Rename _run_and_verify_xxx functions to _verify_xxx (#7452)

* Remove _verify_ calls

* Rename _run_and_verify functions to _verify

* Update tests/configuration/scripts/liveness_and_readiness_probes.sh

* error exit

* cleaner errexit

tests/README.md

@@ -113,51 +113,49 @@ snip_config_50_v3 # Step 3: switch 50% traffic to v3
 ```
 
 For commands that produce output, pass the snip and expected output to an appropriate
-`_run_and_verify_` function. For example:
+`_verify_` function. For example:
 
 ```sh
-_run_and_verify_same snip_set_up_the_cluster_3 "$snip_set_up_the_cluster_3_out"
+_verify_same snip_set_up_the_cluster_3 "$snip_set_up_the_cluster_3_out"
 ```
 
-For situations where you need to perform more than one verify check, you can
-run the snip and capture the command output in a variable, and then compare
-it to the expected output:
+The verify functions first run the snip function and then compare the result to the
+expected output. The framework includes the following built-in verify functions:
 
-```sh
-out=$(snip_tripping_the_circuit_breaker_1 2>&1)
-_verify_contains "$out" "Code 200 :" "snip_tripping_the_circuit_breaker_1"
-_verify_contains "$out" "Code 503 :" "snip_tripping_the_circuit_breaker_1"
-```
+1. **`_verify_same`** `func` `expected`
 
-The framework includes the following built-in verify functions:
+   Runs `func` and compares the output with `expected`. If they are not the same,
+   exponentially back off and try again, 5 times by default. The number of retries
+   can be changed by setting the `VERIFY_RETRIES` environment variable.
 
-1. **`_verify_same`** `out` `expected` `msg`
+1. **`_verify_contains`** `func` `expected`
 
-   Verify that `out` is exactly the same as `expected`. Failure messages will include
-   the specified `msg`.
+   Runs `func` and compares the output with `expected`. If the output does not
+   contain the substring `expected`, exponentially back off and try again, 5 times
+   by default. The number of retries can be changed by setting the `VERIFY_RETRIES`
+   environment variable.
 
-1. **`_verify_contains`** `out` `expected` `msg`
+1. **`_verify_not_contains`** `func` `expected`
 
-   Verify that `out` contains the substring `expected`. Failure messages will include
-   the specified `msg`.
+   Runs `func` and compares the output with `expected`. If the command execution fails
+   or the output contains the substring `expected`,
+   exponentially back off and try again, 5 times by default. The number of retries
+   can be changed by setting the `VERIFY_RETRIES` environment variable.
 
-1. **`_verify_not_contains`** `out` `expected` `msg`
+1. **`_verify_elided`** `func` `expected`
 
-   Verify that `out` does not contains the substring `expected`. Failure messages will include
-   the specified `msg`.
+   Runs `func` and compares the output with `expected`. If the output does not
+   contain the lines in `expected` where "..." on a line matches one or more lines
+   containing any text, exponentially back off and try again, 5 times by default.
+   The number of retries can be changed by setting the `VERIFY_RETRIES` environment
+   variable.
 
-1. **`_verify_first_line`** `out` `expected` `msg`
+1. **`_verify_like`** `func` `expected`
 
-   Verify that the first line of `out` matches the first line in `expected`.
-
-1. **`_verify_elided`** `out` `expected` `msg`
-
-   Verify that `out` contains the lines in `expected` where `...` on a line matches one or
-   more lines with any text.
-
-1. **`_verify_like`** `out` `expected` `msg`
-
-   Verify that `out` is "like" `expected`. Like implies:
+   Runs `func` and compares the output with `expected`. If the output is not
+   "like" `expected`, exponentially back off and try again, 5 times by default. The number
+   of retries can be changed by setting the `VERIFY_RETRIES` environment variable.
+   Like implies:
 
    - Same number of lines
    - Same number of whitespace-seperated tokens per line
@@ -171,16 +169,23 @@ The framework includes the following built-in verify functions:
    This function is useful for comparing the output of commands that include some run-specific
    values in the output (e.g., `kubectl get pods`), or when whitespace in the output may be different.
 
-Every `verify_` function has a corresponding `_run_and_verify_` function that
-first runs a function and then compares the result to the expected output.
-The specified function will be retried 5 times, with exponential backoff, before failing:
+1. `_verify_lines`** `func` `expected`
 
-1. **`_run_and_verify_same`** `func` `expected`
-1. **`_run_and_verify_contains`** `func` `expected`
-1. **`_run_and_verify_not_contains`** `func` `expected`
-1. **`_run_and_verify_first_line`** `func` `expected`
-1. **`_run_and_verify_elided`** `func` `expected`
-1. **`_run_and_verify_like`** `func` `expected`
+   Runs `func` and compares the output with `expected`. If the output does not
+   "conform to" the specification in `expected`,
+   exponentially back off and try again, 5 times by default. The number of retries
+   can be changed by setting the `VERIFY_RETRIES` environment variable.
+   Conformance implies:
+
+   1. For each line in `expected` with the prefix "+ " there must be at least one
+      line in the output containing the following string.
+   1. For each line in `expected` with the prefix "- " there must be no line in
+      the output containing the following string.
+
+1. `_verify_failure`** `func`
+
+   Runs `func` and confirms that it fails (i.e., non-zero return code). This function is useful
+   for testing commands that demonstrate configurations that are expected to fail.
