Make the contents of the DNS plugins private (#7580)

Part of #5775. ``` modify_item () { mkdir certbot-dns-$1/certbot_dns_$1/_internal git grep -l "from certbot_dns_$1 import dns_$1" | xargs sed -i "s/from certbot_dns_$1 import dns_$1/from certbot_dns_$1._internal import dns_$1/g" git grep -l "certbot_dns_$1\.dns_$1" | xargs sed -i "s/certbot_dns_$1\.dns_$1/certbot_dns_$1._internal.dns_$1/g" git checkout -- certbot-dns-$1/certbot_dns_$1/__init__.py echo '"""Internal implementation of \`~certbot_dns_$1.dns_$1\` plugin."""' > certbot-dns-$1/certbot_dns_$1/_internal/__init__.py mv certbot-dns-$1/certbot_dns_$1/dns_$1.py certbot-dns-$1/certbot_dns_$1/_internal git checkout -- CHANGELOG.md git status git add -A git commit -m "Move certbot-dns-$1 to _internal structure" } ``` Structure now looks like this: ``` certbot-dns-cloudflare/ ├── certbot_dns_cloudflare │ ├── dns_cloudflare_test.py │ ├── __init__.py │ └── _internal │ ├── dns_cloudflare.py │ └── __init__.py ``` * Move certbot-dns-cloudflare to _internal structure * Move certbot-dns-cloudxns to _internal structure * Move certbot-dns-digitalocean to _internal structure * Move certbot-dns-dnsimple to _internal structure * Move certbot-dns-dnsmadeeasy to _internal structure * Move certbot-dns-gehirn to _internal structure * Move certbot-dns-google to _internal structure * Move certbot-dns-linode to _internal structure * Move certbot-dns-luadns to _internal structure * Move certbot-dns-nsone to _internal structure * Move certbot-dns-ovh to _internal structure * Move certbot-dns-rfc2136 to _internal structure * Move certbot-dns-sakuracloud to _internal structure * Init file comments need to be comments * Move certbot-dns-route53 to _internal structure * Fix comment in route53 init
2026-01-26 07:41:33 +03:00 · 2019-11-25 10:26:05 -08:00
parent 8139689d4c
commit d56cd4ef01
57 changed files with 96 additions and 79 deletions
--- a/certbot-dns-cloudflare/certbot_dns_cloudflare/_internal/init.py
+++ b/certbot-dns-cloudflare/certbot_dns_cloudflare/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_cloudflare.dns_cloudflare` plugin."""
--- a/certbot-dns-cloudflare/certbot_dns_cloudflare/_internal/dns_cloudflare.py
+++ b/certbot-dns-cloudflare/certbot_dns_cloudflare/_internal/dns_cloudflare.py
--- a/certbot-dns-cloudflare/certbot_dns_cloudflare/dns_cloudflare_test.py
+++ b/certbot-dns-cloudflare/certbot_dns_cloudflare/dns_cloudflare_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_cloudflare.dns_cloudflare."""
+"""Tests for certbot_dns_cloudflare._internal.dns_cloudflare."""

 import unittest

@@ -19,7 +19,7 @@ EMAIL = 'example@example.com'
 class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthenticatorTest):

    def setUp(self):
-        from certbot_dns_cloudflare.dns_cloudflare import Authenticator
+        from certbot_dns_cloudflare._internal.dns_cloudflare import Authenticator

        super(AuthenticatorTest, self).setUp()

@@ -58,7 +58,7 @@ class CloudflareClientTest(unittest.TestCase):
    record_id = 2

    def setUp(self):
-        from certbot_dns_cloudflare.dns_cloudflare import _CloudflareClient
+        from certbot_dns_cloudflare._internal.dns_cloudflare import _CloudflareClient

        self.cloudflare_client = _CloudflareClient(EMAIL, API_KEY)

