0

We have been developing a large python(3) codebase, and are now recruiting some newer people in the team. Some parts of the code are sensitive, and we want to give the new people selective access to the code.

The layout right now is:

mymodule:
    secureSubmodule1
    secureSubmodule2
    unsecureSubmodule1
    unsecureSubmodule2

etc.

The usual usage of people today is to checkout mymodule from a git repo (which contains all of the code), and then run something like

python3 -m mymodule.secureSubmodule1.script -- options

or 

python3 -m mymodule.unsecureSubmodule1.script -- options

etc.

All current users are privileged to see all of mymodule.

Now, we want some new users to only be able to check out only the unsecure submodules, so that they see something like

mymodule:
    unsecureSubmodule1
    unsecureSubmodule2

and can only run 

python3 -m mymodule.unsecureSubmodule1.script -- options

etc.

Is there a way to do this using git and python?

wpercy
  • 9,636
  • 4
  • 33
  • 45
TimBeaver
  • 213
  • 1
  • 9
  • Separate git repositories is the obvious, simple, and easily verified way to accomplish this. You can get as tricky as you like but only at the cost of certainty that you got it right. – msw Feb 03 '16 at 17:28
  • @msw: are there some conventions that can help streamline the workflow? right now the privileged users can simply run one git clone command and get going. in the simplest case in your recommendation - will users now run multiple git clone commands followed by symlinking? what about git pulls? – TimBeaver Feb 03 '16 at 19:42
  • You've got an unwarranted assumption in your comment: that this can be as easy as a managing a single repository, it won't be. By analogy, you've got two offices adjacent to each other; you've given the elites keys to both offices and the scrubs just for the unsecure office. You'd like the two offices to be connected and allow for free and easy flow between them, but you can't because the whole premise is you wanted to lock the scrubs out of the secured room. It's going to be less simple than it was before. So it goes. – msw Feb 03 '16 at 19:56

1 Answers1

-1

To keep the sensitive modules away from new team members, you need to add a .gitignore file to your git repository. It's a simple textfile that's just a list of the files you don't want to share. In your case it would be:

mymodule/secureSubmodule1.py mymodule/secureSubmodule2.py

Here:[How to ignore certain files in git?, there's plenty more information about gitignore.

Hope that helps:)

Community
  • 1
  • 1
Mark Spurgeon
  • 1
  • 3
  • 1
    Thanks but, unless I misunderstood your intent, this is will not work: I want both secure and unsecure submodules to have the benefits of version control. .gitignoring the secure submodules will remove them from the repo. – TimBeaver Feb 03 '16 at 19:39
  • .gitignore keeps irrelevant files from being tracked by git, has nothing to do with user access privileges – Muposat Feb 03 '16 at 20:40