 
 ## Running the Tests: Make
 

tests/configuration/scripts/liveness_and_readiness_probes.sh

@@ -31,7 +31,7 @@ snip_liveness_and_readiness_probes_with_command_option_4
 
 kubectl -n istio-io-health rollout status deployment liveness --timeout 60s
 
-_run_and_verify_like snip_liveness_and_readiness_probes_with_command_option_5 "$snip_liveness_and_readiness_probes_with_command_option_5_out"
+_verify_like snip_liveness_and_readiness_probes_with_command_option_5 "$snip_liveness_and_readiness_probes_with_command_option_5_out"
 
 kubectl -n istio-io-health delete -f samples/health-check/liveness-command.yaml
 
@@ -41,7 +41,7 @@ snip_redeploy_the_liveness_health_check_app_1
 
 kubectl -n istio-same-port rollout status deployment liveness-http --timeout 60s
 
-_run_and_verify_like snip_redeploy_the_liveness_health_check_app_2 "$snip_redeploy_the_liveness_health_check_app_2_out"
+_verify_like snip_redeploy_the_liveness_health_check_app_2 "$snip_redeploy_the_liveness_health_check_app_2_out"
 
 kubectl -n istio-same-port delete -f samples/health-check/liveness-http-same-port.yaml
 
@@ -53,10 +53,14 @@ echo "$snip_use_annotations_on_pod_1" | kubectl -n health-annotate apply -f -
 
 kubectl -n health-annotate rollout status deployment liveness-http --timeout 30s
 
-out=$(kubectl -n health-annotate get pod 2>&1)
+# helper function
+get_health_annotate_pods() {
+    kubectl -n health-annotate get pod
+}
+
 expected="NAME                             READY     STATUS    RESTARTS   AGE
 liveness-http-975595bb6-5b2z7c   1/1       Running   0           1m"
-_verify_like "$out" "$expected" "verify_health-annotate_pod"
+_verify_like get_health_annotate_pods "$expected"
 
 kubectl -n health-annotate delete deploy/liveness-http
 
@@ -64,6 +68,6 @@ snip_separate_port_1
 
 kubectl -n istio-sep-port rollout status deployment liveness-http --timeout 60s
 
-_run_and_verify_like snip_separate_port_2 "$snip_separate_port_2_out"
+_verify_like snip_separate_port_2 "$snip_separate_port_2_out"
 
 kubectl -n istio-sep-port delete -f samples/health-check/liveness-http.yaml

tests/examples/scripts/bookinfo.sh

@@ -29,18 +29,18 @@ snip_start_the_application_services_1
 
 snip_start_the_application_services_2
 
-_run_and_verify_like snip_start_the_application_services_4 "$snip_start_the_application_services_4_out"
+_verify_like snip_start_the_application_services_4 "$snip_start_the_application_services_4_out"
 
 kubectl wait --for=condition=available deployment --all --timeout=300s
 kubectl wait --for=condition=Ready pod --all --timeout=300s
 
-_run_and_verify_like snip_start_the_application_services_5 "$snip_start_the_application_services_5_out"
+_verify_like snip_start_the_application_services_5 "$snip_start_the_application_services_5_out"
 
-_run_and_verify_contains snip_start_the_application_services_6 "$snip_start_the_application_services_6_out"
+_verify_contains snip_start_the_application_services_6 "$snip_start_the_application_services_6_out"
 
 snip_determine_the_ingress_ip_and_port_1
 
-_run_and_verify_like snip_determine_the_ingress_ip_and_port_2 "$snip_determine_the_ingress_ip_and_port_2_out"
+_verify_like snip_determine_the_ingress_ip_and_port_2 "$snip_determine_the_ingress_ip_and_port_2_out"
 
 # give it some time to propagate
 sleep 5
@@ -50,4 +50,4 @@ _set_ingress_environment_variables
 
 snip_determine_the_ingress_ip_and_port_3
 
-_run_and_verify_contains snip_confirm_the_app_is_accessible_from_outside_the_cluster_1 "$snip_confirm_the_app_is_accessible_from_outside_the_cluster_1_out"
+_verify_contains snip_confirm_the_app_is_accessible_from_outside_the_cluster_1 "$snip_confirm_the_app_is_accessible_from_outside_the_cluster_1_out"

tests/security/authn_policy/scripts/authn_policy.sh

@@ -30,40 +30,40 @@ _wait_for_deployment bar sleep
 _wait_for_deployment legacy httpbin
 _wait_for_deployment legacy sleep
 
-_run_and_verify_same  snip_setup_2 "$snip_setup_2_out"
-_run_and_verify_same  snip_setup_3 "$snip_setup_3_out"
-_run_and_verify_same  snip_setup_4 "$snip_setup_4_out"
-_run_and_verify_same  snip_setup_5 "$snip_setup_5_out"
+_verify_same  snip_setup_2 "$snip_setup_2_out"
+_verify_same  snip_setup_3 "$snip_setup_3_out"
+_verify_same  snip_setup_4 "$snip_setup_4_out"
+_verify_same  snip_setup_5 "$snip_setup_5_out"
 
-_run_and_verify_like  snip_auto_mutual_tls_1 "$snip_auto_mutual_tls_1_out"
-_run_and_verify_same  snip_auto_mutual_tls_2 "$snip_auto_mutual_tls_2_out"
+_verify_like  snip_auto_mutual_tls_1 "$snip_auto_mutual_tls_1_out"
+_verify_same  snip_auto_mutual_tls_2 "$snip_auto_mutual_tls_2_out"
 
 snip_globally_enabling_istio_mutual_tls_in_strict_mode_1
 
-_run_and_verify_same  snip_globally_enabling_istio_mutual_tls_in_strict_mode_2 "$snip_globally_enabling_istio_mutual_tls_in_strict_mode_2_out"
+_verify_same  snip_globally_enabling_istio_mutual_tls_in_strict_mode_2 "$snip_globally_enabling_istio_mutual_tls_in_strict_mode_2_out"
 
 snip_cleanup_part_1_1
 
 snip_namespacewide_policy_1
 
-_run_and_verify_same  snip_namespacewide_policy_2 "$snip_namespacewide_policy_2_out"
+_verify_same  snip_namespacewide_policy_2 "$snip_namespacewide_policy_2_out"
 
 snip_enable_mutual_tls_per_workload_1
 snip_enable_mutual_tls_per_workload_2
 
-_run_and_verify_same  snip_enable_mutual_tls_per_workload_3 "$snip_enable_mutual_tls_per_workload_3_out"
+_verify_same  snip_enable_mutual_tls_per_workload_3 "$snip_enable_mutual_tls_per_workload_3_out"
 
 # Ignore snip_enable_mutual_tls_per_workload_4()--it's just text.
 
 snip_enable_mutual_tls_per_workload_5
 snip_enable_mutual_tls_per_workload_6
 
-_run_and_verify_same  snip_enable_mutual_tls_per_workload_7 "$snip_enable_mutual_tls_per_workload_7_out"
+_verify_same  snip_enable_mutual_tls_per_workload_7 "$snip_enable_mutual_tls_per_workload_7_out"
 
 snip_policy_precedence_1
 snip_policy_precedence_2
 
-_run_and_verify_same  snip_policy_precedence_3 "$snip_policy_precedence_3_out"
+_verify_same  snip_policy_precedence_3 "$snip_policy_precedence_3_out"
 
 snip_cleanup_part_2_1
 
@@ -73,13 +73,13 @@ snip_enduser_authentication_2
 # Export the INGRESS_ environment variables
 _set_ingress_environment_variables
 
-_run_and_verify_same  snip_enduser_authentication_3 "$snip_enduser_authentication_3_out"
+_verify_same  snip_enduser_authentication_3 "$snip_enduser_authentication_3_out"
 
 snip_enduser_authentication_4
 
-_run_and_verify_same  snip_enduser_authentication_5 "$snip_enduser_authentication_5_out"
-_run_and_verify_same  snip_enduser_authentication_6 "$snip_enduser_authentication_6_out"
-_run_and_verify_same  snip_enduser_authentication_7 "$snip_enduser_authentication_7_out"
+_verify_same  snip_enduser_authentication_5 "$snip_enduser_authentication_5_out"
+_verify_same  snip_enduser_authentication_6 "$snip_enduser_authentication_6_out"
+_verify_same  snip_enduser_authentication_7 "$snip_enduser_authentication_7_out"
 
