feat: add Network ACLs management API support

src/API/Management.php

@@ -4,9 +4,9 @@
 
 namespace Auth0\SDK\API;
 
-use Auth0\SDK\API\Management\{Actions, AttackProtection, Blacklists, ClientGrants, Clients, Connections, DeviceCredentials, EmailTemplates, Emails, Grants, Guardian, Jobs, Keys, LogStreams, Logs, Organizations, RefreshTokens, ResourceServers, Roles, Rules, Sessions, Stats, Tenants, Tickets, UserBlocks, Users, UsersByEmail};
+use Auth0\SDK\API\Management\{Actions, AttackProtection, Blacklists, ClientGrants, Clients, Connections, DeviceCredentials, EmailTemplates, Emails, Grants, Guardian, Jobs, Keys, LogStreams, Logs, NetworkAcls, Organizations, RefreshTokens, ResourceServers, Roles, Rules, Sessions, Stats, Tenants, Tickets, UserBlocks, Users, UsersByEmail};
 use Auth0\SDK\Configuration\SdkConfiguration;
-use Auth0\SDK\Contract\API\Management\{ActionsInterface, AttackProtectionInterface, BlacklistsInterface, ClientGrantsInterface, ClientsInterface, ConnectionsInterface, DeviceCredentialsInterface, EmailTemplatesInterface, EmailsInterface, GrantsInterface, GuardianInterface, JobsInterface, KeysInterface, LogStreamsInterface, LogsInterface, OrganizationsInterface, RefreshTokensInterface, ResourceServersInterface, RolesInterface, RulesInterface, SessionsInterface, StatsInterface, TenantsInterface, TicketsInterface, UserBlocksInterface, UsersByEmailInterface, UsersInterface};
+use Auth0\SDK\Contract\API\Management\{ActionsInterface, AttackProtectionInterface, BlacklistsInterface, ClientGrantsInterface, ClientsInterface, ConnectionsInterface, DeviceCredentialsInterface, EmailTemplatesInterface, EmailsInterface, GrantsInterface, GuardianInterface, JobsInterface, KeysInterface, LogStreamsInterface, LogsInterface, NetworkAclsInterface, OrganizationsInterface, RefreshTokensInterface, ResourceServersInterface, RolesInterface, RulesInterface, SessionsInterface, StatsInterface, TenantsInterface, TicketsInterface, UserBlocksInterface, UsersByEmailInterface, UsersInterface};
 use Auth0\SDK\Contract\API\{AuthenticationInterface, ManagementInterface};
 use Auth0\SDK\Utility\{HttpClient, HttpResponse, HttpResponsePaginator};
 use Psr\Cache\CacheItemPoolInterface;
@@ -197,6 +197,11 @@ public function logStreams(): LogStreamsInterface
         return LogStreams::instance($this->getHttpClient());
     }
 
+    public function networkAcls(): NetworkAclsInterface
+    {
+        return NetworkAcls::instance($this->getHttpClient());
+    }
+
     public function organizations(): OrganizationsInterface
     {
         return Organizations::instance($this->getHttpClient());

