test(server): cover microsoft s2s token guardrails

afourniernv · afourniernv · commit ef1684890ab6 · 2026-05-18T11:32:16.000-04:00
Signed-off-by: Alex Fournier &lt;afournier@nvidia.com&gt;
diff --git a/crates/openshell-sandbox/src/provider_tokens.rs b/crates/openshell-sandbox/src/provider_tokens.rs
@@ -547,4 +547,30 @@ mod tests {
         assert_eq!(err.status, 400);
         assert_eq!(err.message, "invalid JSON request body");
     }
+
+    #[test]
+    fn parse_token_request_rejects_unknown_path() {
+        let err = parse_token_request(
+            "GET /v1/microsoft-agent-s2s/debug HTTP/1.1\r\n\r\n",
+            Some("api://default"),
+            "/v1/microsoft-agent-s2s/token/test",
+        )
+        .expect_err("unknown path should fail");
+
+        assert_eq!(err.status, 404);
+        assert_eq!(err.message, "token endpoint not found");
+    }
+
+    #[test]
+    fn parse_token_request_rejects_unsupported_method() {
+        let err = parse_token_request(
+            "DELETE /v1/microsoft-agent-s2s/token/test HTTP/1.1\r\n\r\n",
+            Some("api://default"),
+            "/v1/microsoft-agent-s2s/token/test",
+        )
+        .expect_err("unsupported method should fail");
+
+        assert_eq!(err.status, 405);
+        assert_eq!(err.message, "method not allowed");
+    }
 }
diff --git a/crates/openshell-server/src/grpc/policy.rs b/crates/openshell-server/src/grpc/policy.rs
@@ -3598,6 +3598,40 @@ mod tests {
         assert!(err.message().contains("microsoft-agent-s2s"));
     }
 
+    #[tokio::test]
+    async fn mint_sandbox_provider_token_rejects_unallowed_audience() {
+        let state = test_server_state().await;
+        state
+            .store
+            .put_message(&test_microsoft_provider("work-microsoft"))
+            .await
+            .unwrap();
+        state
+            .store
+            .put_message(&test_sandbox(
+                "sb-microsoft",
+                "microsoft",
+                test_policy_with_rule("sandbox_only", "sandbox.example.com"),
+                vec!["work-microsoft".to_string()],
+            ))
+            .await
+            .unwrap();
+
+        let err = handle_mint_sandbox_provider_token(
+            &state,
+            Request::new(MintSandboxProviderTokenRequest {
+                sandbox_id: "sb-microsoft".to_string(),
+                provider_name: "work-microsoft".to_string(),
+                audience: "api://not-allowed".to_string(),
+            }),
+        )
+        .await
+        .unwrap_err();
+
+        assert_eq!(err.code(), Code::FailedPrecondition);
+        assert!(err.message().contains("not allowed"));
+    }
+
     #[tokio::test]
     async fn provider_env_revision_changes_when_attached_provider_record_changes() {
         use openshell_core::proto::GetSandboxProviderEnvironmentRequest;
