This document describes how to use the advanced configuration options for Developer Connect account connectors in Gemini Code Assist tools.
An account connector is a Developer Connect feature that helps you connect your Google Cloud account with your individual account on an non-Google Developer Tools provider. Users can specify the type of data to be accessed by the account connector by selecting the appropriate scope for that connector. Once an account connector connection is created for an organization, users within that organization can use that connection to authorize their individual accounts to be used with that connection.
For example, a platform administrator can create an account connector connection for their organization to use Gemini Code Assist tools with Sentry and specify what type of data should be accessed by defining the appropriate scope. Then, application developers in that organization can use this connection while using Gemini Code Assist to authorize their individual Google Accounts to use their individual Sentry user account.
To learn more about Gemini Code Assist tools, read the Gemini Code Assist tools overview.
Before you begin
-
Sign in to your Google Account.
If you don't already have one, sign up for a new account.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Developer Connect API.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Developer Connect API.
- Optional: Create a customer-managed encryption key (CMEK) for encrypting the authentication secrets that Developer Connect creates.
Enabling Developer Connect also enables the Secret Manager API.
Required roles
To get the permissions that you need to create connections and links, ask your administrator to grant you the following IAM roles:
-
If you aren't the project owner:
Developer Connect Admin (
roles/developerconnect.admin) on your user account -
If you plan to use a CMEK to encrypt the secrets that Developer Connect creates:
Cloud KMS CryptoKey Encrypter/Decrypter (
roles/cloudkms.cryptoKeyEncrypterDecrypter) on the Secret Manager Service Account -
If you plan to use the gcloud CLI steps in this guide:
Secret Manager Admin role (
roles/secretmanager.admin) on the Developer Connect Service Account -
If you plan to allow Developer Connect to act as a proxy for running Git calls:
Developer Connect Git Proxy Reader (
developerconnect.gitProxyReader) and Developer Connect Git Proxy User (developerconnect.gitProxyUser) on the account you use to make Git calls.
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Required roles
To get the permissions that you need to use Gemini Code Assist tools, ask your administrator to grant you the following IAM roles on the Google Cloud project:
-
Developer Connect OAuth Admin (
roles/developerconnect.oauthAdmin) -
Gemini for Google Cloud Settings User (
roles/cloudaicompanion.settingsUser)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Individual tools might require additional Google Cloud or non-Google roles and permissions to use, or for specific use cases. If you encounter permissions errors, check with your administrator to make sure you have the correct roles and permissions.
Create an account connector
To create a new account connector, do the following:
In the Google Cloud console, open Developer Connect.
Select Account connectors.
Click Create connector.
Select the Region in which to create this account connector.
Give the account connector a Name.
Select the provider.
Select the scopes to be granted to Developer Connect for this account connector.
Scopes determine what actions Developer Connect can perform in the selected provider's service. Scopes differ according to each provider. You must select at least one scope unless the provider has no scopes.
Depending on the provider, it's possible that no scopes are available to select. You might be able to add them manually. It's also possible that scopes are required.
Click Create to finish creating this account connector.
Connect your account
After you've created an account connector, you still need to connect Developer Connect to your account with the provider before you can use the account connector.
In the Google Cloud console, open Developer Connect.
Select Account connectors.
The Account connectors page lists all the account connectors you have in your project.
Click the name of the account connector for which you want to connect your provider account.
The Connector details page is displayed.
Click Connect your account.
An Oauth authentication dialog is shown.
Provide the information in the dialog to authenticate to your provider.
Click Authorize.
Update an account connector
You can update an existing account connector, but you can only update the scopes for that connector. If you update scopes for a given account connector, all existing users of that connector are emptied.
In the Google Cloud console, open Developer Connect.
Developer Connect displays the Git repositories page.
Select Account connectors.
The Account connectors page lists all the account connectors you have in your project.
Click the name of the account connector you want to update.
The Connector details page is displayed.
Click Edit.
From the Scopes list, select the scopes you want to allow for this account connector.
Click Save.
Delete an account connector
In the Google Cloud console, open Developer Connect.
Developer Connect displays the Git repositories page.
Select Account connectors.
The Account connectors page lists all the account connectors you have in your project.
From the More menu, select Delete.
The Connector details page is displayed.
Click Edit.