Fix testRefreshToken()

Use an explicit fake and expired token as input to the Iceberg's `AuthSession` to force it to obtain a real token from Polaris at session creation time. This is a follow-up to apache#629. Before that PR, the test depended heavily on Iceberg's `AuthSession` code. It still depends on that, but to a lesser extent. Now, the input token is already expired, so the test only needs to validate that a new token was obtained.
dimas-b · Jan 9, 2025 · f0c12fc · f0c12fc
1 parent 0e8731c
commit f0c12fc
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/...rc/test/java/org/apache/polaris/service/dropwizard/PolarisApplicationIntegrationTest.java b/...rc/test/java/org/apache/polaris/service/dropwizard/PolarisApplicationIntegrationTest.java
@@ -23,6 +23,8 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
 import io.dropwizard.testing.ConfigOverride;
 import io.dropwizard.testing.ResourceHelpers;
 import io.dropwizard.testing.junit5.DropwizardAppExtension;
@@ -35,6 +37,7 @@
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 import java.util.function.Supplier;
@@ -742,21 +745,22 @@ public void testRefreshToken() throws IOException {
             .build()) {
       String credentialString =
           snowmanCredentials.clientId() + ":" + snowmanCredentials.clientSecret();
+      String expiredToken =
+          JWT.create().withExpiresAt(Instant.EPOCH).sign(Algorithm.HMAC256("irrelevant-secret"));
       var authConfig =
           AuthConfig.builder()
               .credential(credentialString)
               .scope("PRINCIPAL_ROLE:ALL")
               .oauth2ServerUri(path)
+              .token(expiredToken)
               .build();
 
       var parentSession = new OAuth2Util.AuthSession(Map.of(), authConfig);
       var session =
-          OAuth2Util.AuthSession.fromAccessToken(client, null, userToken, 0L, parentSession);
+          OAuth2Util.AuthSession.fromAccessToken(client, null, expiredToken, 0L, parentSession);
 
-      assertThat(session.token()).isEqualTo(userToken);
-
-      session.refresh(client);
-      assertThat(session.token()).isNotEqualTo(userToken);
+      assertThat(session.token()).isNotEqualTo(expiredToken); // implicit refresh
+      assertThat(JWT.decode(session.token()).getExpiresAtAsInstant()).isAfter(Instant.EPOCH);
     }
   }
 }