From 7d0ae9ec6472348a951fa71fb48a47ef3244ee94 Mon Sep 17 00:00:00 2001
From: Sebastian Nickel <nick@nine.ch>
Date: Mon, 7 Apr 2025 18:38:06 +0200
Subject: [PATCH] improve OIDC TTL expire test

Waiting a bit more than the TTL of the OIDC token seems to remove some flakiness of this test. This furthermore makes use of a go func safe buffer which should avoid race conditions.
---
 integration/auth_oidc_test.go         |  9 +++++----
 integration/dockertestutil/execute.go | 27 +++++++++++++++++++++++++--
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/integration/auth_oidc_test.go b/integration/auth_oidc_test.go
index c86138a8..a036fdd0 100644
--- a/integration/auth_oidc_test.go
+++ b/integration/auth_oidc_test.go
@@ -170,10 +170,11 @@ func TestOIDCExpireNodesBasedOnTokenExpiry(t *testing.T) {
 	t.Logf("%d successful pings out of %d (before expiry)", success, len(allClients)*len(allIps))
 
 	// This is not great, but this sadly is a time dependent test, so the
-	// safe thing to do is wait out the whole TTL time before checking if
-	// the clients have logged out. The Wait function can't do it itself
-	// as it has an upper bound of 1 min.
-	time.Sleep(shortAccessTTL)
+	// safe thing to do is wait out the whole TTL time (and a bit more out
+	// of safety reasons) before checking if the clients have logged out.
+	// The Wait function can't do it itself as it has an upper bound of 1
+	// min.
+	time.Sleep(shortAccessTTL + 10*time.Second)
 
 	assertTailscaleNodesLogout(t, allClients)
 }
diff --git a/integration/dockertestutil/execute.go b/integration/dockertestutil/execute.go
index 078b3bc2..e77b7cb8 100644
--- a/integration/dockertestutil/execute.go
+++ b/integration/dockertestutil/execute.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"sync"
 	"time"
 
 	"github.com/ory/dockertest/v3"
@@ -29,14 +30,36 @@ func ExecuteCommandTimeout(timeout time.Duration) ExecuteCommandOption {
 	})
 }
 
+// buffer is a goroutine safe bytes.buffer
+type buffer struct {
+	store bytes.Buffer
+	mutex sync.Mutex
+}
+
+// Write appends the contents of p to the buffer, growing the buffer as needed. It returns
+// the number of bytes written.
+func (b *buffer) Write(p []byte) (n int, err error) {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+	return b.store.Write(p)
+}
+
+// String returns the contents of the unread portion of the buffer
+// as a string.
+func (b *buffer) String() string {
+	b.mutex.Lock()
+	defer b.mutex.Unlock()
+	return b.store.String()
+}
+
 func ExecuteCommand(
 	resource *dockertest.Resource,
 	cmd []string,
 	env []string,
 	options ...ExecuteCommandOption,
 ) (string, string, error) {
-	var stdout bytes.Buffer
-	var stderr bytes.Buffer
+	var stdout = buffer{}
+	var stderr = buffer{}
 
 	execConfig := ExecuteCommandConfig{
 		timeout: dockerExecuteTimeout,