 snip_enduser_authentication_8
 snip_enduser_authentication_9
@@ -88,13 +88,13 @@ snip_enduser_authentication_9
 # that the token times out during the run.
 expected="200
 401"
-_run_and_verify_contains  snip_enduser_authentication_10 "$expected"
+_verify_contains  snip_enduser_authentication_10 "$expected"
 
 snip_require_a_valid_token_1
 
-_run_and_verify_same  snip_require_a_valid_token_2 "$snip_require_a_valid_token_2_out"
+_verify_same  snip_require_a_valid_token_2 "$snip_require_a_valid_token_2_out"
 
 snip_require_valid_tokens_perpath_1
 
-_run_and_verify_same  snip_require_valid_tokens_perpath_2 "$snip_require_valid_tokens_perpath_2_out"
-_run_and_verify_same  snip_require_valid_tokens_perpath_3 "$snip_require_valid_tokens_perpath_3_out"
+_verify_same  snip_require_valid_tokens_perpath_2 "$snip_require_valid_tokens_perpath_2_out"
+_verify_same  snip_require_valid_tokens_perpath_3 "$snip_require_valid_tokens_perpath_3_out"

tests/security/authz_deny/scripts/authz_deny.sh

@@ -26,24 +26,24 @@ snip_before_you_begin_1
 _wait_for_deployment foo httpbin
 _wait_for_deployment foo sleep
 
-_run_and_verify_same snip_before_you_begin_2 "$snip_before_you_begin_2_out"
+_verify_same snip_before_you_begin_2 "$snip_before_you_begin_2_out"
 
 snip_explicitly_deny_a_request_1
 
-_run_and_verify_same snip_explicitly_deny_a_request_2 "$snip_explicitly_deny_a_request_2_out"
+_verify_same snip_explicitly_deny_a_request_2 "$snip_explicitly_deny_a_request_2_out"
 
-_run_and_verify_same snip_explicitly_deny_a_request_3 "$snip_explicitly_deny_a_request_3_out"
+_verify_same snip_explicitly_deny_a_request_3 "$snip_explicitly_deny_a_request_3_out"
 
 snip_explicitly_deny_a_request_4
 
-_run_and_verify_same snip_explicitly_deny_a_request_5 "$snip_explicitly_deny_a_request_5_out"
+_verify_same snip_explicitly_deny_a_request_5 "$snip_explicitly_deny_a_request_5_out"
 
-_run_and_verify_same snip_explicitly_deny_a_request_6 "$snip_explicitly_deny_a_request_6_out"
+_verify_same snip_explicitly_deny_a_request_6 "$snip_explicitly_deny_a_request_6_out"
 
 snip_explicitly_deny_a_request_7
 
-_run_and_verify_same snip_explicitly_deny_a_request_8 "$snip_explicitly_deny_a_request_8_out"
+_verify_same snip_explicitly_deny_a_request_8 "$snip_explicitly_deny_a_request_8_out"
 
-_run_and_verify_same snip_explicitly_deny_a_request_9 "$snip_explicitly_deny_a_request_9_out"
+_verify_same snip_explicitly_deny_a_request_9 "$snip_explicitly_deny_a_request_9_out"
 
-_run_and_verify_same snip_explicitly_deny_a_request_10 "$snip_explicitly_deny_a_request_10_out"
+_verify_same snip_explicitly_deny_a_request_10 "$snip_explicitly_deny_a_request_10_out"

tests/security/authz_ingress/scripts/authz_ingress.sh

@@ -32,20 +32,20 @@ snip_before_you_begin_2
 # Export the INGRESS_ environment variables
 _set_ingress_environment_variables
 
-_run_and_verify_same snip_before_you_begin_3 "$snip_before_you_begin_3_out"
+_verify_same snip_before_you_begin_3 "$snip_before_you_begin_3_out"
 
-_run_and_verify_like snip_before_you_begin_4 "$snip_before_you_begin_4_out"
+_verify_like snip_before_you_begin_4 "$snip_before_you_begin_4_out"
 
 CLIENT_IP=$(curl "$INGRESS_HOST":"$INGRESS_PORT"/ip -s | grep "origin" | cut -d'"' -f 4)
 
 snip_ipbased_allow_list_and_deny_list_1
 
-_run_and_verify_same snip_ipbased_allow_list_and_deny_list_2 "$snip_ipbased_allow_list_and_deny_list_2_out"
+_verify_same snip_ipbased_allow_list_and_deny_list_2 "$snip_ipbased_allow_list_and_deny_list_2_out"
 
 snip_ipbased_allow_list_and_deny_list_3
 
-_run_and_verify_same snip_ipbased_allow_list_and_deny_list_4 "$snip_ipbased_allow_list_and_deny_list_4_out"
+_verify_same snip_ipbased_allow_list_and_deny_list_4 "$snip_ipbased_allow_list_and_deny_list_4_out"
 
 snip_ipbased_allow_list_and_deny_list_5
 
-_run_and_verify_same snip_ipbased_allow_list_and_deny_list_6 "$snip_ipbased_allow_list_and_deny_list_6_out"
+_verify_same snip_ipbased_allow_list_and_deny_list_6 "$snip_ipbased_allow_list_and_deny_list_6_out"

tests/security/authz_jwt/scripts/authz_jwt.sh

@@ -35,33 +35,33 @@ TOKEN_GROUP_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/s
 export TOKEN
 export TOKEN_GROUP
 
-_run_and_verify_same  snip_before_you_begin_2 "$snip_before_you_begin_2_out"
+_verify_same  snip_before_you_begin_2 "$snip_before_you_begin_2_out"
 
 snip_allow_requests_with_valid_jwt_and_listtyped_claims_1
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_2 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_2_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_2 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_2_out"
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_3 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_3_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_3 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_3_out"
 
 snip_allow_requests_with_valid_jwt_and_listtyped_claims_4
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_5 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_5_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_5 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_5_out"
 
 # The previous step stored the JWT in TOKEN, and it's needed in the next step.
 TOKEN=$(curl "${TOKEN_URL}" -s)
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_6 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_6_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_6 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_6_out"
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_7 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_7_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_7 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_7_out"
 
 snip_allow_requests_with_valid_jwt_and_listtyped_claims_8
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_9 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_9_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_9 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_9_out"
 