--- a/certbot-dns-cloudflare/setup.py
+++ b/certbot-dns-cloudflare/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-cloudflare = certbot_dns_cloudflare.dns_cloudflare:Authenticator',
+            'dns-cloudflare = certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator',
        ],
    },
    test_suite='certbot_dns_cloudflare',
--- a/certbot-dns-cloudxns/certbot_dns_cloudxns/_internal/init.py
+++ b/certbot-dns-cloudxns/certbot_dns_cloudxns/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_cloudxns.dns_cloudxns` plugin."""
--- a/certbot-dns-cloudxns/certbot_dns_cloudxns/_internal/dns_cloudxns.py
+++ b/certbot-dns-cloudxns/certbot_dns_cloudxns/_internal/dns_cloudxns.py
--- a/certbot-dns-cloudxns/certbot_dns_cloudxns/dns_cloudxns_test.py
+++ b/certbot-dns-cloudxns/certbot_dns_cloudxns/dns_cloudxns_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_cloudxns.dns_cloudxns."""
+"""Tests for certbot_dns_cloudxns._internal.dns_cloudxns."""

 import unittest

@@ -24,7 +24,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_cloudxns.dns_cloudxns import Authenticator
+        from certbot_dns_cloudxns._internal.dns_cloudxns import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"cloudxns_api_key": API_KEY, "cloudxns_secret_key": SECRET}, path)
@@ -42,7 +42,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
 class CloudXNSLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexiconClientTest):

    def setUp(self):
-        from certbot_dns_cloudxns.dns_cloudxns import _CloudXNSLexiconClient
+        from certbot_dns_cloudxns._internal.dns_cloudxns import _CloudXNSLexiconClient

        self.client = _CloudXNSLexiconClient(API_KEY, SECRET, 0)

--- a/certbot-dns-cloudxns/setup.py
+++ b/certbot-dns-cloudxns/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-cloudxns = certbot_dns_cloudxns.dns_cloudxns:Authenticator',
+            'dns-cloudxns = certbot_dns_cloudxns._internal.dns_cloudxns:Authenticator',
        ],
    },
    test_suite='certbot_dns_cloudxns',
--- a/certbot-dns-digitalocean/certbot_dns_digitalocean/_internal/init.py
+++ b/certbot-dns-digitalocean/certbot_dns_digitalocean/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_digitalocean.dns_digitalocean` plugin."""
--- a/certbot-dns-digitalocean/certbot_dns_digitalocean/_internal/dns_digitalocean.py
+++ b/certbot-dns-digitalocean/certbot_dns_digitalocean/_internal/dns_digitalocean.py
--- a/certbot-dns-digitalocean/certbot_dns_digitalocean/dns_digitalocean_test.py
+++ b/certbot-dns-digitalocean/certbot_dns_digitalocean/dns_digitalocean_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_digitalocean.dns_digitalocean."""
+"""Tests for certbot_dns_digitalocean._internal.dns_digitalocean."""

 import unittest

@@ -18,7 +18,7 @@ TOKEN = 'a-token'
 class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthenticatorTest):

    def setUp(self):
-        from certbot_dns_digitalocean.dns_digitalocean import Authenticator
+        from certbot_dns_digitalocean._internal.dns_digitalocean import Authenticator

        super(AuthenticatorTest, self).setUp()

@@ -57,7 +57,7 @@ class DigitalOceanClientTest(unittest.TestCase):
    record_content = "bar"

    def setUp(self):
-        from certbot_dns_digitalocean.dns_digitalocean import _DigitalOceanClient
+        from certbot_dns_digitalocean._internal.dns_digitalocean import _DigitalOceanClient

        self.digitalocean_client = _DigitalOceanClient(TOKEN)

--- a/certbot-dns-digitalocean/setup.py
+++ b/certbot-dns-digitalocean/setup.py
@@ -61,7 +61,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-digitalocean = certbot_dns_digitalocean.dns_digitalocean:Authenticator',
+            'dns-digitalocean = certbot_dns_digitalocean._internal.dns_digitalocean:Authenticator',
        ],
    },
    test_suite='certbot_dns_digitalocean',
--- a/certbot-dns-dnsimple/certbot_dns_dnsimple/_internal/init.py
+++ b/certbot-dns-dnsimple/certbot_dns_dnsimple/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_dnsimple.dns_dnsimple` plugin."""
--- a/certbot-dns-dnsimple/certbot_dns_dnsimple/_internal/dns_dnsimple.py
+++ b/certbot-dns-dnsimple/certbot_dns_dnsimple/_internal/dns_dnsimple.py
--- a/certbot-dns-dnsimple/certbot_dns_dnsimple/dns_dnsimple_test.py
+++ b/certbot-dns-dnsimple/certbot_dns_dnsimple/dns_dnsimple_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_dnsimple.dns_dnsimple."""
+"""Tests for certbot_dns_dnsimple._internal.dns_dnsimple."""

