From 669deb97559e95a0e96b750fdf63b325ce72a6cc Mon Sep 17 00:00:00 2001
From: Kevin Goad <104081882+kevingoad-arcfield@users.noreply.github.com>
Date: Mon, 3 Feb 2025 15:25:15 -0500
Subject: [PATCH] Add support for Microsoft national clouds via Graph API base
 URL (#590)

* adding support for Microsoft National Clouds

* Update usage.md
---
 docs/source/usage.md     | 2 ++
 parsedmarc/cli.py        | 5 +++++
 parsedmarc/mail/graph.py | 6 +++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/docs/source/usage.md b/docs/source/usage.md
index 81f0fa5..cd20cb8 100644
--- a/docs/source/usage.md
+++ b/docs/source/usage.md
@@ -208,6 +208,8 @@ The full set of configuration options are:
   - `mailbox` - str: The mailbox name. This defaults to the
       current user if using the UsernamePassword auth method, but
       could be a shared mailbox if the user has access to the mailbox
+  - `graph_url` - str: Microsoft Graph URL.  Allows for use of National Clouds (ex Azure Gov)
+      (Default: https://graph.microsoft.com)
   - `token_file` - str: Path to save the token file
       (Default: `.token`)
   - `allow_unencrypted_storage` - bool: Allows the Azure Identity
diff --git a/parsedmarc/cli.py b/parsedmarc/cli.py
index 200c8b5..a98883d 100644
--- a/parsedmarc/cli.py
+++ b/parsedmarc/cli.py
@@ -528,6 +528,7 @@ def _main():
         graph_tenant_id=None,
         graph_mailbox=None,
         graph_allow_unencrypted_storage=False,
+        graph_url="graph.microsoft.com",
         hec=None,
         hec_token=None,
         hec_index=None,
@@ -879,6 +880,9 @@ def _main():
                 )
                 exit(-1)
 
+            if "graph_url" in graph_config:
+                opts.graph_url = graph_config["graph_url"]
+
             if "allow_unencrypted_storage" in graph_config:
                 opts.graph_allow_unencrypted_storage = graph_config.getboolean(
                     "allow_unencrypted_storage"
@@ -1496,6 +1500,7 @@ def _main():
                 password=opts.graph_password,
                 token_file=opts.graph_token_file,
                 allow_unencrypted_storage=opts.graph_allow_unencrypted_storage,
+                graph_url=opts.graph_url,
             )
 
         except Exception:
diff --git a/parsedmarc/mail/graph.py b/parsedmarc/mail/graph.py
index 918706a..740aeb8 100644
--- a/parsedmarc/mail/graph.py
+++ b/parsedmarc/mail/graph.py
@@ -89,6 +89,7 @@ class MSGraphConnection(MailboxConnection):
         self,
         auth_method: str,
         mailbox: str,
+        graph_url: str,
         client_id: str,
         client_secret: str,
         username: str,
@@ -108,7 +109,10 @@ class MSGraphConnection(MailboxConnection):
             token_path=token_path,
             allow_unencrypted_storage=allow_unencrypted_storage,
         )
-        client_params = {"credential": credential}
+        client_params = {
+            "credential": credential,
+            "cloud": graph_url,
+        }
         if not isinstance(credential, ClientSecretCredential):
             scopes = ["Mail.ReadWrite"]
             # Detect if mailbox is shared