 # The previous step stored the JWT group in TOKEN_GROUP, and it's needed in
 # the next step.
 TOKEN_GROUP=$(curl "${TOKEN_GROUP_URL}" -s)
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_10 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_10_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_10 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_10_out"
 
-_run_and_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_11 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_11_out"
+_verify_same snip_allow_requests_with_valid_jwt_and_listtyped_claims_11 "$snip_allow_requests_with_valid_jwt_and_listtyped_claims_11_out"

tests/security/authz_tcp/scripts/authz_tcp.sh

@@ -37,28 +37,28 @@ export TCP_ECHO_IP=$(kubectl get pod "$(kubectl get pod -l app=tcp-echo -n foo -
 # stuck around from a previous test.
 #kubectl delete peerauthentication --all-namespaces --all
 
-_run_and_verify_same snip_before_you_begin_2 "$snip_before_you_begin_2_out"
+_verify_same snip_before_you_begin_2 "$snip_before_you_begin_2_out"
 
-_run_and_verify_same snip_before_you_begin_3 "$snip_before_you_begin_3_out"
+_verify_same snip_before_you_begin_3 "$snip_before_you_begin_3_out"
 
-_run_and_verify_same snip_before_you_begin_4 "$snip_before_you_begin_4_out"
+_verify_same snip_before_you_begin_4 "$snip_before_you_begin_4_out"
 
 snip_configure_access_control_for_a_tcp_workload_1
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_2 "$snip_configure_access_control_for_a_tcp_workload_2_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_2 "$snip_configure_access_control_for_a_tcp_workload_2_out"
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_3 "$snip_configure_access_control_for_a_tcp_workload_3_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_3 "$snip_configure_access_control_for_a_tcp_workload_3_out"
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_4 "$snip_configure_access_control_for_a_tcp_workload_4_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_4 "$snip_configure_access_control_for_a_tcp_workload_4_out"
 
 snip_configure_access_control_for_a_tcp_workload_5
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_6 "$snip_configure_access_control_for_a_tcp_workload_6_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_6 "$snip_configure_access_control_for_a_tcp_workload_6_out"
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_7 "$snip_configure_access_control_for_a_tcp_workload_7_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_7 "$snip_configure_access_control_for_a_tcp_workload_7_out"
 
 snip_configure_access_control_for_a_tcp_workload_8
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_9 "$snip_configure_access_control_for_a_tcp_workload_9_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_9 "$snip_configure_access_control_for_a_tcp_workload_9_out"
 
-_run_and_verify_same snip_configure_access_control_for_a_tcp_workload_10 "$snip_configure_access_control_for_a_tcp_workload_10_out"
+_verify_same snip_configure_access_control_for_a_tcp_workload_10 "$snip_configure_access_control_for_a_tcp_workload_10_out"

tests/security/dns_cert/scripts/dns_cert.sh

@@ -23,14 +23,16 @@ set -o pipefail
 
 source "${REPO_ROOT}/content/en/docs/tasks/security/cert-management/dns-cert/snips.sh"
 
-out=$(snip_check_the_provisioning_of_dns_certificates_1 2>&1)
-# Remove trailing spaces
-out=$(echo "$out" | sed 's/[ ]*$//')
-_verify_contains "$out" "$snip_check_the_provisioning_of_dns_certificates_2" "snip_check_the_provisioning_of_dns_certificates_1"
+# helper functions
+check_dns_certs() {
+    snip_check_the_provisioning_of_dns_certificates_1 | sed 's/[ ]*$//' # Remove trailing spaces
+}
+regen_dns_certs() {
+    snip_regenerating_a_dns_certificate_2 | sed 's/[ ]*$//' # Remove trailing spaces
+}
+
+_verify_contains check_dns_certs "$snip_check_the_provisioning_of_dns_certificates_2"
 
 snip_regenerating_a_dns_certificate_1
 
-out=$(snip_regenerating_a_dns_certificate_2 2>&1)
-# Remove trailing spaces
-out=$(echo "$out" | sed 's/[ ]*$//')
-_verify_contains "$out" "$snip_regenerating_a_dns_certificate_3" "snip_regenerating_a_dns_certificate_2"
+_verify_contains regen_dns_certs "$snip_regenerating_a_dns_certificate_3"

tests/security/plugin_ca_cert/scripts/plugin_ca_cert.sh

@@ -42,8 +42,8 @@ set -o pipefail
 # Split the certificate chain to cert files
 snip_verifying_the_certificates_2
 
-_run_and_verify_same snip_verifying_the_certificates_3 "$snip_verifying_the_certificates_3_out"
+_verify_same snip_verifying_the_certificates_3 "$snip_verifying_the_certificates_3_out"
 
-_run_and_verify_same snip_verifying_the_certificates_4 "$snip_verifying_the_certificates_4_out"
+_verify_same snip_verifying_the_certificates_4 "$snip_verifying_the_certificates_4_out"
 
-_run_and_verify_same snip_verifying_the_certificates_5 "$snip_verifying_the_certificates_5_out"
+_verify_same snip_verifying_the_certificates_5 "$snip_verifying_the_certificates_5_out"

tests/security/scripts/mtls_migration.sh

@@ -32,13 +32,13 @@ _wait_for_deployment bar sleep
 _wait_for_deployment legacy sleep
 
 # curl_foo_bar_legacy
-_run_and_verify_same snip_set_up_the_cluster_3 "$snip_set_up_the_cluster_3_out"
+_verify_same snip_set_up_the_cluster_3 "$snip_set_up_the_cluster_3_out"
 
 # verify_initial_peerauthentications
-_run_and_verify_same snip_set_up_the_cluster_4 "$snip_set_up_the_cluster_4_out"
+_verify_same snip_set_up_the_cluster_4 "$snip_set_up_the_cluster_4_out"
 
 # verify_initial_destinationrules
-_run_and_verify_same snip_set_up_the_cluster_5 "$snip_set_up_the_cluster_5_out"
+_verify_same snip_set_up_the_cluster_5 "$snip_set_up_the_cluster_5_out"
 
 # configure_mtls_foo_peerauthentication
 snip_lock_down_to_mutual_tls_by_namespace_1
@@ -48,7 +48,7 @@ set +e
 set +o pipefail
 
 # curl_foo_bar_legacy_post_pa
-_run_and_verify_same snip_lock_down_to_mutual_tls_by_namespace_2 "$snip_lock_down_to_mutual_tls_by_namespace_2_out"
