Data residency support

Author: divya-intelli

apigee_edge.services.yml

@@ -24,7 +24,7 @@ services:
 
   apigee_edge.key_entity_form_enhancer:
     class: Drupal\apigee_edge\KeyEntityFormEnhancer
-    arguments: ['@apigee_edge.sdk_connector', '@apigee_edge.authentication.oauth_token_storage', '@entity_type.manager', '@config.factory', '@email.validator']
+    arguments: ['@apigee_edge.sdk_connector', '@apigee_edge.authentication.oauth_token_storage', '@entity_type.manager', '@config.factory', '@email.validator', '@apigee_edge.data_residency_endpoint']
     calls:
       - [setMessenger, ['@messenger']]
       - [setStringTranslation, ['@string_translation']]
@@ -217,3 +217,7 @@ services:
   apigee_edge.post_user_delete_action_performer:
     class: Drupal\apigee_edge\User\RemoveRelatedDeveloperAccountSynchronousPostUserDeleteActionPerformer
     arguments: ['@entity_type.manager', '@logger.channel.apigee_edge']
+
+  apigee_edge.data_residency_endpoint:
+    class: Drupal\apigee_edge\Service\DataResidencyEndpoint
+    arguments: ['@apigee_edge.sdk_connector', '@state', '@messenger', '@string_translation']

src/KeyEntityFormEnhancer.php

@@ -41,6 +41,7 @@
 use Drupal\apigee_edge\Plugin\EdgeKeyTypeInterface;
 use Drupal\apigee_edge\Plugin\KeyProviderRequirementsInterface;
 use Drupal\apigee_edge\Plugin\KeyType\ApigeeAuthKeyType;
+use Drupal\apigee_edge\Service\DataResidencyEndpointInterface;
 use Drupal\key\Form\KeyFormBase;
 use Drupal\key\KeyInterface;
 use Drupal\key\Plugin\KeyProviderSettableValueInterface;
@@ -99,6 +100,13 @@ final class KeyEntityFormEnhancer {
    */
   private $emailValidator;
 
+  /**
+   * The data residency endpoint service.
+   *
+   * @var \Drupal\apigee_edge\Service\DataResidencyEndpointInterface
+   */
+  private $dataResidencyEndpoint;
+
   /**
    * KeyEntityFormEnhancer constructor.
    *
@@ -112,13 +120,16 @@ final class KeyEntityFormEnhancer {
    *   The config factory.
    * @param \Drupal\Component\Utility\EmailValidatorInterface $email_validator
    *   The email validator.
+   * @param \Drupal\apigee_edge\Service\DataResidencyEndpointInterface $data_residency_endpoint
+   *   The data residency endpoint service.
    */
-  public function __construct(SDKConnectorInterface $connector, OauthTokenStorageInterface $oauth_token_storage, EntityTypeManagerInterface $entity_type_manager, ConfigFactoryInterface $config_factory, EmailValidatorInterface $email_validator) {
+  public function __construct(SDKConnectorInterface $connector, OauthTokenStorageInterface $oauth_token_storage, EntityTypeManagerInterface $entity_type_manager, ConfigFactoryInterface $config_factory, EmailValidatorInterface $email_validator, DataResidencyEndpointInterface $data_residency_endpoint) {
     $this->connector = $connector;
     $this->entityTypeManager = $entity_type_manager;
     $this->oauthTokenStorage = $oauth_token_storage;
     $this->configFactory = $config_factory;
     $this->emailValidator = $email_validator;
+    $this->dataResidencyEndpoint = $data_residency_endpoint;
   }
 
   /**
@@ -342,6 +353,14 @@ public function validateForm(array &$form, FormStateInterface $form_state): void
         // Clear existing OAuth token data.
         $this->cleanUpOauthTokenData();
       }
+
+      // Data Residency check.
+      \Drupal::state()->delete(DataResidencyEndpointInterface::DRZ_ENDPOINT);
+      $key_value_array = json_decode($key_value, TRUE);
+      if ($key_value_array['instance_type'] == EdgeKeyTypeInterface::INSTANCE_TYPE_HYBRID) {
+        $this->dataResidencyEndpoint->getEndpoint($test_key);
+      }
+
       // Test the connection.
       $this->connector->testConnection($test_key);
       $this->messenger()->addStatus($this->t('Connection successful.'));

src/Plugin/EdgeKeyTypeBase.php

@@ -26,6 +26,7 @@
 use Drupal\apigee_edge\Exception\AuthenticationKeyValueMalformedException;
 use Drupal\key\KeyInterface;
 use Drupal\key\Plugin\KeyTypeBase;
+use Drupal\apigee_edge\Service\DataResidencyEndpointInterface;
 
