0tXbWtPNXhEYzJRS0JnUUMxZzlHNHdUckFhYVo4dVhCa205ODJPeTQ3aU1EeTRJZ1dcbmE0bUx5ZWRodkJoT0ZOU0d3TktmdzZ6QlgrUFBUMUZLTTl4SlgxZzFrYk5OaEgrVy95L1F4L3VOejdRY3NTdlFcbnNVVlJ3UFJtVWFyUHNJdURHdnFJajdrbjdIalFncUovaFRsbU9YUjNmVHJ2R1pxOE9ZeWhnRjZCcW93UEZTLzJcbnhWWU9MWHNpV1FLQmdRQ3BteGROelpsSmN1dDRaVGlxUGZpTGFzMUFpNDY2NEY5RlA1ek5ldDIvQnBmK3UveFFcbjUwUXpUcUoycGZFREVid0tmMjhYbS9VdFVSeXRjOXFIVW5oM2RRRHI4bndxRXorTnh6LzdoODV5VEVhdEJ4dDJcbi9ZemJsMWJTRm5IV1pmdWNFODlGTkZSYXhRWk9OcEx5N01xaU55aHZyVWlVaDNOVVpvdUluS24weVFLQmdFQXZcbkdvdWdHQ3hOcjRkTzgwVkFNTSsyWVlTL3VLcXBaclcyMU81UE9MaEFrTCtiY2dNc1Q4NGFuUTNMNEh3LzZkaTVcbk9kM2dEd3J5T0ZyaXpWTVJiVkVBUmgxQklzazZoT25JcFdCaFFJcWx1aWF5b01KOVdiWE1USWFuZ1prSmVIaHJcbkhYN2VOaWJDYTRKOHBWQ0ZjUXJ5bjNodVhCUkJRN0tZMlBNdWRlb1JBb0dCQUoxdmRCUVN1YWkzUklmeWo4WXJcbjRBcnRDVTFUNWJpY3AxMyttSk9EU2VSaEhNbmxLa21JNjR2d3JXNVBPRlhXeUpLUFlMa3VEazliRVlPeU5CT0FcbkJUc1V5YUpwM2p4Lzk0Mm9Fd1VSYzRUYjlhejdDcUVIYUNyV0hWSENqMUNqQ0VYL0ZzUmZkK3dZeXVHTHd3bHlcbndkcHFCV0JsNWlINzR0UkQ2YytyZ3VtYVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLSIKfQ=="
-)
+const envDomain = envNamespace + "DOMAIN"
+
+const fakeIAMToken = `
+{
+  "id": "abcdefghijklmnopqrst",
+  "service_account_id": "abcdefghijklmnopqrst",
+  "created_at": "2000-01-01T00:00:00.000000000Z",
+  "key_algorithm": "RSA_2048",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVF2HjTx4v9rGof5OHGO\nGka+5XJc+px2KkzG0kG2H0ftal8n1LaY2rARmGp1T1/px80rR3amJ9mhnmB+jH5+\ntwxWr+qVwVnJrklBozgEtl6wXzB7zNqC3kV5rXZ4Omvn6daKuiczfgLL7N/yYQzk\nSKRYOCygBbPoxVGS50ZLVdCWWtz1iFbNmElnsM4KQjnxWBVRDwR2H5OIU84NonUz\nNcHDkVBX/d8pkSg7iB4NyD1AqvJtF1pS03NQm32n69bsfRsJxrqR6LK/aql379rk\nhgA7SyzMLJcLckKug+KfTCpktrwzi2AppUPD7keKJilOfhSrCGQglMr6Q3ao03SZ\ncQIDAQAB\n-----END PUBLIC KEY-----",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCRUXYeNPHi/2sa\nh/k4cY4aRr7lclz6nHYqTMbSQbYfR+1qXyfUtpjasBGYanVPX+nHzStHdqYn2aGe\nYH6Mfn63DFav6pXBWcmuSUGjOAS2XrBfMHvM2oLeRXmtdng6a+fp1oq6JzN+Asvs\n3/JhDORIpFg4LKAFs+jFUZLnRktV0JZa3PWIVs2YSWewzgpCOfFYFVEPBHYfk4hT\nzg2idTM1wcORUFf93ymRKDuIHg3IPUCq8m0XWlLTc1Cbfafr1ux9GwnGupHosr9q\nqXfv2uSGADtLLMwslwtyQq6D4p9MKmS2vDOLYCmlQ8PuR4omKU5+FKsIZCCUyvpD\ndqjTdJlxAgMBAAECggEAOzG7s8JNZfI1ZrFMy7k18W4wBLb5OPzTBZgQxUUPMt7R\nzyrDxto6mZpvEG8NKjAfwsvIfWvPcxwrwZ/87K36YAYeqbodFo3EocIlgp8nDEK2\nBZByXZgFBxW14vsHLoUWCyLhj8K4LvRkrTDsQqxFsXGAniFPbgNDJl18QclYlrOr\nnn9ZF7W0t2d0jnuzwB9k8L18RqRYWovCAjnFCS0tX5uQKtjSYD0JRG7CiKqd4ruv\ntJ1Go4bo+rRcaEbFgDyf8BEVa6t9VJX1MVjL2xm0toQUjtA+ZTuAAg4hCibEoru8\nYo55+R65HHI9B8nZxfp0kEVyzAhQWov91JbHzhRiAQKBgQDM8yuJ4tDAQ53RDmDF\nX5er2F9TeJo2ARiFB2C+4h9I88jC1LJ3Kgd161MO1mY3SVfNMHXZc0tpRDr+5xdn\nUNKuV8AS+O80Fan5eJX245bJiXr7Q73tV1PjVwJmXkMT+GaITqKsGyOZp1ms61Ed\nP/YaDfS7az1KeIGKWmkO5xDc2QKBgQC1g9