+_verify_same snip_lock_down_to_mutual_tls_by_namespace_2 "$snip_lock_down_to_mutual_tls_by_namespace_2_out"
 
 # Restore error handling
 set -e
@@ -70,7 +70,7 @@ sleep.legacy to httpbin.foo: 000
 command terminated with exit code 56
 sleep.legacy to httpbin.bar: 000
 command terminated with exit code 56"
-_run_and_verify_same snip_lock_down_mutual_tls_for_the_entire_mesh_2 "$expected"
+_verify_same snip_lock_down_mutual_tls_for_the_entire_mesh_2 "$expected"
 
 # Restore error handling
 set -e

tests/trafficmanagement/egress/scripts/tls_origination.sh

@@ -28,9 +28,9 @@ snip_before_you_begin_3
 
 # Confirm we can access plain HTTP
 snip_apply_simple
-_run_and_verify_elided snip_curl_simple "$snip_curl_simple_out"
+_verify_elided snip_curl_simple "$snip_curl_simple_out"
 
 # Apply TLS origination config, check http and https content is correct
 snip_apply_origination
-_run_and_verify_elided snip_curl_origination_http "$snip_curl_origination_http_out"
-_run_and_verify_elided snip_curl_origination_https "$snip_curl_origination_https_out"
+_verify_elided snip_curl_origination_http "$snip_curl_origination_http_out"
+_verify_elided snip_curl_origination_https "$snip_curl_origination_https_out"

tests/trafficmanagement/ingress/scripts/ingress_control.sh

@@ -28,7 +28,7 @@ kubectl label namespace default istio-injection=enabled --overwrite
 startup_httpbin_sample
 
 # check for external load balancer
-_run_and_verify_like snip_determining_the_ingress_ip_and_ports_1 "$snip_determining_the_ingress_ip_and_ports_1_out"
+_verify_like snip_determining_the_ingress_ip_and_ports_1 "$snip_determining_the_ingress_ip_and_ports_1_out"
 
 # set INGRESS_HOST, INGRESS_PORT, SECURE_INGRESS_PORT, and TCP_INGRESS_PORT environment variables
 if [[ "$out" != *"<none>"* && "$out" != *"<pending>"* ]]; then
@@ -48,12 +48,12 @@ snip_configuring_ingress_using_an_istio_gateway_2
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
 # access the httpbin service
-#_run_and_verify_first_line snip_configuring_ingress_using_an_istio_gateway_3 "$snip_configuring_ingress_using_an_istio_gateway_3_out"
-_run_and_verify_contains snip_configuring_ingress_using_an_istio_gateway_3 "HTTP/1.1 200 OK"
+#_verify_first_line snip_configuring_ingress_using_an_istio_gateway_3 "$snip_configuring_ingress_using_an_istio_gateway_3_out"
+_verify_contains snip_configuring_ingress_using_an_istio_gateway_3 "HTTP/1.1 200 OK"
 
 # access the httpbin service
-#_run_and_verify_first_line snip_configuring_ingress_using_an_istio_gateway_4 "$snip_configuring_ingress_using_an_istio_gateway_4_out"
-_run_and_verify_contains snip_configuring_ingress_using_an_istio_gateway_4 "HTTP/1.1 404 Not Found"
+#_verify_first_line snip_configuring_ingress_using_an_istio_gateway_4 "$snip_configuring_ingress_using_an_istio_gateway_4_out"
+_verify_contains snip_configuring_ingress_using_an_istio_gateway_4 "HTTP/1.1 404 Not Found"
 
 # configure for web browser
 snip_accessing_ingress_services_using_a_browser_1
@@ -61,6 +61,10 @@ snip_accessing_ingress_services_using_a_browser_1
 # wait for rules to propagate
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
+# helper function
+curl_httpbin_headers() {
+    curl -s -I "http://$INGRESS_HOST:$INGRESS_PORT/headers"
+}
+
 # access httpbin without host header
-out=$(curl -s -I "http://$INGRESS_HOST:$INGRESS_PORT/headers" 2>&1)
-_verify_contains "$out" "HTTP/1.1 200 OK" "request_httpbin_without_host_header"
+_verify_contains curl_httpbin_headers "HTTP/1.1 200 OK"

tests/trafficmanagement/ingress/scripts/ingress_sni_passthrough.sh

@@ -40,11 +40,11 @@ snip_deploy_an_nginx_server_4
 _wait_for_deployment default my-nginx
 
 # validate NGINX server was deployed successfully
-_run_and_verify_contains snip_deploy_an_nginx_server_5 "subject: CN=nginx.example.com"
+_verify_contains snip_deploy_an_nginx_server_5 "subject: CN=nginx.example.com"
 
 # configure an ingress gateway
 snip_configure_an_ingress_gateway_1
 snip_configure_an_ingress_gateway_2
 
 # validate the output
-_run_and_verify_contains snip_configure_an_ingress_gateway_3 "SSL certificate verify ok."
+_verify_contains snip_configure_an_ingress_gateway_3 "SSL certificate verify ok."

tests/trafficmanagement/ingress/scripts/secure_ingress.sh

@@ -47,7 +47,7 @@ snip_configure_a_tls_ingress_gateway_for_a_single_host_3
 _wait_for_deployment default httpbin
 
 # verifying httpbin deployment
-_run_and_verify_lines snip_configure_a_tls_ingress_gateway_for_a_single_host_4 "
+_verify_lines snip_configure_a_tls_ingress_gateway_for_a_single_host_4 "
 + HTTP/2 418
 + -=[ teapot ]=-
 "
@@ -60,13 +60,13 @@ snip_configure_a_tls_ingress_gateway_for_a_single_host_6
 sleep 5s
 
 # verifying new httpbin credentials
-_run_and_verify_lines snip_configure_a_tls_ingress_gateway_for_a_single_host_7 "
+_verify_lines snip_configure_a_tls_ingress_gateway_for_a_single_host_7 "
 + HTTP/2 418
 + -=[ teapot ]=-
 "
 
 # verifying old httpbin credentials no longer work
-_run_and_verify_failure snip_configure_a_tls_ingress_gateway_for_a_single_host_8
+_verify_failure snip_configure_a_tls_ingress_gateway_for_a_single_host_8
 
 snip_configure_a_tls_ingress_gateway_for_multiple_hosts_1
 
@@ -87,9 +87,9 @@ snip_configure_a_tls_ingress_gateway_for_multiple_hosts_6
 # waiting for configuration to propagate
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
-_run_and_verify_contains snip_configure_a_tls_ingress_gateway_for_multiple_hosts_7 "$snip_configure_a_tls_ingress_gateway_for_multiple_hosts_7_out"
+_verify_contains snip_configure_a_tls_ingress_gateway_for_multiple_hosts_7 "$snip_configure_a_tls_ingress_gateway_for_multiple_hosts_7_out"
 
-_run_and_verify_lines snip_configure_a_tls_ingress_gateway_for_multiple_hosts_8 "
+_verify_lines snip_configure_a_tls_ingress_gateway_for_multiple_hosts_8 "
 + HTTP/2 418
 + -=[ teapot ]=-