 /**
  * Defines a base class for Apigee Edge Key Type plugins.
@@ -70,6 +71,9 @@ public function getAuthenticationType(KeyInterface $key): string {
    */
   public function getEndpoint(KeyInterface $key): string {
     if ($this->getInstanceType($key) === EdgeKeyTypeInterface::INSTANCE_TYPE_HYBRID) {
+      if ($endpoint = \Drupal::state()->get(DataResidencyEndpointInterface::DRZ_ENDPOINT)) {
+        return $endpoint;
+      }
       return ClientInterface::APIGEE_ON_GCP_ENDPOINT;
     }
     elseif ($this->getInstanceType($key) === EdgeKeyTypeInterface::INSTANCE_TYPE_PUBLIC) {

src/Service/DataResidencyEndpoint.php

@@ -0,0 +1,116 @@
+<?php
+
+/**
+ * Copyright 2025 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301, USA.
+ */
+
+namespace Drupal\apigee_edge\Service;
+
+use Apigee\Edge\Api\Management\Controller\OrganizationController;
+use Apigee\Edge\ClientInterface;
+use Drupal\apigee_edge\SDKConnectorInterface;
+use Drupal\Core\State\StateInterface;
+use Drupal\key\KeyInterface;
+use Drupal\Core\Messenger\MessengerInterface;
+use Drupal\Core\StringTranslation\StringTranslationTrait;
+use Drupal\Core\StringTranslation\TranslationInterface;
+
+/**
+ * Discovers the data residency endpoint for a given key.
+ */
+class DataResidencyEndpoint implements DataResidencyEndpointInterface {
+  use StringTranslationTrait;
+
+  /**
+   * The SDK connector service.
+   *
+   * @var \Drupal\apigee_edge\SDKConnectorInterface
+   */
+  protected $sdkConnector;
+
+  /**
+   * The state service.
+   *
+   * @var \Drupal\Core\State\StateInterface
+   */
+  protected $state;
+
+  /**
+   * The messenger service.
+   *
+   * @var \Drupal\Core\Messenger\MessengerInterface
+   */
+  protected $messenger;
+
+  /**
+   * The string translation service.
+   *
+   * @var \Drupal\Core\StringTranslation\TranslationInterface
+   */
+  protected $stringTranslation;
+
+  /**
+   * Constructs a new DataResidencyEndpoint object.
+   *
+   * @param \Drupal\apigee_edge\SDKConnectorInterface $sdk_connector
+   *   The SDK connector service.
+   * @param \Drupal\Core\State\StateInterface $state
+   *   The state service.
+   * @param \Drupal\Core\Messenger\MessengerInterface $messenger
+   *   The messenger service.
+   * @param \Drupal\Core\StringTranslation\TranslationInterface $string_translation
+   *   String translation.
+   */
+  public function __construct(SDKConnectorInterface $sdk_connector, StateInterface $state, MessengerInterface $messenger, TranslationInterface $string_translation) {
+    $this->sdkConnector = $sdk_connector;
+    $this->state = $state;
+    $this->messenger = $messenger;
+    $this->stringTranslation = $string_translation;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getEndpoint(KeyInterface $key): void {
+    /** @var \Drupal\apigee_edge\Plugin\KeyType\ApigeeAuthKeyType $key_type */
+    $key_type = $key->getKeyType();
+
+    try {
+      $base_endpoint = ClientInterface::APIGEE_ON_GCP_ENDPOINT;
+
+      $client = $this->sdkConnector->buildClient($key_type->getAuthenticationMethod($key), $base_endpoint);
+      $orgController = new OrganizationController($client);
+      $dataResidencyData = $orgController->getProjectMapping($key_type->getOrganization($key));
+
+      if (isset($dataResidencyData['location']) && $dataResidencyData['location']) {
+        $dataResidencyEndpoint = str_replace("https://", "https://{$dataResidencyData['location']}-", $base_endpoint);
+
+        $this->state->set(self::DRZ_ENDPOINT, $dataResidencyEndpoint);
+        $this->messenger->addStatus($this->stringTranslation->translate('Data residency is enabled for this organization. Service endpoint being used is @serviceEndpoint', ['@serviceEndpoint' => $dataResidencyEndpoint]));
+      }
+      else {
+        $this->state->delete(self::DRZ_ENDPOINT);
+      }
+    }
+    catch (\Exception $e) {
+      // We can ignore this exception, as it means that the data residency
+      // endpoint could not be determined.
+      $this->state->delete(self::DRZ_ENDPOINT);
+    }
+  }
+
+}

src/Service/DataResidencyEndpointInterface.php

@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * Copyright 2025 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301, USA.
+ */
+
+namespace Drupal\apigee_edge\Service;
+
+use Drupal\key\KeyInterface;
+
+/**
+ * Defines an interface for discovering the data residency endpoint.
+ */
+interface DataResidencyEndpointInterface {
+
+  /**
+   * The key used to store the endpoint in the state.
+   */
+  public const DRZ_ENDPOINT = 'drzendpoint';
+
+  /**
+   * Discovers and stores the data residency endpoint for a given key.
+   *
+   * @param \Drupal\key\KeyInterface $key
+   *   The key to discover the endpoint for.
+   */
+  public function getEndpoint(KeyInterface $key): void;
+
+}