diff --git a/extensions/auth/opa/impl/src/main/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProvider.java b/extensions/auth/opa/impl/src/main/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProvider.java index 2d72f54f72..60492ac263 100644 --- a/extensions/auth/opa/impl/src/main/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProvider.java +++ b/extensions/auth/opa/impl/src/main/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProvider.java @@ -100,13 +100,13 @@ public FileBearerTokenProvider( this.clock = clock; this.asyncExec = asyncExec; + checkState(Files.isReadable(tokenFilePath), "OPA token file does not exist or is not readable"); + this.nextRefresh = Instant.MIN; this.lastRefresh = Instant.MIN; // start refreshing the token (immediately) scheduleRefreshAttempt(Duration.ZERO); - checkState(Files.isReadable(tokenFilePath), "OPA token file does not exist or is not readable"); - logger.debug( "Created file token provider for path: {} with refresh interval: {}, JWT expiration refresh: {}, JWT buffer: {}, next refresh: {}", tokenFilePath, diff --git a/extensions/auth/opa/impl/src/test/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProviderTest.java b/extensions/auth/opa/impl/src/test/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProviderTest.java index 1651dc5e3f..6dc53817a7 100644 --- a/extensions/auth/opa/impl/src/test/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProviderTest.java +++ b/extensions/auth/opa/impl/src/test/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProviderTest.java @@ -199,6 +199,9 @@ public void testNonExistentFileThrows() { .close()) .isInstanceOf(IllegalStateException.class) .hasMessageContaining("OPA token file does not exist or is not readable"); + + // No refresh tasks should be scheduled when construction fails fast. + assertThat(asyncExec.tasks()).isEmpty(); } @Test