Connect to Bitbucket Data Center

This page describes how to create connections to Bitbucket Data Center and create links to Bitbucket Data Center repositories. You can complete these tasks using the Google Cloud console, or the Google Cloud CLI.

These instructions are for application developers, platform administrators, and security managers who want to use Bitbucket Data Center source code repositories with Google. Specifically, you can use Bitbucket Data Center repositories with Gemini Code Assist.

To learn more about Developer Connect, see Developer Connect overview.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Developer Connect API.

    Enable the API

    5.

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Developer Connect API.

    Enable the API

    8.

    Enabling Developer Connect also enables the Secret Manager API.

  8. Ensure that you have access to an account on Bitbucket Data Center.

    To help keep your team's work secure, we recommend that you complete the tasks in this guide using a bot account or an account shared by your team, not a personal account.

  9. Ensure that you own a Bitbucket Data Center repository, or have admin-level permissions on a shared repository.
  10. Optional: Create a customer-managed encryption key (CMEK) for encrypting the authentication secrets that Developer Connect creates.
  11. Optional: To use the command-line instructions in this guide, complete the following steps:
    1. Install the Google Cloud CLI. If you've installed gcloud CLI previously, make sure you have the latest available version by running gcloud components update.
    2. Create a Developer Connect service account by running the following command, where PROJECT_ID is your Google Cloud project ID: 
              gcloud beta services identity create \
            --service=developerconnect.googleapis.com \
            --project=PROJECT_ID

Required roles

To get the permissions that you need to create connections and links, ask your administrator to grant you the following IAM roles:

  • If you aren't the project owner: Developer Connect Admin (roles/developerconnect.admin) on your user account
  • If you plan to use a CMEK to encrypt the secrets that Developer Connect creates: Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter) on the Secret Manager Service Account
  • If you plan to allow Developer Connect to act as a proxy for running Git calls: Developer Connect Git Proxy Reader (developerconnect.gitProxyReader) and Developer Connect Git Proxy User (developerconnect.gitProxyUser) on the account you use to make Git calls.
  • If you plan to use the gcloud CLI steps in this guide: Secret Manager Admin role (roles/secretmanager.admin) on the Developer Connect Service Account

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create access tokens

Create personal access tokens in Bitbucket Data Center by completing the following steps:

  1. Sign in to Bitbucket Data Center.

  2. Follow the instructions in the Bitbucket Data Center documentation to create two HTTP access tokens and grant the following scopes.

    Developer Connect supports user, project, and repository access tokens. However, the Git proxy feature, required for Gemini Code Assist code customization, is incompatible with user tokens. Use project or repository tokens instead.

    • Create one token with the repository admin scope. In Developer Connect, this token is called the admin access token.
    • Create one token with the repository read scope. In Developer Connect, this token is called the read access token.

    You are responsible for managing Bitbucket Data Center token lifetimes in Bitbucket Data Center. To help protect your source code, you can set an expiry date during token creation. If you don't set an expiry date, then the token remains valid until you revoke it in Bitbucket Data Center.

  3. Copy the access tokens for use in the following procedures.

Create a connection

This section describes how to create a connection between Developer Connect and Bitbucket Data Center. If you're using the Google Cloud console, then you can also start adding links to repositories as you finish setting up your connection.

To create a new Bitbucket Data Center connection, select one of the following options:

Console

Initiate a connection by completing the following steps:

  1. In the Google Cloud console, open Developer Connect.

    Go to Developer Connect

    Developer Connect displays the Git repositories page.

    • If you see a list of source code management providers: Start configuring your first connection by selecting a source code management provider. Click Connect on the Bitbucket Data Center card.

    • If you see a table listing existing connections: Set the source code management provider by clicking Create connection > Bitbucket Data Center.

      The Create Connection page opens.

  2. In the Configure details pane, specify the following:

    1. For Region, choose a region for your connection resources.

    2. For Name, enter a name for your new connection.

    3. For Host URL, enter the URL for the Bitbucket Data Center host you want to connect to.

  3. Optional: To let Developer Connect act as a proxy for Git calls to Bitbucket Data Center, select Enable git proxy (Preview).

  4. In the Access Tokens section, enter your Bitbucket Data Center access tokens:

    • Admin access token: Enter the token with the repository admin scope access.

    • Read access token: Enter the token with the repository read scope access.

  5. Optional: In the Encryption section, select a CMEK key to encrypt Secret Manager secrets that Developer Connect creates.

  6. Click the Continue button. Developer Connect creates your connection. This process can take a few seconds.

Once the connection is created, the Link repositories page appears.

Complete the following steps to link repositories to your connection:

  1. In the list of available repositories, select the repositories you want to use.

  2. Click OK.

    Developer Connect displays suggested names for your repository resources.