 import unittest

@@ -19,7 +19,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_dnsimple.dns_dnsimple import Authenticator
+        from certbot_dns_dnsimple._internal.dns_dnsimple import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"dnsimple_token": TOKEN}, path)
@@ -39,7 +39,7 @@ class DNSimpleLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseL
    LOGIN_ERROR = HTTPError('401 Client Error: Unauthorized for url: ...')

    def setUp(self):
-        from certbot_dns_dnsimple.dns_dnsimple import _DNSimpleLexiconClient
+        from certbot_dns_dnsimple._internal.dns_dnsimple import _DNSimpleLexiconClient

        self.client = _DNSimpleLexiconClient(TOKEN, 0)

--- a/certbot-dns-dnsimple/setup.py
+++ b/certbot-dns-dnsimple/setup.py
@@ -72,7 +72,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-dnsimple = certbot_dns_dnsimple.dns_dnsimple:Authenticator',
+            'dns-dnsimple = certbot_dns_dnsimple._internal.dns_dnsimple:Authenticator',
        ],
    },
    test_suite='certbot_dns_dnsimple',
--- a/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/_internal/init.py
+++ b/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_dnsmadeeasy.dns_dnsmadeeasy` plugin."""
--- a/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/_internal/dns_dnsmadeeasy.py
+++ b/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/_internal/dns_dnsmadeeasy.py
--- a/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/dns_dnsmadeeasy_test.py
+++ b/certbot-dns-dnsmadeeasy/certbot_dns_dnsmadeeasy/dns_dnsmadeeasy_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_dnsmadeeasy.dns_dnsmadeeasy."""
+"""Tests for certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy."""

 import unittest

@@ -21,7 +21,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_dnsmadeeasy.dns_dnsmadeeasy import Authenticator
+        from certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"dnsmadeeasy_api_key": API_KEY,
@@ -44,7 +44,7 @@ class DNSMadeEasyLexiconClientTest(unittest.TestCase,
    LOGIN_ERROR = HTTPError('403 Client Error: Forbidden for url: {0}.'.format(DOMAIN))

    def setUp(self):
-        from certbot_dns_dnsmadeeasy.dns_dnsmadeeasy import _DNSMadeEasyLexiconClient
+        from certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy import _DNSMadeEasyLexiconClient

        self.client = _DNSMadeEasyLexiconClient(API_KEY, SECRET_KEY, 0)

--- a/certbot-dns-dnsmadeeasy/setup.py
+++ b/certbot-dns-dnsmadeeasy/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-dnsmadeeasy = certbot_dns_dnsmadeeasy.dns_dnsmadeeasy:Authenticator',
+            'dns-dnsmadeeasy = certbot_dns_dnsmadeeasy._internal.dns_dnsmadeeasy:Authenticator',
        ],
    },
    test_suite='certbot_dns_dnsmadeeasy',
--- a/certbot-dns-gehirn/certbot_dns_gehirn/_internal/init.py
+++ b/certbot-dns-gehirn/certbot_dns_gehirn/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_gehirn.dns_gehirn` plugin."""
--- a/certbot-dns-gehirn/certbot_dns_gehirn/_internal/dns_gehirn.py
+++ b/certbot-dns-gehirn/certbot_dns_gehirn/_internal/dns_gehirn.py
--- a/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn_test.py
+++ b/certbot-dns-gehirn/certbot_dns_gehirn/dns_gehirn_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_gehirn.dns_gehirn."""
+"""Tests for certbot_dns_gehirn._internal.dns_gehirn."""

 import unittest

@@ -20,7 +20,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_gehirn.dns_gehirn import Authenticator
+        from certbot_dns_gehirn._internal.dns_gehirn import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write(
@@ -43,7 +43,7 @@ class GehirnLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLex
    LOGIN_ERROR = HTTPError('401 Client Error: Unauthorized for url: {0}.'.format(DOMAIN))

    def setUp(self):
-        from certbot_dns_gehirn.dns_gehirn import _GehirnLexiconClient
+        from certbot_dns_gehirn._internal.dns_gehirn import _GehirnLexiconClient

        self.client = _GehirnLexiconClient(API_TOKEN, API_SECRET, 0)