 "
@@ -101,11 +101,11 @@ snip_configure_a_mutual_tls_ingress_gateway_2
 # wait for the change to propagate
 sleep 5s
 
-_run_and_verify_failure snip_configure_a_mutual_tls_ingress_gateway_3
+_verify_failure snip_configure_a_mutual_tls_ingress_gateway_3
 
 snip_configure_a_mutual_tls_ingress_gateway_4
 
-_run_and_verify_lines snip_configure_a_mutual_tls_ingress_gateway_5 "
+_verify_lines snip_configure_a_mutual_tls_ingress_gateway_5 "
 + HTTP/2 418
 + -=[ teapot ]=-
 "

tests/trafficmanagement/scripts/circuit_breaking.sh

@@ -31,7 +31,7 @@ startup_httpbin_sample
 snip_configuring_the_circuit_breaker_1
 
 # Confirm destination rule set
-_run_and_verify_elided snip_configuring_the_circuit_breaker_2 "$snip_configuring_the_circuit_breaker_2_out"
+_verify_elided snip_configuring_the_circuit_breaker_2 "$snip_configuring_the_circuit_breaker_2_out"
 
 # Deploy fortio client
 snip_adding_a_client_1
@@ -39,7 +39,7 @@ snip_adding_a_client_1
 _wait_for_deployment default fortio-deploy
 
 # Make one call to httpbin
-_run_and_verify_contains snip_adding_a_client_3 "HTTP/1.1 200 OK"
+_verify_contains snip_adding_a_client_3 "HTTP/1.1 200 OK"
 
 # FIXME / TODO: These tests previously relied on checking that the
 # percentage of 200 and 503 responses fell within a given range. That
@@ -52,13 +52,13 @@ _run_and_verify_contains snip_adding_a_client_3 "HTTP/1.1 200 OK"
 #          Issue: https://github.com/istio/istio.io/issues/7074
 
 # Make requests with 2 connections
-_run_and_verify_lines snip_tripping_the_circuit_breaker_1 "
+_verify_lines snip_tripping_the_circuit_breaker_1 "
 + Code 200 :
 + Code 503 :
 "
 
 # Make requests with 3 connections
-_run_and_verify_lines snip_tripping_the_circuit_breaker_3 "
+_verify_lines snip_tripping_the_circuit_breaker_3 "
 + Code 200 :
 + Code 503 :
 "
@@ -70,4 +70,4 @@ cluster.outbound|8000||httpbin.istio-io-circuitbreaker.svc.cluster.local.upstrea
 cluster.outbound|8000||httpbin.istio-io-circuitbreaker.svc.cluster.local.upstream_rq_pending_failure_eject: ...
 cluster.outbound|8000||httpbin.istio-io-circuitbreaker.svc.cluster.local.upstream_rq_pending_overflow: ...
 cluster.outbound|8000||httpbin.istio-io-circuitbreaker.svc.cluster.local.upstream_rq_pending_total: ..."
-_run_and_verify_like snip_tripping_the_circuit_breaker_5 "$expected"
+_verify_like snip_tripping_the_circuit_breaker_5 "$expected"

tests/trafficmanagement/scripts/fault_injection.sh

@@ -22,6 +22,14 @@ set -o pipefail
 source "${REPO_ROOT}/content/en/docs/tasks/traffic-management/fault-injection/snips.sh"
 source "${REPO_ROOT}/tests/util/samples.sh"
 
+# helper functions
+get_bookinfo_productpage() {
+    sample_http_request "/productpage"
+}
+get_bookinfo_productpage_jason() {
+    sample_http_request "/productpage" "jason"
+}
+
 kubectl label namespace default istio-injection=enabled --overwrite
 startup_sleep_sample # needed for sending test requests with curl
 
@@ -38,11 +46,10 @@ snip_injecting_an_http_delay_fault_1
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
 # confirm rules are set
-_run_and_verify_elided snip_injecting_an_http_delay_fault_2 "$snip_injecting_an_http_delay_fault_2_out"
+_verify_elided snip_injecting_an_http_delay_fault_2 "$snip_injecting_an_http_delay_fault_2_out"
 
 # check that requests from user jason return error
-out=$(sample_http_request "/productpage" "jason")
-_verify_contains "$out" "$snip_testing_the_delay_configuration_1" "snip_testing_the_delay_configuration_1"
+_verify_contains get_bookinfo_productpage_jason "$snip_testing_the_delay_configuration_1"
 
 # inject the abort fault
 snip_injecting_an_http_abort_fault_1
@@ -51,10 +58,8 @@ snip_injecting_an_http_abort_fault_1
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
 # confirm rules are set
-_run_and_verify_elided snip_injecting_an_http_abort_fault_2 "$snip_injecting_an_http_abort_fault_2_out"
+_verify_elided snip_injecting_an_http_abort_fault_2 "$snip_injecting_an_http_abort_fault_2_out"
 
 # check that requests from user jason return error and other request do not
-out=$(sample_http_request "/productpage" "jason")
-_verify_contains "$out" "Ratings service is currently unavailable" "request_ratings_response_jason"
-out=$(sample_http_request "/productpage")
-_verify_not_contains "$out" "Ratings service is currently unavailable" "request_ratings_response_others"
+_verify_contains get_bookinfo_productpage_jason "Ratings service is currently unavailable"
+_verify_not_contains get_bookinfo_productpage "Ratings service is currently unavailable"

tests/trafficmanagement/scripts/mirroring.sh

@@ -44,14 +44,11 @@ snip_creating_a_default_routing_policy_1
 #istioctl experimental wait --for=distribution VirtualService httpbin.default
 sleep 5s
 
-_run_and_verify_contains snip_creating_a_default_routing_policy_2 "headers"
+_verify_contains snip_creating_a_default_routing_policy_2 "headers"
 
-_run_and_verify_contains snip_creating_a_default_routing_policy_3 "GET /headers HTTP/1.1"
+_verify_contains snip_creating_a_default_routing_policy_3 "GET /headers HTTP/1.1"
 
-# No point in retrying for "not contains". TODO: some kind of _verify_worked_and_not_contains function
-#_run_and_verify_not_contains snip_creating_a_default_routing_policy_4 "GET /headers HTTP/1.1"
-out=$(snip_creating_a_default_routing_policy_4 2>&1)
-_verify_not_contains "$out" "GET /headers HTTP/1.1" "snip_creating_a_default_routing_policy_4"
+_verify_not_contains snip_creating_a_default_routing_policy_4 "GET /headers HTTP/1.1"
 
 snip_mirroring_traffic_to_v2_1
 
@@ -67,6 +64,6 @@ export V2_POD=$(kubectl get pod -l app=httpbin,version=v2 -o jsonpath={.items..m
 snip_mirroring_traffic_to_v2_2
 
 # TODO: This should check for 2 lines with the GET request
-_run_and_verify_contains snip_mirroring_traffic_to_v2_3 "GET /headers HTTP/1.1"
+_verify_contains snip_mirroring_traffic_to_v2_3 "GET /headers HTTP/1.1"
 
