JWT routing task fixes (#13570)

* JWT routing task fixes

* revert gtwapi

* fix test

* lint

* more lint

content/en/docs/tasks/security/authentication/jwt-route/index.md

@@ -139,7 +139,7 @@ identity and more secure compared using the unauthenticated HTTP attributes (e.g
 1. Validate the ingress gateway routes the request with a valid JWT token that includes the claim `groups: group1`:
 
     {{< text syntax="bash" expandlinks="false" >}}
-    $ TOKEN_GROUP=$(curl {{< github_file >}}/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode -
+    $ TOKEN_GROUP=$(curl {{< github_file >}}/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode
     {"exp":3537391104,"groups":["group1","group2"],"iat":1537391104,"iss":"testing@secure.istio.io","scope":["scope1","scope2"],"sub":"testing@secure.istio.io"}
     {{< /text >}}
 
@@ -151,8 +151,8 @@ identity and more secure compared using the unauthenticated HTTP attributes (e.g
 
 1. Validate the ingress gateway returns the HTTP code 404 with a valid JWT but does not include the claim `groups: group1`:
 
-    {{< text syntax="bash" expandlinks="false" >}}
-    $ TOKEN_NO_GROUP=$(curl {{< github_file >}}/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode -
+    {{< text syntax="bash" >}}
+    $ TOKEN_NO_GROUP=$(curl {{< github_file >}}/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode
     {"exp":4685989700,"foo":"bar","iat":1532389700,"iss":"testing@secure.istio.io","sub":"testing@secure.istio.io"}
     {{< /text >}}
 

content/en/docs/tasks/security/authentication/jwt-route/snips.sh

@@ -97,7 +97,7 @@ HTTP/1.1 401 Unauthorized
 ENDSNIP
 
 snip_validating_ingress_routing_based_on_jwt_claims_3() {
-TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode -
+TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode
 }
 
 ! read -r -d '' snip_validating_ingress_routing_based_on_jwt_claims_3_out <<\ENDSNIP
@@ -114,7 +114,7 @@ HTTP/1.1 200 OK
 ENDSNIP
 
 snip_validating_ingress_routing_based_on_jwt_claims_5() {
-TOKEN_NO_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode -
+TOKEN_NO_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode
 }
 
 ! read -r -d '' snip_validating_ingress_routing_based_on_jwt_claims_5_out <<\ENDSNIP

content/en/docs/tasks/security/authentication/jwt-route/test.sh

@@ -43,11 +43,13 @@ _verify_elided snip_validating_ingress_routing_based_on_jwt_claims_2 "$snip_vali
 # Pull the Istio branch from the docs configuration file.
 ISTIO_BRANCH=$(yq '.source_branch_name' "${REPO_ROOT}"/data/args.yml)
 
+_verify_same snip_validating_ingress_routing_based_on_jwt_claims_3 "$snip_validating_ingress_routing_based_on_jwt_claims_3_out"
 TOKEN_GROUP_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/security/tools/jwt/samples/groups-scope.jwt"
 export TOKEN_GROUP
 TOKEN_GROUP=$(curl "${TOKEN_GROUP_URL}" -s)
 _verify_elided snip_validating_ingress_routing_based_on_jwt_claims_4 "$snip_validating_ingress_routing_based_on_jwt_claims_4_out"
 
+_verify_same snip_validating_ingress_routing_based_on_jwt_claims_5 "$snip_validating_ingress_routing_based_on_jwt_claims_5_out"
 TOKEN_NO_GROUP_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/security/tools/jwt/samples/demo.jwt"
 export TOKEN_NO_GROUP
 TOKEN_NO_GROUP=$(curl "${TOKEN_NO_GROUP_URL}" -s)