--- a/certbot-dns-gehirn/setup.py
+++ b/certbot-dns-gehirn/setup.py
@@ -59,7 +59,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-gehirn = certbot_dns_gehirn.dns_gehirn:Authenticator',
+            'dns-gehirn = certbot_dns_gehirn._internal.dns_gehirn:Authenticator',
        ],
    },
    test_suite='certbot_dns_gehirn',
--- a/certbot-dns-google/certbot_dns_google/_internal/init.py
+++ b/certbot-dns-google/certbot_dns_google/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_google.dns_google` plugin."""
--- a/certbot-dns-google/certbot_dns_google/_internal/dns_google.py
+++ b/certbot-dns-google/certbot_dns_google/_internal/dns_google.py
--- a/certbot-dns-google/certbot_dns_google/dns_google_test.py
+++ b/certbot-dns-google/certbot_dns_google/dns_google_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_google.dns_google."""
+"""Tests for certbot_dns_google._internal.dns_google."""

 import unittest

@@ -25,7 +25,7 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_google.dns_google import Authenticator
+        from certbot_dns_google._internal.dns_google import Authenticator

        path = os.path.join(self.tempdir, 'file.json')
        open(path, "wb").close()
@@ -68,7 +68,7 @@ class GoogleClientTest(unittest.TestCase):
    change = "an-id"

    def _setUp_client_with_mock(self, zone_request_side_effect):
-        from certbot_dns_google.dns_google import _GoogleClient
+        from certbot_dns_google._internal.dns_google import _GoogleClient

        pwd = os.path.dirname(__file__)
        rel_path = 'testdata/discovery.json'
@@ -96,18 +96,18 @@ class GoogleClientTest(unittest.TestCase):

    @mock.patch('googleapiclient.discovery.build')
    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google._GoogleClient.get_project_id')
+    @mock.patch('certbot_dns_google._internal.dns_google._GoogleClient.get_project_id')
    def test_client_without_credentials(self, get_project_id_mock, credential_mock,
                                        unused_discovery_mock):
-        from certbot_dns_google.dns_google import _GoogleClient
+        from certbot_dns_google._internal.dns_google import _GoogleClient
        _GoogleClient(None)
        self.assertFalse(credential_mock.called)
        self.assertTrue(get_project_id_mock.called)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
-    @mock.patch('certbot_dns_google.dns_google._GoogleClient.get_project_id')
+    @mock.patch('certbot_dns_google._internal.dns_google._GoogleClient.get_project_id')
    def test_add_txt_record(self, get_project_id_mock, credential_mock):
        client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}])
        credential_mock.assert_called_once_with('/not/a/real/path.json', mock.ANY)
@@ -133,7 +133,7 @@ class GoogleClientTest(unittest.TestCase):
                                               project=PROJECT_ID)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_add_txt_record_and_poll(self, unused_credential_mock):
        client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}])
@@ -151,12 +151,13 @@ class GoogleClientTest(unittest.TestCase):
                                            project=PROJECT_ID)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_add_txt_record_delete_old(self, unused_credential_mock):
        client, changes = self._setUp_client_with_mock(
            [{'managedZones': [{'id': self.zone}]}])
-        mock_get_rrs = "certbot_dns_google.dns_google._GoogleClient.get_existing_txt_rrset"
+        # pylint: disable=line-too-long
+        mock_get_rrs = "certbot_dns_google._internal.dns_google._GoogleClient.get_existing_txt_rrset"
        with mock.patch(mock_get_rrs) as mock_rrs:
            mock_rrs.return_value = ["sample-txt-contents"]
            client.add_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl)
@@ -165,7 +166,7 @@ class GoogleClientTest(unittest.TestCase):
                changes.create.call_args_list[0][1]["body"]["deletions"][0]["rrdatas"])

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_add_txt_record_noop(self, unused_credential_mock):
        client, changes = self._setUp_client_with_mock(
@@ -175,7 +176,7 @@ class GoogleClientTest(unittest.TestCase):
        self.assertFalse(changes.create.called)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_add_txt_record_error_during_zone_lookup(self, unused_credential_mock):
        client, unused_changes = self._setUp_client_with_mock(API_ERROR)
@@ -184,7 +185,7 @@ class GoogleClientTest(unittest.TestCase):
                          DOMAIN, self.record_name, self.record_content, self.record_ttl)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_add_txt_record_zone_not_found(self, unused_credential_mock):
        client, unused_changes = self._setUp_client_with_mock([{'managedZones': []},
@@ -194,7 +195,7 @@ class GoogleClientTest(unittest.TestCase):
                          DOMAIN, self.record_name, self.record_content, self.record_ttl)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_add_txt_record_error_during_add(self, unused_credential_mock):
        client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}])
@@ -204,12 +205,13 @@ class GoogleClientTest(unittest.TestCase):
                          DOMAIN, self.record_name, self.record_content, self.record_ttl)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_del_txt_record(self, unused_credential_mock):
        client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}])

