User more doc snips in ambient test (#13005)

content/en/docs/ops/ambient/getting-started/index.md

@@ -166,7 +166,7 @@ reconfigure them.
 Make sure the default namespace does not include the label `istio-injection=enabled` because when using ambient you do not want Istio to inject sidecars into the application pods.
 {{< /warning >}}
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ kubectl apply -f @samples/bookinfo/platform/kube/bookinfo.yaml@
 {{< /text >}}
 
@@ -256,17 +256,17 @@ to the ambient mesh. The best part is that there was no need to restart or redep
 
 Send some test traffic:
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o "<title>.*</title>"
 <title>Simple Bookstore App</title>
 {{< /text >}}
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
 <title>Simple Bookstore App</title>
 {{< /text >}}
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
 <title>Simple Bookstore App</title>
 {{< /text >}}
@@ -311,19 +311,19 @@ EOF
 
 Confirm the above authorization policy is working:
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ # this should succeed
 $ kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o "<title>.*</title>"
 <title>Simple Bookstore App</title>
 {{< /text >}}
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ # this should succeed
 $ kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
 <title>Simple Bookstore App</title>
 {{< /text >}}
 
-{{< text syntax=bash snip_id=none >}}
+{{< text bash >}}
 $ # this should fail with a connection reset error code 56
 $ kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
 command terminated with exit code 56

content/en/docs/ops/ambient/getting-started/snips.sh

@@ -76,6 +76,10 @@ istio-cni-node   1         1         1       1            1           kubernetes
 ztunnel          1         1         1       1            1           <none>                   82s
 ENDSNIP
 
+snip_deploy_the_sample_application_1() {
+kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
+}
+
 snip_deploy_the_sample_application_2() {
 kubectl apply -f samples/sleep/sleep.yaml
 kubectl apply -f samples/sleep/notsleep.yaml
@@ -133,6 +137,30 @@ snip_adding_your_application_to_ambient_1() {
 kubectl label namespace default istio.io/dataplane-mode=ambient
 }
 
+snip_adding_your_application_to_ambient_2() {
+kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_adding_your_application_to_ambient_2_out <<\ENDSNIP
+<title>Simple Bookstore App</title>
+ENDSNIP
+
+snip_adding_your_application_to_ambient_3() {
+kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_adding_your_application_to_ambient_3_out <<\ENDSNIP
+<title>Simple Bookstore App</title>
+ENDSNIP
+
+snip_adding_your_application_to_ambient_4() {
+kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_adding_your_application_to_ambient_4_out <<\ENDSNIP
+<title>Simple Bookstore App</title>
+ENDSNIP
+
 snip_l4_authorization_policy_1() {
 kubectl apply -f - <<EOF
 apiVersion: security.istio.io/v1beta1
@@ -154,6 +182,33 @@ spec:
 EOF
 }
 
+snip_l4_authorization_policy_2() {
+# this should succeed
+kubectl exec deploy/sleep -- curl -s "http://$GATEWAY_HOST/productpage" | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_l4_authorization_policy_2_out <<\ENDSNIP
+<title>Simple Bookstore App</title>
+ENDSNIP
+
+snip_l4_authorization_policy_3() {
+# this should succeed
+kubectl exec deploy/sleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_l4_authorization_policy_3_out <<\ENDSNIP
+<title>Simple Bookstore App</title>
+ENDSNIP
+
+snip_l4_authorization_policy_4() {
+# this should fail with a connection reset error code 56
+kubectl exec deploy/notsleep -- curl -s http://productpage:9080/ | grep -o "<title>.*</title>"
+}
+
+! read -r -d '' snip_l4_authorization_policy_4_out <<\ENDSNIP
+command terminated with exit code 56
+ENDSNIP
+
 snip_l7_authorization_policy_1() {
 istioctl x waypoint apply --service-account bookinfo-productpage
 }

content/en/docs/ops/ambient/getting-started/test.sh

@@ -23,8 +23,6 @@ set -e
 set -u
 set -o pipefail
 
-source "tests/util/samples.sh"
-
 # Kubernetes Gateway API CRDs are required by waypoint proxy.
 snip_download_and_install_2
 
