Configure and use Git proxy

Stay organized with collections Save and categorize content based on your preferences.

This page describes how to configure the Git proxy feature in Developer Connect.

The Git proxy feature enhances how Developer Connect handles authentication and network access to source code management systems (SCMs). When you enable a Git proxy for a connection to an SCM such as GitHub or GitLab, Developer Connect uses the proxy server to proxy Git requests such as git clone. This way, you only need to grant IAM permissions to a user or service account instead of managing an SCM access token in Secret Manager.

For example, enabling a Git proxy on a connection lets you do the following:

• Use Gemini Code Assist code customization with SCMs in privately-hosted networks, including on-premise networks.
• Clone source code from an external SCM by using Google Cloud authentication and Identity and Access Management permissions.

Before you begin

Ensure that you have at least one connection in Developer Connect to an SCM such as GitHub, GitLab, or Bitbucket.

To get the permissions that you need to configure the Git proxy for a connection, ask your administrator to grant you the Developer Connect Admin (developerconnect.admin) IAM role on the user that enables or disables the Git proxy. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

To get the permissions that you need to issue requests to the Git proxy for a connection, ask your administrator to grant you the following IAM roles on the user account or service account that issues Git requests:

• Make Git read requests such as git clone: Git Proxy Reader (roles/developerconnect.gitProxyReader)
• Make Git write requests such as git push: Git Proxy User (roles/developerconnect.gitProxyUser)

View and update Git proxy settings

To view and update Git proxy settings, do the following:

gcloud developer-connect connections update CONNECTION_NAME \
--location=REGION \
--git-proxy-config-enabled

gcloud developer-connect connections update CONNECTION_NAME \
--location=REGION \
--no-git-proxy-config-enabled

gcloud developer-connect connections describe CONNECTION_NAME \
--location=REGION

Find the Git proxy URI

After you've enabled a Git proxy, you can find the Git proxy URI for your connection by doing the following:

gcloud developer-connect connections git-repository-links describe REPOSITORY_NAME \
--connection=CONNECTION_NAME \
--location=REGION

Issue requests to the Git proxy

After you have your Git proxy URI, you can issue requests to the Git proxy by doing the following:

1. Configure the Git CLI to use the Google Cloud CLI credential helper:

   git config --global credential.'https://*.developerconnect.dev'.helper gcloud.sh

2. Issue a request, such as git clone, to the Git proxy:

   git clone https://REGION.developerconnect.dev/PROJECT_NAME/CONNECTION_NAME/REPOSITORY NAME
   

   If you don't want to use a credential helper, then you can embed the cloud access token into the request instead:

   git clone https://unused:$(gcloud auth print-access-token)@REGION-git.developerconnect.dev/PROJECT_NAME/CONNECTION_NAME/REPOSITORY NAME
   

   Replace the following:

   • REPOSITORY_NAME with the name of your repository.
   • CONNECTION_NAME with the name of your connection.
   • REGION with the region of your connection.