-        mock_get_rrs = "certbot_dns_google.dns_google._GoogleClient.get_existing_txt_rrset"
+        # pylint: disable=line-too-long
+        mock_get_rrs = "certbot_dns_google._internal.dns_google._GoogleClient.get_existing_txt_rrset"
        with mock.patch(mock_get_rrs) as mock_rrs:
            mock_rrs.return_value = ["\"sample-txt-contents\"",
                                     "\"example-txt-contents\""]
@@ -243,7 +245,7 @@ class GoogleClientTest(unittest.TestCase):
                                               project=PROJECT_ID)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_del_txt_record_error_during_zone_lookup(self, unused_credential_mock):
        client, unused_changes = self._setUp_client_with_mock(API_ERROR)
@@ -251,7 +253,7 @@ class GoogleClientTest(unittest.TestCase):
        client.del_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_del_txt_record_zone_not_found(self, unused_credential_mock):
        client, unused_changes = self._setUp_client_with_mock([{'managedZones': []},
@@ -260,7 +262,7 @@ class GoogleClientTest(unittest.TestCase):
        client.del_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_del_txt_record_error_during_delete(self, unused_credential_mock):
        client, changes = self._setUp_client_with_mock([{'managedZones': [{'id': self.zone}]}])
@@ -269,7 +271,7 @@ class GoogleClientTest(unittest.TestCase):
        client.del_txt_record(DOMAIN, self.record_name, self.record_content, self.record_ttl)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_get_existing(self, unused_credential_mock):
        client, unused_changes = self._setUp_client_with_mock(
@@ -281,7 +283,7 @@ class GoogleClientTest(unittest.TestCase):
        self.assertEqual(not_found, None)

    @mock.patch('oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name')
-    @mock.patch('certbot_dns_google.dns_google.open',
+    @mock.patch('certbot_dns_google._internal.dns_google.open',
                mock.mock_open(read_data='{"project_id": "' + PROJECT_ID + '"}'), create=True)
    def test_get_existing_fallback(self, unused_credential_mock):
        client, unused_changes = self._setUp_client_with_mock(
@@ -294,7 +296,7 @@ class GoogleClientTest(unittest.TestCase):
        self.assertFalse(rrset)

    def test_get_project_id(self):
-        from certbot_dns_google.dns_google import _GoogleClient
+        from certbot_dns_google._internal.dns_google import _GoogleClient

        response = DummyResponse()
        response.status = 200
--- a/certbot-dns-google/setup.py
+++ b/certbot-dns-google/setup.py
@@ -63,7 +63,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-google = certbot_dns_google.dns_google:Authenticator',
+            'dns-google = certbot_dns_google._internal.dns_google:Authenticator',
        ],
    },
    test_suite='certbot_dns_google',
--- a/certbot-dns-linode/certbot_dns_linode/_internal/init.py
+++ b/certbot-dns-linode/certbot_dns_linode/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_linode.dns_linode` plugin."""
--- a/certbot-dns-linode/certbot_dns_linode/_internal/dns_linode.py
+++ b/certbot-dns-linode/certbot_dns_linode/_internal/dns_linode.py
--- a/certbot-dns-linode/certbot_dns_linode/dns_linode_test.py
+++ b/certbot-dns-linode/certbot_dns_linode/dns_linode_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_linode.dns_linode."""
+"""Tests for certbot_dns_linode._internal.dns_linode."""

 import unittest

@@ -9,7 +9,7 @@ from certbot.compat import os
 from certbot.plugins import dns_test_common
 from certbot.plugins import dns_test_common_lexicon
 from certbot.tests import util as test_util
-from certbot_dns_linode.dns_linode import Authenticator
+from certbot_dns_linode._internal.dns_linode import Authenticator