  3. Select a repository resource naming option:

    • Generated: Use the generated repository resource names.
    • Manual: Input names of your own.

  4. Click Link.

Your connection is added to the Connections page and your repository links are added to the Repositories page in the Google Cloud console. You can add more links to existing connections at any time.

If you're setting up Gemini Code Assist, continue the process by following the steps in Configure and use Gemini Code Assist code customization.

gcloud

  1. Create a webhook secret in Secret Manager by running the following command, where WEBHOOK_SECRET_NAME is a name for your webhook secret:

    cat /proc/sys/kernel/random/uuid | tr -d '\n' | gcloud secrets create WEBHOOK_SECRET_NAME

  2. Store your access tokens in Secret Manager by running the following commands:

    gcloud secrets create ADMIN_SECRET_NAME

echo -n ADMIN_SECRET_DATA | gcloud secrets versions add ADMIN_SECRET_NAME --data-file=-

gcloud secrets create READ_SECRET_NAME

echo -n READ_SECRET_DATA | gcloud secrets versions add READ_SECRET_NAME --data-file=-

    Replace the following:

    • ADMIN_SECRET_NAME: a name for the secret that stores your admin access token.
    • ADMIN_SECRET_DATA: your admin access token.
    • READ_SECRET_NAME: a name for the secret that stores your read access token.
    • READ_SECRET_DATA: your read access token.

  3. Run the gcloud developer-connect connections create command to create a connection to Bitbucket Data Center:

    gcloud developer-connect connections create CONNECTION_NAME \
    --location=REGION \
    --bitbucket-data-center-config-host-uri=HOST_URI \
    --bitbucket-data-center-config-authorizer-credential-user-token-secret-version=projects/PROJECT_ID/secrets/ADMIN_SECRET_NAME/versions/VERSION \
    --bitbucket-data-center-config-read-authorizer-credential-user-token-secret-version=projects/PROJECT_ID/secrets/READ_SECRET_NAME/versions/VERSION \
    --bitbucket-data-center-config-webhook-secret-version=projects/PROJECT_ID/secrets/WEBHOOK_SECRET_NAME/versions/VERSION
    --git-proxy-config-enabled

    Replace the following:

    • CONNECTION_NAME: a name for your connection.
    • REGION: the region to use for your connection.
    • HOST_URI: the URI of your Bitbucket Data Center host including the https:// prefix.
    • PROJECT_ID: your Google Cloud project ID.
    • ADMIN_SECRET_NAME: the name of the Secret Manager secret that contains your admin access token.
    • READ_SECRET_NAME: the name of the Secret Manager secret that contains your read access token.
    • WEBHOOK_SECRET_NAME: the name of the Secret Manager secret that contains your webhook secret.
    • VERSION: the version number of each secret. This can be latest to use the most recent version number.
    • --git-proxy-config-enabled: an optional flag that enables Developer Connect to act as a proxy for Git calls to Bitbucket Data Center. This capability is in Preview.

    Developer Connect completes the connection to Bitbucket Data Center. Next, link to repositories.

Once you have established a connection to Bitbucket Data Center, you can link to repositories. You can repeat these steps later to link additional repositories as needed.

To create repository links on an existing Bitbucket Data Center connection, select one of the following options:

Console

Create links to repositories by completing the following steps:

  1. Open the Repositories page in the Google Cloud console.

    Open the Repositories page

  2. Click Link repository.

    The Link Git repositories pane opens.

  3. In the connections list, choose a connection.

  4. Click Continue.

  5. In the repositories list, select the repositories you want to link to.

    Developer Connect displays suggested names for your repository resources.

  6. Select a repository resource naming option:

    • Generated: Use the generated repository resource names.
    • Manual: Input names of your own.

  7. Click Create.

    Developer Connect creates the repository links and displays them in the Google Cloud console.

gcloud

Create a link to your Bitbucket Data Center repository by running the following command:

gcloud developer-connect connections git-repository-links create REPO_NAME \
    --clone-uri=REPO_URI \
    --connection=CONNECTION_NAME \
    --location=REGION

Replace the following:

  • REPO_NAME: a name for the new link between Developer Connect and your Bitbucket Data Center repository.
  • REPO_URI: the URL of your repository in Bitbucket Data Center, including the https:// prefix and the .git suffix.
  • CONNECTION_NAME: the name of your connection to Bitbucket Data Center.
  • REGION: the region of your connection.

Developer Connect creates the repository links.

To list linked repositories, run the developer-connect connections git-repository-linkslist command.

If you're setting up Gemini Code Assist, continue the process by following the steps in Configure and use Gemini Code Assist code customization.

What's next