@@ -40,8 +38,7 @@ _wait_for_daemonset istio-system ztunnel
 _wait_for_daemonset istio-system istio-cni-node
 
 if [ "$GATEWAY_API" == "true" ]; then
-  # TODO: uncomment the following line after https://github.com/istio/istio/pull/44187 is available
-  #_verify_like snip_download_and_install_9 "$snip_download_and_install_9_out"
+  _verify_like snip_download_and_install_9 "$snip_download_and_install_9_out"
   _verify_like snip_download_and_install_10 "$snip_download_and_install_10_out"
 else
   _verify_like snip_download_and_install_7 "$snip_download_and_install_7_out"
@@ -49,16 +46,18 @@ else
 fi
 
 # deploy test application
-startup_bookinfo_sample
+snip_deploy_the_sample_application_1
 snip_deploy_the_sample_application_2
 
 if [ "$GATEWAY_API" == "true" ]; then
   snip_deploy_the_sample_application_5
   snip_deploy_the_sample_application_6
 else
+  snip_deploy_the_sample_application_3
   snip_deploy_the_sample_application_4
 fi
 
+# test traffic before ambient mode is enabled
 _verify_contains snip_verify_traffic_sleep_to_ingress "$snip_verify_traffic_sleep_to_ingress_out"
 _verify_contains snip_verify_traffic_sleep_to_productpage "$snip_verify_traffic_sleep_to_productpage_out"
 _verify_contains snip_verify_traffic_notsleep_to_productpage "$snip_verify_traffic_notsleep_to_productpage_out"
@@ -66,20 +65,17 @@ _verify_contains snip_verify_traffic_notsleep_to_productpage "$snip_verify_traff
 snip_adding_your_application_to_ambient_1
 
 # test traffic after ambient mode is enabled
-_verify_contains snip_verify_traffic_sleep_to_ingress "$snip_verify_traffic_sleep_to_ingress_out"
-_verify_contains snip_verify_traffic_sleep_to_productpage "$snip_verify_traffic_sleep_to_productpage_out"
-_verify_contains snip_verify_traffic_notsleep_to_productpage "$snip_verify_traffic_notsleep_to_productpage_out"
+_verify_contains snip_adding_your_application_to_ambient_2 "$snip_adding_your_application_to_ambient_2_out"
+_verify_contains snip_adding_your_application_to_ambient_3 "$snip_adding_your_application_to_ambient_3_out"
+_verify_contains snip_adding_your_application_to_ambient_4 "$snip_adding_your_application_to_ambient_4_out"
 
 snip_l4_authorization_policy_1
-_verify_contains snip_verify_traffic_sleep_to_ingress "$snip_verify_traffic_sleep_to_ingress_out"
-_verify_contains snip_verify_traffic_sleep_to_productpage "$snip_verify_traffic_sleep_to_productpage_out"
-# _verify_contains snip_verify_traffic_notsleep_to_productpage "command terminated with exit code 56"
-# TODO: ^^^ Fix doc. How did this ever work, i.e., checking for error message from curl -s? Also piped through grep for <title>??
-_verify_failure  snip_verify_traffic_notsleep_to_productpage
+_verify_contains snip_l4_authorization_policy_2 "$snip_l4_authorization_policy_2_out"
+_verify_contains snip_l4_authorization_policy_3 "$snip_l4_authorization_policy_3_out"
+_verify_failure snip_l4_authorization_policy_4
 
 _verify_contains snip_l7_authorization_policy_1 "$snip_l7_authorization_policy_1_out"
 _verify_contains snip_l7_authorization_policy_2 "Resource programmed, assigned to service"
-
 snip_l7_authorization_policy_3
 _verify_contains snip_l7_authorization_policy_4 "$snip_l7_authorization_policy_4_out"
 _verify_contains snip_l7_authorization_policy_5 "$snip_l7_authorization_policy_5_out"