 TOKEN = 'a-token'
 TOKEN_V3 = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64'
@@ -121,7 +121,7 @@ class LinodeLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLex
    DOMAIN_NOT_FOUND = Exception('Domain not found')

    def setUp(self):
-        from certbot_dns_linode.dns_linode import _LinodeLexiconClient
+        from certbot_dns_linode._internal.dns_linode import _LinodeLexiconClient

        self.client = _LinodeLexiconClient(TOKEN, 3)

@@ -133,7 +133,7 @@ class Linode4LexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLe
    DOMAIN_NOT_FOUND = Exception('Domain not found')

    def setUp(self):
-        from certbot_dns_linode.dns_linode import _LinodeLexiconClient
+        from certbot_dns_linode._internal.dns_linode import _LinodeLexiconClient

        self.client = _LinodeLexiconClient(TOKEN, 4)

--- a/certbot-dns-linode/setup.py
+++ b/certbot-dns-linode/setup.py
@@ -58,7 +58,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-linode = certbot_dns_linode.dns_linode:Authenticator',
+            'dns-linode = certbot_dns_linode._internal.dns_linode:Authenticator',
        ],
    },
    test_suite='certbot_dns_linode',
--- a/certbot-dns-luadns/certbot_dns_luadns/_internal/init.py
+++ b/certbot-dns-luadns/certbot_dns_luadns/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_luadns.dns_luadns` plugin."""
--- a/certbot-dns-luadns/certbot_dns_luadns/_internal/dns_luadns.py
+++ b/certbot-dns-luadns/certbot_dns_luadns/_internal/dns_luadns.py
--- a/certbot-dns-luadns/certbot_dns_luadns/dns_luadns_test.py
+++ b/certbot-dns-luadns/certbot_dns_luadns/dns_luadns_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_luadns.dns_luadns."""
+"""Tests for certbot_dns_luadns._internal.dns_luadns."""

 import unittest

@@ -20,7 +20,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_luadns.dns_luadns import Authenticator
+        from certbot_dns_luadns._internal.dns_luadns import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"luadns_email": EMAIL, "luadns_token": TOKEN}, path)
@@ -40,7 +40,7 @@ class LuaDNSLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLex
    LOGIN_ERROR = HTTPError("401 Client Error: Unauthorized for url: ...")

    def setUp(self):
-        from certbot_dns_luadns.dns_luadns import _LuaDNSLexiconClient
+        from certbot_dns_luadns._internal.dns_luadns import _LuaDNSLexiconClient

        self.client = _LuaDNSLexiconClient(EMAIL, TOKEN, 0)

--- a/certbot-dns-luadns/setup.py
+++ b/certbot-dns-luadns/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-luadns = certbot_dns_luadns.dns_luadns:Authenticator',
+            'dns-luadns = certbot_dns_luadns._internal.dns_luadns:Authenticator',
        ],
    },
    test_suite='certbot_dns_luadns',
--- a/certbot-dns-nsone/certbot_dns_nsone/_internal/init.py
+++ b/certbot-dns-nsone/certbot_dns_nsone/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_nsone.dns_nsone` plugin."""
--- a/certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py
+++ b/certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py
--- a/certbot-dns-nsone/certbot_dns_nsone/dns_nsone_test.py
+++ b/certbot-dns-nsone/certbot_dns_nsone/dns_nsone_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_nsone.dns_nsone."""
+"""Tests for certbot_dns_nsone._internal.dns_nsone."""

 import unittest

@@ -20,7 +20,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_nsone.dns_nsone import Authenticator
+        from certbot_dns_nsone._internal.dns_nsone import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write({"nsone_api_key": API_KEY}, path)
@@ -40,7 +40,7 @@ class NS1LexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexico
    LOGIN_ERROR = HTTPError('401 Client Error: Unauthorized for url: {0}.'.format(DOMAIN))

    def setUp(self):
-        from certbot_dns_nsone.dns_nsone import _NS1LexiconClient
+        from certbot_dns_nsone._internal.dns_nsone import _NS1LexiconClient

        self.client = _NS1LexiconClient(API_KEY, 0)

