adds 'update PR comment' routes to allowlist (#82)

*Azure DevOps: Get Pull Request Thread, Update Pull Request Comment
*Bitbucket Data Center: Get a single Pull Request Comment, Update a Pull Request Comment
*GitLab: Update Merge Request Note

privatevcs/validation/allowlist/azure_devops.go

@@ -20,6 +20,14 @@ var azureDevOpsPatterns = map[string]azureDevOpsPattern{
 		Method: http.MethodPost,
 		Path:   regexp.MustCompile("/(?P<organization>[^/]+)/(?P<project>[^/]+)/_apis/git/repositories/(?P<repositoryId>[^/]+)/pullRequests/[^/]+/threads$"),
 	},
+	"Get Pull Request Thread": {
+		Method: http.MethodGet,
+		Path:   regexp.MustCompile("/(?P<organization>[^/]+)/(?P<project>[^/]+)/_apis/git/repositories/(?P<repositoryId>[^/]+)/pullRequests/[^/]+/threads/[0-9]+$"),
+	},
+	"Update Pull Request Comment": {
+		Method: http.MethodPatch,
+		Path:   regexp.MustCompile("/(?P<organization>[^/]+)/(?P<project>[^/]+)/_apis/git/repositories/(?P<repositoryId>[^/]+)/pullRequests/[^/]+/threads/[0-9]+/comments/[0-9]+$"),
+	},
 	"List Branch Stats": {
 		Method: http.MethodGet,
 		Path:   regexp.MustCompile("/(?P<organization>[^/]+)/(?P<project>[^/]+)/_apis/git/repositories/(?P<repositoryId>[^/]+)/stats/branches$"),

privatevcs/validation/allowlist/azure_devops_test.go

@@ -125,6 +125,18 @@ func TestAzureDevOpsValidation(t *testing.T) {
 		// 	matches: false,
 		// 	method:  http.MethodGet,
 		// },
+		{
+			path:    "/spacelift-development/backend/_apis/git/repositories/spacelift-dev-stack/pullRequests/123/threads/1",
+			matches: true,
+			name:    "Get Pull Request Thread",
+			method:  http.MethodGet,
+		},
+		{
+			path:    "/spacelift-development/backend/_apis/git/repositories/spacelift-dev-stack/pullRequests/123/threads/1/comments/1",
+			matches: true,
+			name:    "Update Pull Request Comment",
+			method:  http.MethodPatch,
+		},
 	}
 
 	executeTestCase := func(testCase azureDevOpsTestCase) {

privatevcs/validation/allowlist/bitbucket_datacenter.go

@@ -72,6 +72,14 @@ var bitbucketDatacenterPatterns = map[string]bitbucketDatacenterPattern{
 		Method: http.MethodGet,
 		Path:   regexp.MustCompile("^/rest/api/1.0/projects/(?P<projectKey>[^/]+)/repos/(?P<repositorySlug>[^/]+)/compare/commits$"),
 	},
+	"Get a single Pull Request Comment": {
+		Method: http.MethodGet,
+		Path:   regexp.MustCompile("^/rest/api/1.0/projects/(?P<projectKey>[^/]+)/repos/(?P<repositorySlug>[^/]+)/pull-requests/[0-9]+/comments/[0-9]+$"),
+	},
+	"Update a Pull Request Comment": {
+		Method: http.MethodPut,
+		Path:   regexp.MustCompile("^/rest/api/1.0/projects/(?P<projectKey>[^/]+)/repos/(?P<repositorySlug>[^/]+)/pull-requests/[0-9]+/comments/[0-9]+$"),
+	},
 }
 
 func matchBitbucketDatacenterRequest(r *http.Request) (string, string, error) {

privatevcs/validation/allowlist/gitlab.go

@@ -100,6 +100,10 @@ var gitlabPatterns = map[string]gitlabPattern{
 		Method: http.MethodPost,
 		Path:   regexp.MustCompile("^/api/v4/projects/(?P<project>[^/]+)/merge_requests/[0-9]+/notes$"),
 	},
+	"Update Merge Request Note": {
+		Method: http.MethodPut,
+		Path:   regexp.MustCompile("^/api/v4/projects/(?P<project>[^/]+)/merge_requests/[0-9]+/notes/[0-9]+$"),
+	},
 	"Git Clone - info/refs": {
 		Method: http.MethodGet,
 		Path:   regexp.MustCompile(`^/(?P<project>[^/]+\/[^/]+)\.git/info/refs$`),

privatevcs/validation/allowlist/match_request.go

@@ -8,7 +8,7 @@ import (
 )
 
 // ErrNoMatch is returned when the request didn't match any planned API usage.
-var ErrNoMatch = fmt.Errorf("no match for request")
+var ErrNoMatch = fmt.Errorf("vcs-agent: no match for request")
 
 var vendorMatchers = map[validation.Vendor]func(r *http.Request) (name string, project string, err error){
 	validation.AzureDevOps:         matchAzureDevOpsRequest,