Add support for Microsoft national clouds via Graph API base URL (#590)

* adding support for Microsoft National Clouds * Update usage.md
domainaware · Feb 3, 2025 · 669deb9 · 669deb9
1 parent 446c018
commit 669deb9
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/docs/source/usage.md b/docs/source/usage.md
@@ -208,6 +208,8 @@ The full set of configuration options are:
   - `mailbox` - str: The mailbox name. This defaults to the
       current user if using the UsernamePassword auth method, but
       could be a shared mailbox if the user has access to the mailbox
+  - `graph_url` - str: Microsoft Graph URL.  Allows for use of National Clouds (ex Azure Gov)
+      (Default: https://graph.microsoft.com)
   - `token_file` - str: Path to save the token file
       (Default: `.token`)
   - `allow_unencrypted_storage` - bool: Allows the Azure Identity

diff --git a/parsedmarc/cli.py b/parsedmarc/cli.py
@@ -528,6 +528,7 @@ def process_reports(reports_):
         graph_tenant_id=None,
         graph_mailbox=None,
         graph_allow_unencrypted_storage=False,
+        graph_url="graph.microsoft.com",
         hec=None,
         hec_token=None,
         hec_index=None,
@@ -879,6 +880,9 @@ def process_reports(reports_):
                 )
                 exit(-1)
 
+            if "graph_url" in graph_config:
+                opts.graph_url = graph_config["graph_url"]
+
             if "allow_unencrypted_storage" in graph_config:
                 opts.graph_allow_unencrypted_storage = graph_config.getboolean(
                     "allow_unencrypted_storage"
@@ -1496,6 +1500,7 @@ def process_reports(reports_):
                 password=opts.graph_password,
                 token_file=opts.graph_token_file,
                 allow_unencrypted_storage=opts.graph_allow_unencrypted_storage,
+                graph_url=opts.graph_url,
             )
 
         except Exception:

diff --git a/parsedmarc/mail/graph.py b/parsedmarc/mail/graph.py
@@ -89,6 +89,7 @@ def __init__(
         self,
         auth_method: str,
         mailbox: str,
+        graph_url: str,
         client_id: str,
         client_secret: str,
         username: str,
@@ -108,7 +109,10 @@ def __init__(
             token_path=token_path,
             allow_unencrypted_storage=allow_unencrypted_storage,
         )
-        client_params = {"credential": credential}
+        client_params = {
+            "credential": credential,
+            "cloud": graph_url,
+        }
         if not isinstance(credential, ClientSecretCredential):
             scopes = ["Mail.ReadWrite"]
             # Detect if mailbox is shared