src/API/Management/NetworkAcls.php

@@ -0,0 +1,149 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Auth0\SDK\API\Management;
+
+use Auth0\SDK\Contract\API\Management\NetworkAclsInterface;
+use Auth0\SDK\Utility\Request\RequestOptions;
+use Auth0\SDK\Utility\Toolkit;
+use Psr\Http\Message\ResponseInterface;
+
+/**
+ * Handles requests to the Network Acls endpoint of the v2 Management API.
+ *
+ * @see https://auth0.com/docs/api/management/v2#!/Network_Acls
+ */
+final class NetworkAcls extends ManagementEndpoint implements NetworkAclsInterface
+{
+    public function create(
+        string $description,
+        bool $active,
+        int $priority,
+        array $rule,
+        ?array $additional = null,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$description] = Toolkit::filter([$description])->string()->trim();
+        [$rule, $additional] = Toolkit::filter([$rule, $additional])->array()->trim();
+
+        Toolkit::assert([
+            [$description, \Auth0\SDK\Exception\ArgumentException::missing('description')],
+        ])->isString();
+
+        Toolkit::assert([
+            [$active, \Auth0\SDK\Exception\ArgumentException::missing('active')],
+        ])->isBoolean();
+
+        Toolkit::assert([
+            [$priority, \Auth0\SDK\Exception\ArgumentException::missing('priority')],
+        ])->isInteger();
+
+        Toolkit::assert([
+            [$rule, \Auth0\SDK\Exception\ArgumentException::missing('rule')],
+        ])->isArray();
+
+        /** @var array<mixed> $additional */
+
+        return $this->getHttpClient()
+            ->method('post')->addPath(['network-acls'])
+            ->withBody(
+                (object) Toolkit::merge([[
+                    'description' => $description,
+                    'active' => $active,
+                    'priority' => $priority,
+                    'rule' => (object) $rule,
+                ], $additional]),
+            )
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function delete(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('delete')->addPath(['network-acls', $id])
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function get(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        return $this->getHttpClient()
+            ->method('get')->addPath(['network-acls', $id])
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function getAll(
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        return $this->getHttpClient()
+            ->method('get')
+            ->addPath(['network-acls'])
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function patch(
+        string $id,
+        array $body,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+        [$body] = Toolkit::filter([$body])->array()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        Toolkit::assert([
+            [$body, \Auth0\SDK\Exception\ArgumentException::missing('body')],
+        ])->isArray();
+
+        return $this->getHttpClient()
+            ->method('patch')->addPath(['network-acls', $id])
+            ->withBody((object) $body)
+            ->withOptions($options)
+            ->call();
+    }
+
+    public function update(
+        string $id,
+        array $body,
+        ?RequestOptions $options = null,
+    ): ResponseInterface {
+        [$id] = Toolkit::filter([$id])->string()->trim();
+        [$body] = Toolkit::filter([$body])->array()->trim();
+
+        Toolkit::assert([
+            [$id, \Auth0\SDK\Exception\ArgumentException::missing('id')],
+        ])->isString();
+
+        Toolkit::assert([
+            [$body, \Auth0\SDK\Exception\ArgumentException::missing('body')],
+        ])->isArray();
+
+        return $this->getHttpClient()
+            ->method('put')->addPath(['network-acls', $id])
+            ->withBody((object) $body)
+            ->withOptions($options)
+            ->call();
+    }
+}

src/Contract/API/Management/NetworkAclsInterface.php

@@ -0,0 +1,122 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Auth0\SDK\Contract\API\Management;
+
+use Auth0\SDK\Utility\Request\RequestOptions;
+use Psr\Http\Message\ResponseInterface;
+
+interface NetworkAclsInterface
+{
+    /**
+     * Create a new Access Control List.
+     * Required scope: `create:network_acls`.
+     *
+     * @param string              $description the type of log stream being created
+     * @param bool                $active      whether the ACL is active or not
+     * @param int                 $priority    the order in which the ACL will be evaluated relative to other ACL rules
+     * @param array<string>       $rule        the rules to apply to the ACL
+     * @param null|array<mixed>   $additional  Optional. Additional body content to pass with the API request. See @see for supported options.
+     * @param null|RequestOptions $options     Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `type` or `sink` are provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Network_Acls/post_network_acls
+     */
+    public function create(
+        string $description,
+        bool $active,
+        int $priority,
+        array $rule,
+        ?array $additional = null,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Delete an Access Control List.
+     * Required scope: `delete:network_acls`.
+     *
+     * @param string              $id      ID of the Access Control List to delete
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Network_Acls/delete_network_acls_by_id
+     */
+    public function delete(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Get a Single Access Control List.
+     * Required scope: `read:network_acls`.
+     *
+     * @param string              $id      log Stream ID to query
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Network_Acls/get_network_acls_by_id
+     */
+    public function get(
+        string $id,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Get all Access Control Lists.
+     * Required scope: `read:network_acls`.
+     *
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\NetworkException when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Network_Acls/get_network_acls
+     */
+    public function getAll(
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Update partially an existing Access Control List.
+     * Required scope: `update:network_acls`.
+     *
+     * @param string              $id      ID of the Access Control List to update
+     * @param array<mixed>        $body    Log Stream data to update. Only certain fields are update-able; see the linked documentation.
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Network_Acls/patch_network_acls_by_id
+     */
+    public function patch(
+        string $id,
+        array $body,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+
+    /**
+     * Update an existing Access Control List.
+     * Required scope: `update:network_acls`.
+     *
+     * @param string              $id      ID of the Access Control List to update
+     * @param array<mixed>        $body    Log Stream data to update. Only certain fields are update-able; see the linked documentation.
+     * @param null|RequestOptions $options Optional. Additional request options to use, such as a field filtering or pagination. (Not all endpoints support these. See @see for supported options.)
+     *
+     * @throws \Auth0\SDK\Exception\ArgumentException when an invalid `id` is provided
+     * @throws \Auth0\SDK\Exception\NetworkException  when the API request fails due to a network error
+     *
+     * @see https://auth0.com/docs/api/management/v2#!/Network_Acls/put_network_acls_by_id
+     */
+    public function update(
+        string $id,
+        array $body,
+        ?RequestOptions $options = null,
+    ): ResponseInterface;
+}

