Terratest azure assert fail due to token expiration

[tjololo]

Describe the bug
While testing some terraform code in a github action using federated identity against azure I experience token expiration due to oidc token lifetime is shorter than the time needed to apply the terraform code.

I haven't fully investigated the root cause, but I'm suspecting the AuthorizerCode isn't able to use the refresh token to get a new valid token.
Workflow run that fails to assert that resourceGroupExists can be seen here

Error from link:

    resourcegroup.go:16: 
        	Error Trace:	/home/runner/go/pkg/mod/github.com/gruntwork-io/[email protected]/modules/azure/resourcegroup.go:16
        	            				/home/runner/work/terraform-azurerm-altinn-modules/terraform-azurerm-altinn-modules/tests/azure_devops_agent_container_app_jobs/azure_devops_agent_container_app_jobs_test.go:38
        	            				/home/runner/work/terraform-azurerm-altinn-modules/terraform-azurerm-altinn-modules/tests/azure_devops_agent_container_app_jobs/azure_devops_agent_container_app_jobs_test.go:28
        	Error:      	Received unexpected error:
        	            	Invoking Azure CLI failed with the following error: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2025-01-09T08:46:43.2487065Z, assertion valid from 2025-01-09T08:35:35.0000000Z, expiry time of assertion 2025-01-09T08:40:35.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 724a7622-b697-4495-b81d-bf00b9a80a00 Correlation ID: 0ec7b605-149b-4795-b13d-a231c1de9157 Timestamp: 2025-01-09 08:46:43Z
        	            	Interactive authentication is needed. Please run:
        	            	az login

When removing the assert for resourceGroup and just asserting for containerApps resources that where implemented here using the new azure-sdk-for-go version the error doesn't seem to be present.

• Failing build before removal of resourcesGroup asserts
• OK build after removal of resourceGroup asserts
• Code changes between the two builds
• PR where the issue was discovered

TL;DR; as removing the resourceGroup assert "fixed" the tests I think the issue is with the way authentication is handled in the "old" assertion code.

To Reproduce
Steps to reproduce the behavior, code snippets and examples which can be used to reproduce the issue.

1. Use azure federated identity (oidc) from github acitons.
2. Add a terraform config that takes longer than the expiration of the token (for my setup 5 minutes)
3. Assert that a resource group exists. This will fail with a token expired error.

Paste a link to my PR with terraform and go code instead of adding more text here
Altinn/terraform-azurerm-altinn-modules#6

Expected behavior
Terratest should use the token refresh token to fetch a new and valid token

Nice to have

• Terminal output
• Screenshots

Versions

• Terratest version: github.com/gruntwork-io/terratest v0.48.2-0.20250106231722-7f6d2ae06a75 (using commit due to unreleased features)
• Environment details: Github actions hosted agent; ubuntu-latest (ubuntu-24.04) runner version 2.321.0

Additional context
Add any other context about the problem here.