G4wTrAaaZ8uXBkm982Oy47iMDy4IgW\na4mLyedhvBhOFNSGwNKfw6zBX+PPT1FKM9xJX1g1kbNNhH+W/y/Qx/uNz7QcsSvQ\nsUVRwPRmUarPsIuDGvqIj7kn7HjQgqJ/hTlmOXR3fTrvGZq8OYyhgF6BqowPFS/2\nxVYOLXsiWQKBgQCpmxdNzZlJcut4ZTiqPfiLas1Ai4664F9FP5zNet2/Bpf+u/xQ\n50QzTqJ2pfEDEbwKf28Xm/UtURytc9qHUnh3dQDr8nwqEz+Nxz/7h85yTEatBxt2\n/Yzbl1bSFnHWZfucE89FNFRaxQZONpLy7MqiNyhvrUiUh3NUZouInKn0yQKBgEAv\nGougGCxNr4dO80VAMM+2YYS/uKqpZrW21O5POLhAkL+bcgMsT84anQ3L4Hw/6di5\nOd3gDwryOFrizVMRbVEARh1BIsk6hOnIpWBhQIqluiayoMJ9WbXMTIangZkJeHhr\nHX7eNibCa4J8pVCFcQryn3huXBRBQ7KY2PMudeoRAoGBAJ1vdBQSuai3RIfyj8Yr\n4ArtCU1T5bicp13+mJODSeRhHMnlKkmI64vwrW5POFXWyJKPYLkuDk9bEYOyNBOA\nBTsUyaJp3jx/942oEwURc4Tb9az7CqEHaCrWHVHCj1CjCEX/FsRfd+wYyuGLwwly\nwdpqBWBl5iH74tRD6c+rguma\n-----END PRIVATE KEY-----"
+}
+`
 
 var envTest = tester.NewEnvTest(EnvIamToken, EnvFolderID).WithDomain(envDomain)
 
@@ -23,7 +32,7 @@ func TestNewDNSProvider(t *testing.T) {
 		{
 			desc: "success",
 			envVars: map[string]string{
-				EnvIamToken: fakeToken,
+				EnvIamToken: base64.StdEncoding.EncodeToString([]byte(fakeIAMToken)),
 				EnvFolderID: "folder_id",
 			},
 		},
@@ -37,17 +46,17 @@ func TestNewDNSProvider(t *testing.T) {
 		{
 			desc: "missing folder_id",
 			envVars: map[string]string{
-				EnvIamToken: fakeToken,
+				EnvIamToken: base64.StdEncoding.EncodeToString([]byte(fakeIAMToken)),
 			},
 			expected: "yandexcloud: some credentials information are missing: YANDEX_CLOUD_FOLDER_ID",
 		},
 		{
 			desc: "malformed token (not base64)",
 			envVars: map[string]string{
-				EnvIamToken: "not_base64",
+				EnvIamToken: fakeIAMToken,
 				EnvFolderID: "folder_id",
 			},
-			expected: "yandexcloud: iam token is malformed: illegal base64 data at input byte 3",
+			expected: "yandexcloud: iam token is malformed: illegal base64 data at input byte 1",
 		},
 		{
 			desc: "malformed token (invalid json in bas64)",
@@ -88,7 +97,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
 		{
 			desc: "success",
 			config: &Config{
-				IamToken: fakeToken,
+				IamToken: base64.StdEncoding.EncodeToString([]byte(fakeIAMToken)),
 				FolderID: "folder_id",
 			},
 		},
@@ -102,12 +111,12 @@ func TestNewDNSProviderConfig(t *testing.T) {
 			config: &Config{
 				FolderID: "folder_id",
 			},
-			expected: "yandexcloud: some credentials information are missing iam token",
+			expected: "yandexcloud: some credentials information are missing IAM token",
 		},
 		{
-			desc: "missing token",
+			desc: "missing folder id",
 			config: &Config{
-				IamToken: fakeToken,
+				IamToken: base64.StdEncoding.EncodeToString([]byte(fakeIAMToken)),
 			},
 			expected: "yandexcloud: some credentials information are missing folder id",
 		},