Add support for Content Security Policy (CSP) settings

[valentijnscholten]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 7.26.0
• Ruby: 2.7.4
• Distribution: Debian
• Module version: 10.0.0

How to reproduce (e.g Puppet code you use)

The current module doesn't support content security policy settings.

What are you seeing

The current module doesn't support content security policy settings.

What behaviour did you expect instead

Support for setting the content security policy settings

Any additional information you'd like to impart

From: https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-security-policy

Basic example (by default it is disabled)

gitlab_rails['content_security_policy'] = {
    enabled: true,
    report_only: false
}

Supported directives:

gitlab_rails['content_security_policy'] = {
  'enabled' => false,
  'report_only' => false,
  # Each directive is a String (e.g. "'self'").
  # This section only needs to be set if you need custom CSP directives
  # See https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-security-policy
  'directives' => {
    'base_uri' => nil,
    'child_src' => nil,
    'connect_src' => nil,
    'default_src' => nil,
    'font_src' => nil,
    'form_action' => nil,
    'frame_ancestors' => nil,
    'frame_src' => nil,
    'img_src' => nil,
    'manifest_src' => nil,
    'media_src' => nil,
    'object_src' => nil,
    'script_src' => nil,
    'style_src' => nil,
    'worker_src' => nil,
    'report_uri' => nil,
  }
 }

[valentijnscholten]

Looks like it's already possible via something like:

      # CSP settings
      'content_security_policy' => {
        'enabled' => true,
        'directives' => {
          'frame_ancestors' => 'self'
        }
      }

Sorry, puppet newbie here.