fix(o365-plugin): Remove invalid field check and add multi-cloud support

- Implement cloud-aware connection checking per authority
- Use correct endpoints and scopes for each cloud environment

Author: JocLRojas

plugins/modules-config/validations/o365.go

@@ -13,12 +13,51 @@ import (
 )
 
 const (
-	loginUrl      = "https://login.microsoftonline.com/"
 	grantType     = "client_credentials"
-	scope         = "https://manage.office.com/.default"
 	endPointLogin = "/oauth2/v2.0/token"
 )
 
+type CloudEnvironment string
+
+const (
+	CloudCommercial CloudEnvironment = "Commercial"
+	CloudGCC        CloudEnvironment = "GCC"
+	CloudGCCHigh    CloudEnvironment = "GCCHigh"
+	CloudDoD        CloudEnvironment = "DoD"
+)
+
+type CloudConfig struct {
+	LoginAuthority string
+	Scope          string
+}
+
+func getCloudConfig(env CloudEnvironment) CloudConfig {
+	configs := map[CloudEnvironment]CloudConfig{
+		CloudCommercial: {
+			LoginAuthority: "https://login.microsoftonline.com/",
+			Scope:          "https://manage.office.com/.default",
+		},
+		CloudGCC: {
+			LoginAuthority: "https://login.microsoftonline.com/",
+			Scope:          "https://manage-gcc.office.com/.default",
+		},
+		CloudGCCHigh: {
+			LoginAuthority: "https://login.microsoftonline.us/",
+			Scope:          "https://manage.office365.us/.default",
+		},
+		CloudDoD: {
+			LoginAuthority: "https://login.microsoftonline.us/",
+			Scope:          "https://manage.protection.apps.mil/.default",
+		},
+	}
+
+	cloudConfig, exists := configs[env]
+	if !exists {
+		return configs[CloudCommercial]
+	}
+	return cloudConfig
+}
+
 type MicrosoftLoginResponse struct {
 	TokenType   string `json:"token_type,omitempty"`
 	Expires     int    `json:"expires_in,omitempty"`
@@ -30,6 +69,7 @@ type MicrosoftLoginResponse struct {
 
 func ValidateO365Config(config *config.ModuleGroup) error {
 	var clientId, clientSecret, tenantId string
+	var cloudEnvironment CloudEnvironment = CloudCommercial
 
 	if config == nil {
 		return fmt.Errorf("O365 configuration is nil")
@@ -43,6 +83,10 @@ func ValidateO365Config(config *config.ModuleGroup) error {
 			clientSecret = cnf.ConfValue
 		case "office365_tenant_id":
 			tenantId = cnf.ConfValue
+		case "office365_cloud_environment":
+			if cnf.ConfValue != "" {
+				cloudEnvironment = CloudEnvironment(cnf.ConfValue)
+			}
 		}
 	}
 
@@ -56,14 +100,16 @@ func ValidateO365Config(config *config.ModuleGroup) error {
 		return fmt.Errorf("Tenant ID is required in O365 configuration")
 	}
 
+	cloudConfig := getCloudConfig(cloudEnvironment)
+
 	// Validate credentials by attempting to get an access token
-	requestUrl := fmt.Sprintf("%s%s%s", loginUrl, tenantId, endPointLogin)
+	requestUrl := fmt.Sprintf("%s%s%s", cloudConfig.LoginAuthority, tenantId, endPointLogin)
 
 	data := url.Values{}
 	data.Set("grant_type", grantType)
 	data.Set("client_id", clientId)
 	data.Set("client_secret", clientSecret)
-	data.Set("scope", scope)
+	data.Set("scope", cloudConfig.Scope)
 
 	client := &http.Client{
 		Timeout: 10 * time.Second,

plugins/o365/main.go

@@ -90,30 +90,17 @@ func main() {
 	for range ticker.C {
 		endTime := time.Now().UTC()
 
-		defaultConfig := GetCloudConfig(CloudCommercial)
-		if err := ConnectionChecker(defaultConfig.LoginAuthority); err != nil {
-			_ = catcher.Error("External connection failure detected: %v", err, nil)
-		}
-
 		moduleConfig := config.GetConfig()
 		if moduleConfig != nil && moduleConfig.ModuleActive {
+			checkConfiguredEnvironments(moduleConfig.ModuleGroups)
+
 			var wg sync.WaitGroup
 			wg.Add(len(moduleConfig.ModuleGroups))
 
 			for _, grp := range moduleConfig.ModuleGroups {
 				go func(group *config.ModuleGroup) {
 					defer wg.Done()
-					var invalid bool
-					for _, c := range group.ModuleGroupConfigurations {
-						if strings.TrimSpace(c.ConfValue) == "" {
-							invalid = true
-							break
-						}
-					}
-
-					if !invalid {
-						pull(startTime, endTime, group)
-					}
+					pull(startTime, endTime, group)
 				}(grp)
 			}
 
@@ -124,6 +111,34 @@ func main() {
 	}
 }
 
+func checkConfiguredEnvironments(groups []*config.ModuleGroup) {
+	uniqueAuthorities := make(map[string]CloudEnvironment)
+
+	for _, group := range groups {
+		env := getGroupEnvironment(group)
+		cloudConfig := GetCloudConfig(env)
+		uniqueAuthorities[cloudConfig.LoginAuthority] = env
+	}
+
+	for authority, env := range uniqueAuthorities {
+		if err := ConnectionChecker(authority); err != nil {
+			_ = catcher.Error("External connection failure detected", err, map[string]any{
+				"environment": env,
+				"authority":   authority,
+			})
+		}
+	}
+}
+
+func getGroupEnvironment(group *config.ModuleGroup) CloudEnvironment {
+	for _, cnf := range group.ModuleGroupConfigurations {
+		if cnf.ConfKey == "office365_cloud_environment" && cnf.ConfValue != "" {
+			return CloudEnvironment(cnf.ConfValue)
+		}
+	}
+	return CloudCommercial
+}
+
 func pull(startTime time.Time, endTime time.Time, group *config.ModuleGroup) {
 	agent := GetOfficeProcessor(group)