How are equal hashes from multiple gitlab.rb files merged?

Question

In a GitLab configuration file (gitlab.rc) an additional config file can be referenced:

from_file "/home/admin/external_gitlab.rb"

The documentation states the following:

Any configuration that is set in /etc/gitlab/gitlab.rb after from_file is included, takes precedence over the configuration from the included file.

Does this imply that a hash with equal names (e.g. gitlab_rails['env']) is overwritten? Or are only the keys overwritten?

Use case

I'd like to make an additional proxy_gitlab.rb, which is referenced from the gitlab.rb with some proxy settings:

gitlab_rails['env'] = {
    "http_proxy" => "http://USERNAME:[email protected]:8080",
    "https_proxy" => "http://USERNAME:[email protected]:8080"
#    "no_proxy" => ".yourdomain.com"  # Wildcard syntax if you need your internal domain to bypass proxy
}

However, if a gitlab_rails['env'] is defined in the main gitlab.rb, these settings will not be in the final config if the hash from the main gitlab.rb overwrites the hash from the proxy_gitlab.rb. If however the two hashes are combined this solution would work.

Answer 1

The hashes are not merged: the latest loaded hash takes precedence.

I've tried the following:

gitlab.rb:

gitlab_rails['ldap_servers'] = {
  'main' => {
    'label' => 'LDAP',
    'host' =>  'ldap.mydomain.com',
    'port' => 636,
    'uid' => 'sAMAccountName',
    'encryption' => 'simple_tls',
    'base' => 'dc=example,dc=com',
  }
}

from_file '/etc/gitlab/gitlab-secret.rb'

gitlab-secret.rb:

gitlab_rails['ldap_servers'] = {
  'main' => {
    'password' => 'secret',
  }
}

When checking the config with gitlab-ctl show-config, the following result was shown:

gitlab_rails['ldap_servers'] = {
  'main' => {
    'password' => 'secret',
  }
}

Note: what I've attempted to do is to separate the config and the secret. This can be done for the LDAP as described in the documentation.