--- a/certbot-dns-nsone/setup.py
+++ b/certbot-dns-nsone/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-nsone = certbot_dns_nsone.dns_nsone:Authenticator',
+            'dns-nsone = certbot_dns_nsone._internal.dns_nsone:Authenticator',
        ],
    },
    test_suite='certbot_dns_nsone',
--- a/certbot-dns-ovh/certbot_dns_ovh/_internal/init.py
+++ b/certbot-dns-ovh/certbot_dns_ovh/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_ovh.dns_ovh` plugin."""
--- a/certbot-dns-ovh/certbot_dns_ovh/_internal/dns_ovh.py
+++ b/certbot-dns-ovh/certbot_dns_ovh/_internal/dns_ovh.py
--- a/certbot-dns-ovh/certbot_dns_ovh/dns_ovh_test.py
+++ b/certbot-dns-ovh/certbot_dns_ovh/dns_ovh_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_ovh.dns_ovh."""
+"""Tests for certbot_dns_ovh._internal.dns_ovh."""

 import unittest

@@ -22,7 +22,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_ovh.dns_ovh import Authenticator
+        from certbot_dns_ovh._internal.dns_ovh import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        credentials = {
@@ -48,7 +48,7 @@ class OVHLexiconClientTest(unittest.TestCase, dns_test_common_lexicon.BaseLexico
    LOGIN_ERROR = HTTPError('403 Client Error: Forbidden for url: https://eu.api.ovh.com/1.0/...')

    def setUp(self):
-        from certbot_dns_ovh.dns_ovh import _OVHLexiconClient
+        from certbot_dns_ovh._internal.dns_ovh import _OVHLexiconClient

        self.client = _OVHLexiconClient(
            ENDPOINT, APPLICATION_KEY, APPLICATION_SECRET, CONSUMER_KEY, 0
--- a/certbot-dns-ovh/setup.py
+++ b/certbot-dns-ovh/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-ovh = certbot_dns_ovh.dns_ovh:Authenticator',
+            'dns-ovh = certbot_dns_ovh._internal.dns_ovh:Authenticator',
        ],
    },
    test_suite='certbot_dns_ovh',
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/init.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_rfc2136.dns_rfc2136` plugin."""
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136_test.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_rfc2136.dns_rfc2136."""
+"""Tests for certbot_dns_rfc2136._internal.dns_rfc2136."""

 import unittest

@@ -23,7 +23,7 @@ VALID_CONFIG = {"rfc2136_server": SERVER, "rfc2136_name": NAME, "rfc2136_secret"
 class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthenticatorTest):

    def setUp(self):
-        from certbot_dns_rfc2136.dns_rfc2136 import Authenticator
+        from certbot_dns_rfc2136._internal.dns_rfc2136 import Authenticator

        super(AuthenticatorTest, self).setUp()

@@ -73,7 +73,7 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
 class RFC2136ClientTest(unittest.TestCase):

    def setUp(self):
-        from certbot_dns_rfc2136.dns_rfc2136 import _RFC2136Client
+        from certbot_dns_rfc2136._internal.dns_rfc2136 import _RFC2136Client

        self.rfc2136_client = _RFC2136Client(SERVER, PORT, NAME, SECRET, dns.tsig.HMAC_MD5)

--- a/certbot-dns-rfc2136/setup.py
+++ b/certbot-dns-rfc2136/setup.py
@@ -60,7 +60,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-rfc2136 = certbot_dns_rfc2136.dns_rfc2136:Authenticator',
+            'dns-rfc2136 = certbot_dns_rfc2136._internal.dns_rfc2136:Authenticator',
        ],
    },
    test_suite='certbot_dns_rfc2136',
--- a/certbot-dns-route53/certbot_dns_route53/_internal/init.py
+++ b/certbot-dns-route53/certbot_dns_route53/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_route53.dns_route53` plugin."""
--- a/certbot-dns-route53/certbot_dns_route53/_internal/dns_route53.py
+++ b/certbot-dns-route53/certbot_dns_route53/_internal/dns_route53.py
--- a/certbot-dns-route53/certbot_dns_route53/authenticator.py
+++ b/certbot-dns-route53/certbot_dns_route53/authenticator.py
@@ -1,16 +1,17 @@
-"""Shim around `~certbot_dns_route53.dns_route53` for backwards compatibility."""
+"""Shim around `~certbot_dns_route53._internal.dns_route53` for backwards compatibility."""
 import warnings

 import zope.interface

 from certbot import interfaces
-from certbot_dns_route53 import dns_route53
+from certbot_dns_route53._internal import dns_route53


