From 96e984a29bb529c7e81d3649f202edf0ee7389d5 Mon Sep 17 00:00:00 2001 From: Harshith Rai Date: Wed, 13 May 2026 11:22:07 +0530 Subject: [PATCH 1/4] feat: add hostnames and connecting IP CIDR fields to network ACL match schema --- src/tools/auth0/handlers/networkACLs.ts | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/tools/auth0/handlers/networkACLs.ts b/src/tools/auth0/handlers/networkACLs.ts index 0090679e4..dc1717393 100644 --- a/src/tools/auth0/handlers/networkACLs.ts +++ b/src/tools/auth0/handlers/networkACLs.ts @@ -137,6 +137,33 @@ const MatchSchema = { minItems: 1, maxItems: 10, }, + hostnames: { + type: 'array', + items: { + type: 'string', + }, + uniqueItems: true, + minItems: 1, + maxItems: 10, + }, + connecting_ipv4_cidrs: { + type: 'array', + items: { + type: 'string', + }, + uniqueItems: true, + minItems: 1, + maxItems: 10, + }, + connecting_ipv6_cidrs: { + type: 'array', + items: { + type: 'string', + }, + uniqueItems: true, + minItems: 1, + maxItems: 10, + }, }, additionalProperties: false, }; From 67fc0af0fd4b8cf42f9babd2970103d5e8e8a14c Mon Sep 17 00:00:00 2001 From: Harshith Rai Date: Wed, 13 May 2026 11:27:43 +0530 Subject: [PATCH 2/4] test: add validation tests for hostnames and connecting IP CIDR match fields --- test/tools/auth0/handlers/networkACLs.test.ts | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/test/tools/auth0/handlers/networkACLs.test.ts b/test/tools/auth0/handlers/networkACLs.test.ts index 9367af987..0dac2da2e 100644 --- a/test/tools/auth0/handlers/networkACLs.test.ts +++ b/test/tools/auth0/handlers/networkACLs.test.ts @@ -59,6 +59,66 @@ describe('#networkACLs handler', () => { await stageFn.apply(handler, [{ networkACLs: data }]); }); + + it('should pass validation with hostnames in match', async () => { + const handler = new NetworkACLsHandler({ client: {}, config } as any); + const stageFn = Object.getPrototypeOf(handler).validate; + const data = [ + { + description: 'Block Canonical Domain', + active: true, + priority: 1, + rule: { + action: { block: true }, + scope: 'tenant', + match: { + hostnames: ['mytenant.auth0.com'], + }, + }, + }, + ]; + await stageFn.apply(handler, [{ networkACLs: data }]); + }); + + it('should pass validation with connecting_ipv4_cidrs in match', async () => { + const handler = new NetworkACLsHandler({ client: {}, config } as any); + const stageFn = Object.getPrototypeOf(handler).validate; + const data = [ + { + description: 'Block Connecting IPv4 Range', + active: true, + priority: 2, + rule: { + action: { block: true }, + scope: 'authentication', + match: { + connecting_ipv4_cidrs: ['10.0.0.0/8'], + }, + }, + }, + ]; + await stageFn.apply(handler, [{ networkACLs: data }]); + }); + + it('should pass validation with connecting_ipv6_cidrs in not_match', async () => { + const handler = new NetworkACLsHandler({ client: {}, config } as any); + const stageFn = Object.getPrototypeOf(handler).validate; + const data = [ + { + description: 'Allow Specific IPv6 Range', + active: true, + priority: 3, + rule: { + action: { allow: true }, + scope: 'management', + not_match: { + connecting_ipv6_cidrs: ['2001:db8::/32'], + }, + }, + }, + ]; + await stageFn.apply(handler, [{ networkACLs: data }]); + }); }); describe('#networkACLs process', () => { From e662841a80852dffbc86845eb18042f34cefd9f9 Mon Sep 17 00:00:00 2001 From: Harshith Rai Date: Mon, 18 May 2026 16:55:13 +0530 Subject: [PATCH 3/4] fix: remove min/max constraints and consolidate validation tests for network ACL match fields --- src/tools/auth0/handlers/networkACLs.ts | 6 -- test/tools/auth0/handlers/networkACLs.test.ts | 59 +------------------ 2 files changed, 1 insertion(+), 64 deletions(-) diff --git a/src/tools/auth0/handlers/networkACLs.ts b/src/tools/auth0/handlers/networkACLs.ts index dc1717393..fc35d84b0 100644 --- a/src/tools/auth0/handlers/networkACLs.ts +++ b/src/tools/auth0/handlers/networkACLs.ts @@ -143,8 +143,6 @@ const MatchSchema = { type: 'string', }, uniqueItems: true, - minItems: 1, - maxItems: 10, }, connecting_ipv4_cidrs: { type: 'array', @@ -152,8 +150,6 @@ const MatchSchema = { type: 'string', }, uniqueItems: true, - minItems: 1, - maxItems: 10, }, connecting_ipv6_cidrs: { type: 'array', @@ -161,8 +157,6 @@ const MatchSchema = { type: 'string', }, uniqueItems: true, - minItems: 1, - maxItems: 10, }, }, additionalProperties: false, diff --git a/test/tools/auth0/handlers/networkACLs.test.ts b/test/tools/auth0/handlers/networkACLs.test.ts index 0dac2da2e..6c8295cc2 100644 --- a/test/tools/auth0/handlers/networkACLs.test.ts +++ b/test/tools/auth0/handlers/networkACLs.test.ts @@ -52,71 +52,14 @@ describe('#networkACLs handler', () => { scope: 'tenant', match: { asns: [12345], - }, - }, - }, - ]; - - await stageFn.apply(handler, [{ networkACLs: data }]); - }); - - it('should pass validation with hostnames in match', async () => { - const handler = new NetworkACLsHandler({ client: {}, config } as any); - const stageFn = Object.getPrototypeOf(handler).validate; - const data = [ - { - description: 'Block Canonical Domain', - active: true, - priority: 1, - rule: { - action: { block: true }, - scope: 'tenant', - match: { hostnames: ['mytenant.auth0.com'], - }, - }, - }, - ]; - await stageFn.apply(handler, [{ networkACLs: data }]); - }); - - it('should pass validation with connecting_ipv4_cidrs in match', async () => { - const handler = new NetworkACLsHandler({ client: {}, config } as any); - const stageFn = Object.getPrototypeOf(handler).validate; - const data = [ - { - description: 'Block Connecting IPv4 Range', - active: true, - priority: 2, - rule: { - action: { block: true }, - scope: 'authentication', - match: { connecting_ipv4_cidrs: ['10.0.0.0/8'], - }, - }, - }, - ]; - await stageFn.apply(handler, [{ networkACLs: data }]); - }); - - it('should pass validation with connecting_ipv6_cidrs in not_match', async () => { - const handler = new NetworkACLsHandler({ client: {}, config } as any); - const stageFn = Object.getPrototypeOf(handler).validate; - const data = [ - { - description: 'Allow Specific IPv6 Range', - active: true, - priority: 3, - rule: { - action: { allow: true }, - scope: 'management', - not_match: { connecting_ipv6_cidrs: ['2001:db8::/32'], }, }, }, ]; + await stageFn.apply(handler, [{ networkACLs: data }]); }); }); From 323e528286362ff5e9749cf4e35fb61200e53175 Mon Sep 17 00:00:00 2001 From: Harshith Rai Date: Wed, 20 May 2026 11:41:05 +0530 Subject: [PATCH 4/4] test: add new match fields to sampleNetworkACL to cover create/update tests --- test/tools/auth0/handlers/networkACLs.test.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/tools/auth0/handlers/networkACLs.test.ts b/test/tools/auth0/handlers/networkACLs.test.ts index 6c8295cc2..68949475d 100644 --- a/test/tools/auth0/handlers/networkACLs.test.ts +++ b/test/tools/auth0/handlers/networkACLs.test.ts @@ -23,6 +23,9 @@ const sampleNetworkACL = { scope: 'tenant', match: { asns: [12345], + hostnames: ['mytenant.auth0.com'], + connecting_ipv4_cidrs: ['10.0.0.0/8'], + connecting_ipv6_cidrs: ['2001:db8::/32'], }, }, };