Merge pull request #35 from Scalr/feature/SCALRCORE-18479

SCALRCORE-18479 > Add examples for merged pull request

Author: rtfee

.github/workflows/opa.yml

@@ -29,6 +29,7 @@ jobs:
           management/whitelist_ami.rego;management/whitelist_ami_test.rego;management/whitelist_ami_mock.json
           management/workspace_name.rego;management/workspace_name_test.rego;management/workspace_name_mock.json
           management/workspace_destroy.rego;management/workspace_destroy_test.rego;management/workspace_destroy_mock.json
+          management/pull_requests.rego;management/pull_requests_test.rego;management/pull_requests_mock.json
           management/workspace_tags.rego;management/workspace_tags_test.rego;management/workspace_tags_mock.json
           modules/pin_module_version.rego;modules/pin_module_version_test.rego;modules/pin_module_version_mock.json;
           modules/required_modules.rego;modules/required_modules_test.rego;modules/required_modules_mock.json;

management/pull_requests.rego

@@ -0,0 +1,10 @@
+package terraform
+
+import input.tfrun as tfrun
+
+deny["Merged by and PR author are the same person"] {
+    not is_null(tfrun.vcs)
+    pr := tfrun.vcs.pull_request
+    not is_null(pr)
+    pr.merged_by == pr.author
+}

management/pull_requests_mock.json

@@ -0,0 +1,31 @@
+{
+	"mock": {
+        "same": {
+            "tfrun": {
+                "vcs": {
+                    "pull_request": {
+                        "author": "user",
+                        "merged_by": "user"
+                    }
+                }
+            }
+        },
+        "not_same": {
+            "tfrun": {
+                "vcs": {
+                    "pull_request": {
+                        "author": "user",
+                        "merged_by": "another_user"
+                    }
+                }
+            }
+        },
+        "no_pr": {
+            "tfrun": {
+                "vcs": {
+                    "pull_request": null
+                }
+            }
+        }
+    }
+}

management/pull_requests_test.rego

@@ -0,0 +1,17 @@
+package terraform
+
+test_pull_request_author_merged_by_are_same {
+    result = deny with input as data.mock.same
+    count(result) == 1
+}
+
+test_pull_request_author_merged_by_are_not_same {
+    result = deny with input as data.mock.not_same
+    count(result) == 0
+}
+
+test_commit_without_pull_request {
+    result = deny with input as data.mock.no_pr
+    count(result) == 0
+}
+