@zope.interface.implementer(interfaces.IAuthenticator)
@zope.interface.provider(interfaces.IPluginFactory)
 class Authenticator(dns_route53.Authenticator):
-    """Shim around `~certbot_dns_route53.dns_route53.Authenticator` for backwards compatibility."""
+    """Shim around `~certbot_dns_route53._internal.dns_route53.Authenticator`
+       for backwards compatibility."""

    hidden = True

--- a/certbot-dns-route53/certbot_dns_route53/dns_route53_test.py
+++ b/certbot-dns-route53/certbot_dns_route53/dns_route53_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_route53.dns_route53.Authenticator"""
+"""Tests for certbot_dns_route53._internal.dns_route53.Authenticator"""

 import unittest

@@ -15,7 +15,7 @@ class AuthenticatorTest(unittest.TestCase, dns_test_common.BaseAuthenticatorTest
    # pylint: disable=protected-access

    def setUp(self):
-        from certbot_dns_route53.dns_route53 import Authenticator
+        from certbot_dns_route53._internal.dns_route53 import Authenticator

        super(AuthenticatorTest, self).setUp()

@@ -122,7 +122,7 @@ class ClientTest(unittest.TestCase):
                            }

    def setUp(self):
-        from certbot_dns_route53.dns_route53 import Authenticator
+        from certbot_dns_route53._internal.dns_route53 import Authenticator

        super(ClientTest, self).setUp()

--- a/certbot-dns-route53/setup.py
+++ b/certbot-dns-route53/setup.py
@@ -51,7 +51,7 @@ setup(
    keywords=['certbot', 'route53', 'aws'],
    entry_points={
        'certbot.plugins': [
-            'dns-route53 = certbot_dns_route53.dns_route53:Authenticator',
+            'dns-route53 = certbot_dns_route53._internal.dns_route53:Authenticator',
            'certbot-route53:auth = certbot_dns_route53.authenticator:Authenticator'
        ],
    },
--- a/certbot-dns-sakuracloud/certbot_dns_sakuracloud/_internal/init.py
+++ b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/_internal/init.py
@@ -0,0 +1 @@
+"""Internal implementation of `~certbot_dns_sakuracloud.dns_sakuracloud` plugin."""
--- a/certbot-dns-sakuracloud/certbot_dns_sakuracloud/_internal/dns_sakuracloud.py
+++ b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/_internal/dns_sakuracloud.py
--- a/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud_test.py
+++ b/certbot-dns-sakuracloud/certbot_dns_sakuracloud/dns_sakuracloud_test.py
@@ -1,4 +1,4 @@
-"""Tests for certbot_dns_sakuracloud.dns_sakuracloud."""
+"""Tests for certbot_dns_sakuracloud._internal.dns_sakuracloud."""

 import unittest

@@ -20,7 +20,7 @@ class AuthenticatorTest(test_util.TempDirTestCase,
    def setUp(self):
        super(AuthenticatorTest, self).setUp()

-        from certbot_dns_sakuracloud.dns_sakuracloud import Authenticator
+        from certbot_dns_sakuracloud._internal.dns_sakuracloud import Authenticator

        path = os.path.join(self.tempdir, 'file.ini')
        dns_test_common.write(
@@ -44,7 +44,7 @@ class SakuraCloudLexiconClientTest(unittest.TestCase,
    LOGIN_ERROR = HTTPError('401 Client Error: Unauthorized for url: {0}.'.format(DOMAIN))

    def setUp(self):
-        from certbot_dns_sakuracloud.dns_sakuracloud import _SakuraCloudLexiconClient
+        from certbot_dns_sakuracloud._internal.dns_sakuracloud import _SakuraCloudLexiconClient

        self.client = _SakuraCloudLexiconClient(API_TOKEN, API_SECRET, 0)

--- a/certbot-dns-sakuracloud/setup.py
+++ b/certbot-dns-sakuracloud/setup.py
@@ -59,7 +59,7 @@ setup(
    },
    entry_points={
        'certbot.plugins': [
-            'dns-sakuracloud = certbot_dns_sakuracloud.dns_sakuracloud:Authenticator',
+            'dns-sakuracloud = certbot_dns_sakuracloud._internal.dns_sakuracloud:Authenticator',
        ],
    },
    test_suite='certbot_dns_sakuracloud',
				`@@ -0,0 +1 @@`
				"""Internal implementation of `~certbot_dns_cloudflare.dns_cloudflare` plugin."""