src/Contract/API/ManagementInterface.php

@@ -4,7 +4,7 @@
 
 namespace Auth0\SDK\Contract\API;
 
-use Auth0\SDK\Contract\API\Management\{ActionsInterface, BlacklistsInterface, ClientGrantsInterface, ClientsInterface, ConnectionsInterface, DeviceCredentialsInterface, EmailTemplatesInterface, EmailsInterface, GrantsInterface, GuardianInterface, JobsInterface, LogStreamsInterface, LogsInterface, OrganizationsInterface, ResourceServersInterface, RolesInterface, RulesInterface, StatsInterface, TenantsInterface, TicketsInterface, UserBlocksInterface, UsersByEmailInterface, UsersInterface};
+use Auth0\SDK\Contract\API\Management\{ActionsInterface, BlacklistsInterface, ClientGrantsInterface, ClientsInterface, ConnectionsInterface, DeviceCredentialsInterface, EmailTemplatesInterface, EmailsInterface, GrantsInterface, GuardianInterface, JobsInterface, LogStreamsInterface, LogsInterface, NetworkAclsInterface, OrganizationsInterface, ResourceServersInterface, RolesInterface, RulesInterface, StatsInterface, TenantsInterface, TicketsInterface, UserBlocksInterface, UsersByEmailInterface, UsersInterface};
 use Auth0\SDK\Utility\HttpResponsePaginator;
 
 interface ManagementInterface extends ClientInterface
@@ -40,6 +40,8 @@ public function logs(): LogsInterface;
 
     public function logStreams(): LogStreamsInterface;
 
+    public function networkAcls(): NetworkAclsInterface;
+
     public function organizations(): OrganizationsInterface;
 
     public function resourceServers(): ResourceServersInterface;

src/Utility/Toolkit/Assert.php

@@ -8,6 +8,8 @@
 use Throwable;
 
 use function is_array;
+use function is_bool;
+use function is_int;
 use function is_string;
 
 final class Assert
@@ -40,6 +42,20 @@ public function isArray(): void
         }
     }
 
+    /**
+     * Check that a variable is a boolean and is not null.
+     *
+     * @throws Exception when subject is not a boolean or is null
+     */
+    public function isBoolean(): void
+    {
+        foreach ($this->subjects as [$value, $exception]) {
+            if (! is_bool($value)) {
+                throw $exception;
+            }
+        }
+    }
+
     /**
      * Check that a variable is a non-empty string that contains a valid email address.
      *
@@ -54,6 +70,20 @@ public function isEmail(): void
         }
     }
 
+    /**
+     * Check that a variable is an integer and is not null.
+     *
+     * @throws Exception when subject is not an integer or is null
+     */
+    public function isInteger(): void
+    {
+        foreach ($this->subjects as [$value, $exception]) {
+            if (! is_int($value)) {
+                throw $exception;
+            }
+        }
+    }
+
     /**
      * Check for invalid permissions with an array of permissions.
      *