V-73393 Performs Excessive Iterations
Closed this issue · 1 comments
slipthebit commented
Similar to Issue #46, V-73393 performs excessive iterations as a result of two factors: describe.one blocks around each describe block, and acl_rule looping within each describe set. This results in each acl_rule being evaluated against every describe set causing multiple failures for each acl_rule.
...
describe.one do
acl_rules.each do |acl_rule|
describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
subject { acl_rule }
its(['AuditFlags']) { should cmp "Fail" }
its(['IdentityReference']) { should cmp "Everyone" }
its(['ActiveDirectoryRights']) { should cmp "GenericAll" }
its(['InheritanceFlags']) { should cmp "None" }
its(['InheritanceType']) { should cmp "None" }
its(['PropagationFlags']) { should cmp "None" }
end
end
end
describe.one do
acl_rules.each do |acl_rule|
describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
subject { acl_rule }
its(['AuditFlags']) { should cmp "Success" }
its(['IdentityReference']) { should cmp "Everyone" }
its(['ActiveDirectoryRights']) { should cmp "WriteProperty, ExtendedRight" }
its(['InheritanceFlags']) { should cmp "None" }
its(['InheritanceType']) { should cmp "None" }
its(['PropagationFlags']) { should cmp "None" }
end
end
end
describe.one do
acl_rules.each do |acl_rule|
describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
...
https://docs.chef.io/inspec/dsl_inspec/#describeone-usage-notes
Suggested resolution:
A single describe.one block should encapsulate all of the describe sets, and the acl_rules loop be moved outside the describe.one block. This would ensure each acl_rule matches one of the describe sets or fail.
slipthebit commented
reevaluating issue