-_run_and_verify_contains snip_mirroring_traffic_to_v2_4 "GET /headers HTTP/1.1"
+_verify_contains snip_mirroring_traffic_to_v2_4 "GET /headers HTTP/1.1"

tests/trafficmanagement/scripts/request_routing.sh

@@ -22,6 +22,14 @@ set -o pipefail
 source "${REPO_ROOT}/content/en/docs/tasks/traffic-management/request-routing/snips.sh"
 source "${REPO_ROOT}/tests/util/samples.sh"
 
+# helper functions
+get_bookinfo_productpage() {
+    sample_http_request "/productpage"
+}
+get_bookinfo_productpage_jason() {
+    sample_http_request "/productpage" "jason"
+}
+
 kubectl label namespace default istio-injection=enabled --overwrite
 startup_sleep_sample # needed for sending test requests with curl
 
@@ -35,10 +43,10 @@ snip_apply_a_virtual_service_1
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
 # confirm route rules are set
-_run_and_verify_elided snip_apply_a_virtual_service_2 "$snip_apply_a_virtual_service_2_out"
+_verify_elided snip_apply_a_virtual_service_2 "$snip_apply_a_virtual_service_2_out"
 
 # check destination rules
-_run_and_verify_lines snip_apply_a_virtual_service_3 "
+_verify_lines snip_apply_a_virtual_service_3 "
 + productpage
 + reviews
 + ratings
@@ -46,8 +54,7 @@ _run_and_verify_lines snip_apply_a_virtual_service_3 "
 "
 
 # check that requests do not return ratings
-out=$(sample_http_request "/productpage")
-_verify_not_contains "$out" "glyphicon glyphicon-star" "request_without_ratings"
+_verify_not_contains get_bookinfo_productpage "glyphicon glyphicon-star"
 
 # route traffic for user jason to reviews:v2
 snip_route_based_on_user_identity_1
@@ -56,10 +63,8 @@ snip_route_based_on_user_identity_1
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
 # confirm route rules are set
-_run_and_verify_elided snip_route_based_on_user_identity_2 "$snip_route_based_on_user_identity_2_out"
+_verify_elided snip_route_based_on_user_identity_2 "$snip_route_based_on_user_identity_2_out"
 
 # check that requests from user jason return ratings and other requests do not
-out=$(sample_http_request "/productpage" "jason")
-_verify_contains "$out" "glyphicon glyphicon-star" "request_ratings_response_jason"
-out=$(sample_http_request "/productpage")
-_verify_not_contains "$out" "glyphicon glyphicon-star" "request_ratings_response_others"
+_verify_contains get_bookinfo_productpage_jason "glyphicon glyphicon-star"
+_verify_not_contains get_bookinfo_productpage "glyphicon glyphicon-star"

tests/trafficmanagement/scripts/request_timeouts.sh

@@ -48,7 +48,7 @@ get_productpage() {
 
 # verify 2s delay with ratings stars displayed
 # TODO: should we time this request to confirm it takes ~2s?
-_run_and_verify_contains get_productpage "glyphicon glyphicon-star"
+_verify_contains get_productpage "glyphicon glyphicon-star"
 
 # confi a half second request timeout for calls to the reviews service
 snip_request_timeouts_3
@@ -57,4 +57,4 @@ snip_request_timeouts_3
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
 # verify product reviews are unavailable
-_run_and_verify_contains get_productpage "Sorry, product reviews are currently unavailable for this book."
+_verify_contains get_productpage "Sorry, product reviews are currently unavailable for this book."

tests/trafficmanagement/scripts/tcp_trafficshifting.sh

@@ -51,7 +51,7 @@ _set_ingress_environment_variables
 # Route all traffic to echo v1
 snip_apply_weightbased_tcp_routing_1
 
-_run_and_verify_lines snip_apply_weightbased_tcp_routing_2 "
+_verify_lines snip_apply_weightbased_tcp_routing_2 "
 + one
 - two
 "
@@ -61,9 +61,9 @@ snip_apply_weightbased_tcp_routing_3
 # wait for rules to propagate
 sleep 5s # TODO: call proper wait utility (e.g., istioctl wait)
 
-_run_and_verify_elided snip_apply_weightbased_tcp_routing_4 "$snip_apply_weightbased_tcp_routing_4_out"
+_verify_elided snip_apply_weightbased_tcp_routing_4 "$snip_apply_weightbased_tcp_routing_4_out"
 
-_run_and_verify_lines snip_apply_weightbased_tcp_routing_5 "
+_verify_lines snip_apply_weightbased_tcp_routing_5 "
 + one
 + two
 "

tests/trafficmanagement/scripts/traffic_shifting.sh

@@ -68,28 +68,28 @@ expected="virtualservice.networking.istio.io/productpage created
 virtualservice.networking.istio.io/reviews created
 virtualservice.networking.istio.io/ratings created
 virtualservice.networking.istio.io/details created"
-_run_and_verify_same snip_config_all_v1 "$expected"
+_verify_same snip_config_all_v1 "$expected"
 
 # Step 2: verify no rating stars visible, (reviews-v3 traffic=0%)
 
-_run_and_verify_same reviews_v3_traffic_percentage 0
+_verify_same reviews_v3_traffic_percentage 0
 
 # Step 3: switch 50% traffic to v3
 
-_run_and_verify_same snip_config_50_v3 "virtualservice.networking.istio.io/reviews configured"
+_verify_same snip_config_50_v3 "virtualservice.networking.istio.io/reviews configured"
 
 istioctl experimental wait --for=distribution VirtualService reviews.default
 
 # Step 4: Confirm the rule was replaced
 
-_run_and_verify_elided snip_verify_config_50_v3 "$snip_verify_config_50_v3_out"
+_verify_elided snip_verify_config_50_v3 "$snip_verify_config_50_v3_out"
 
 # Step 5: verify rating stars visible 50% of the time
 
-_run_and_verify_same reviews_v3_traffic_percentage 50
+_verify_same reviews_v3_traffic_percentage 50
 
 # Step 6: route 100% traffic to v3
 
 snip_config_100_v3
 
-_run_and_verify_same reviews_v3_traffic_percentage 100
+_verify_same reviews_v3_traffic_percentage 100

tests/util/verify.sh

@@ -228,15 +228,15 @@ __verify_with_retry() {
     local max_attempts=${VERIFY_RETRIES:-5}
     local attempt=1
 
-    while true; do
-        # Most tests include "set -e", which causes the script to exit if a
-        # statement returns a non-true return value.  In some cases, $func may
-        # exit with a non-true return value, but we want to retry the command
-        # later.  We want to temporarily disable that "errexit" behavior.
