OPA: Fail fast when OPA bearer token file is unreadable (#3062)

Author: flyrain

extensions/auth/opa/impl/src/main/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProvider.java

@@ -100,13 +100,13 @@ public FileBearerTokenProvider(
     this.clock = clock;
     this.asyncExec = asyncExec;
 
+    checkState(Files.isReadable(tokenFilePath), "OPA token file does not exist or is not readable");
+
     this.nextRefresh = Instant.MIN;
     this.lastRefresh = Instant.MIN;
     // start refreshing the token (immediately)
     scheduleRefreshAttempt(Duration.ZERO);
 
-    checkState(Files.isReadable(tokenFilePath), "OPA token file does not exist or is not readable");
-
     logger.debug(
         "Created file token provider for path: {} with refresh interval: {}, JWT expiration refresh: {}, JWT buffer: {}, next refresh: {}",
         tokenFilePath,

extensions/auth/opa/impl/src/test/java/org/apache/polaris/extension/auth/opa/token/FileBearerTokenProviderTest.java

@@ -199,6 +199,9 @@ public void testNonExistentFileThrows() {
                     .close())
         .isInstanceOf(IllegalStateException.class)
         .hasMessageContaining("OPA token file does not exist or is not readable");
+
+    // No refresh tasks should be scheduled when construction fails fast.
+    assertThat(asyncExec.tasks()).isEmpty();
   }
 
   @Test