V-73391 Performs Excessive Iterations

[slipthebit]

V-73391 performs excessive iterations as a result of two factors: describe.one blocks around each describe block, and acl_rule looping within each describe set. This results in each acl_rule being evaluated against every describe set causing multiple failures for each acl_rule.

    describe.one do
      acl_rules.each do |acl_rule|
        describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
          subject { acl_rule }
          its(['AuditFlags']) { should cmp "Fail" }
          its(['IdentityReference']) { should cmp "Everyone" }
          its(['ActiveDirectoryRights']) { should cmp "GenericAll" }
          its(['InheritanceFlags']) { should cmp "None" }
          its(['InheritanceType']) { should cmp "None" }
          its(['PropagationFlags']) { should cmp "None" }
        end
      end
    end

    describe.one do
      acl_rules.each do |acl_rule|
        describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do
          subject { acl_rule }
          its(['AuditFlags']) { should cmp "Success" }
          its(['IdentityReference']) { should cmp "Everyone" }
          its(['ActiveDirectoryRights']) { should cmp "WriteProperty" }
          its(['InheritanceFlags']) { should cmp "ContainerInherit" }
          its(['InheritanceType']) { should cmp "All" }
          its(['PropagationFlags']) { should cmp "None" }
        end
      end
    end

    describe.one do
      acl_rules.each do |acl_rule|
        describe "Audit rule property for principal: #{acl_rule['IdentityReference']}" do

https://docs.chef.io/inspec/dsl_inspec/#describeone-usage-notes

Suggested resolution:
A single describe.one block should encapsulate all of the describe sets, and the acl_rules loop be moved outside the describe.one block. This would ensure each acl_rule matches one of the describe sets or fail.

[slipthebit]

Reevaluating issue.