-        local errexit_state
-        errexit_state="$(shopt -po errexit || true)"
-        set +e
+    # Most tests include "set -e", which causes the script to exit if a
+    # statement returns a non-true return value.  In some cases, $func may
+    # exit with a non-true return value, but we want to retry the command
+    # later.  We want to temporarily disable that "errexit" behavior.
+    local errexit_state
+    errexit_state="$(shopt -po errexit || true)"
+    set +e
 
+    while true; do
         # Run the command.
         out=$($func 2>&1)
         local funcret="$?"
@@ -244,16 +244,17 @@ __verify_with_retry() {
         $cmp_func "$out" "$expected"
         local cmpret="$?"
 
-        # Restore the "errexit" state.
-        eval "$errexit_state"
-
         if [[ "$cmpret" -eq 0 ]]; then
             if [[ -z "$failonerr" || "$funcret" -eq 0 ]]; then
+                # Restore the "errexit" state.
+                eval "$errexit_state"
                 return
             fi
         fi
 
         if (( attempt >= max_attempts )); then
+            # Restore the "errexit" state.
+            eval "$errexit_state"
             __err_exit "$func" "$out" "$expected"
         fi
 
@@ -269,7 +270,7 @@ __verify_with_retry() {
 # Runs $func and compares the output with $expected.  If they are not the same,
 # exponentially back off and try again, 5 times by default. The number of retries
 # can be changed by setting the VERIFY_RETRIES environment variable.
-_run_and_verify_same() {
+_verify_same() {
     local func=$1
     local expected=$2
     __verify_with_retry __cmp_same "$func" "$expected"
@@ -279,7 +280,7 @@ _run_and_verify_same() {
 # contain the substring $expected,
 # exponentially back off and try again, 5 times by default. The number of retries
 # can be changed by setting the VERIFY_RETRIES environment variable.
-_run_and_verify_contains() {
+_verify_contains() {
     local func=$1
     local expected=$2
     __verify_with_retry __cmp_contains "$func" "$expected"
@@ -289,7 +290,7 @@ _run_and_verify_contains() {
 # substring $expected,
 # exponentially back off and try again, 5 times by default. The number of retries
 # can be changed by setting the VERIFY_RETRIES environment variable.
-_run_and_verify_not_contains() {
+_verify_not_contains() {
     local func=$1
     local expected=$2
     # __cmp_not_contains will return true even if func fails. Pass failonerr arg
@@ -302,7 +303,7 @@ _run_and_verify_not_contains() {
 # containing any text,
 # exponentially back off and try again, 5 times by default. The number of retries
 # can be changed by setting the VERIFY_RETRIES environment variable.
-_run_and_verify_elided() {
+_verify_elided() {
     local func=$1
     local expected=$2
     __verify_with_retry __cmp_elided "$func" "$expected"
@@ -312,7 +313,7 @@ _run_and_verify_elided() {
 # output does not match the first line in $expected,
 # exponentially back off and try again, 5 times by default. The number of retries
 # can be changed by setting the VERIFY_RETRIES environment variable.
-_run_and_verify_first_line() {
+_verify_first_line() {
     local func=$1
     local expected=$2
     __verify_with_retry __cmp_first_line "$func" "$expected"
@@ -330,7 +331,7 @@ _run_and_verify_first_line() {
 #        - different ip values
 #        - prefix match ending with a dash character
 #        - expected ... is a wildcard token, matches anything
-_run_and_verify_like() {
+_verify_like() {
     local func=$1
     local expected=$2
     __verify_with_retry __cmp_like "$func" "$expected"
@@ -342,10 +343,10 @@ _run_and_verify_like() {
 # can be changed by setting the VERIFY_RETRIES environment variable.
 # Conformance implies:
 #   1. For each line in $expected with the prefix "+ " there must be at least one
-#      line in $output containing the following string.
+#      line in the output containing the following string.
 #   2. For each line in $expected with the prefix "- " there must be no line in
-#      $output containing the following string.
-_run_and_verify_lines() {
+#      the output containing the following string.
+_verify_lines() {
     local func=$1
     local expected=$2
     __verify_with_retry __cmp_lines "$func" "$expected"
@@ -353,7 +354,7 @@ _run_and_verify_lines() {
 
 # Runs $func and confirm that it fails (i.e., non-zero return code). This function is useful
 # for testing commands that demonstrate configurations that are expected to fail.
-_run_and_verify_failure() {
+_verify_failure() {
     local func=$1
     local errexit_state
 
@@ -371,78 +372,3 @@ _run_and_verify_failure() {
         __err_exit "$func" "$out" "NON-ZERO COMMAND EXIT STATUS"
     fi
 }
-
-
-# Verify that $out is the same as $expected.
-_verify_same() {
-    local out=$1
-    local expected=$2
-    local msg=$3
-
-    if ! __cmp_same "$out" "$expected"; then
-        __err_exit "$msg" "$out" "$expected"
-    fi
-}
-
-# Verify that $out contains the substring $expected.
-_verify_contains() {
-    local out=$1
-    local expected=$2
-    local msg=$3
-
-    if ! __cmp_contains "$out" "$expected"; then
-        __err_exit "$msg" "$out" "$expected"
-    fi
-}
-
-# Verify that $out does not contain the substring $expected.
-_verify_not_contains() {
-    local out=$1
-    local expected=$2
-    local msg=$3
-
-    if ! __cmp_not_contains "$out" "$expected"; then
-        __err_exit "$msg" "$out" "$expected"
-    fi
-}
-
-# Verify that $out contains the lines in $expected where "..." on a line
-# matches one or more lines containing any text.
-_verify_elided() {
-    local out=$1
-    local expected=$2
-    local msg=$3
-
-    if ! __cmp_elided "$out" "$expected"; then
-        __err_exit "$msg" "$out" "$expected"
-    fi
-}
-
-# Verify that the first line of $out matches the first line in $expected.
-_verify_first_line() {
-    local out=$1
-    local expected=$2
-    local msg=$3
-
-    if ! __cmp_first_line "$out" "$expected"; then
-        __err_exit "$msg" "$out" "$expected"
-    fi
-}
-
-# Verify that $out is "like" $expected. Like implies:
-#   1. Same number of lines
-#   2. Same number of whitespace-seperated tokens per line
-#   3. Tokens can only differ in the following ways:
-#        - different elapsed time values
-#        - different ip values
-#        - prefix match ending with a dash character
-#        - expected ... is a wildcard token, matches anything
-_verify_like() {
-    local out=$1
-    local expected=$2
-    local msg=$3
-
-    if ! __cmp_like "$out" "$expected"; then
-        __err_exit "$msg" "$out" "$expected"
-    fi
-}