My New Friend, Cinc-Auditor
By Annie Hedgpeth · April 9, 2021
My New Friend, Cinc-Auditor

So I’m making a CI/CD pipeline to create a simple base image to use (the image is not relevant to the story, just so you know), and I want to validate the configuration scripts before I build the image, right? I mean, y’all know I love some test driven development that I turn into integration tests. And y’all know I love seeing passing green checkmarks. It’s like my favorite thing.

And because I don’t have the need for a Chef license, as I only need to run this for locally for my

CI/CD process, I just need a little, light-weight tool to run my validation tests. That’s where InSpec used to come in handy, but now you need to accept a license agreement to run InSpec, and I’m not a fan of going down that path, but what do I do? I freaking love InSpec, y’all know that.

Meet my new friend, cinc-auditor. Now, it’s been out for a while, but, because I was at a place with a Chef license, I had no use for it until now (save for a proof of concept I did a while back).

As they state on their website:

Cinc is a recursive acronym for CINC Is Not Chef The Cinc project is in no way formally affiliated or associated with Chef Software Inc. Is Cinc compatible with upstream products ? Yes, it’s the same code as the original products, only branding is changed.

And no license is needed, so it’s just what I need. So right now I have an integration testing pipeline that basically does this:

# build a docker image from a script of base image config (Dockerfile runs a bash sript)
$ docker build -t baseimage:test .

# run the image with all the config on it
$ docker run -d -i --name baseimage baseimage:test

# run InSpec, no wait, cinc-auditor against the image/container I just built
$ bunde exec cinc-auditor exec ./test/integration/my_config -t docker://baseimage

# make sure the packer config is valid
$ packer validate ./Packerfile.pkr.hcl

And I had a simple Gemfile that looked like this:

# spoiler alert - this Gemfile didn't work
source 'https://rubygems.org'

ruby '2.6.6'

gem 'rake'

source "https://packagecloud.io/cinc-project/stable" do
  gem "cinc-auditor-bin"
end

You can see there that cinc-auditor is pulled from the Package Cloud manager, not RubyGems, so we grab have bundler it from there. But I was having an annoying issue where bundler couldn’t find the chef-utils gem (a dependency of the cinc-auditor gem) in the RubyGems hosting server, and it was telling me:

Could not find chef-config-16.12.3 in any of the sources

And I knew it was a lie! I was so bothered! I could see it right there! So what gives?

So then I found the answer here in the comments.

Note: It’s recommended you add the official source, unless your packagecloud repository can meet all the dependency requirements in the Gemfile.

Okay, admittedly that doesn’t really tell me anything I didn’t already know, but it caused me to assume that Cinc wants you to pull all the dependencies that it can from the PackageCloud manager, not RubyGems. So I changed my Gemfile to look like this, and voilà, it worked. I was able to pull in all the dependencies.

ruby '2.6.6'

source 'https://rubygems.org' do
  gem 'rake'
end

source 'https://packagecloud.io/cinc-project/stable' do
  gem 'chef-config'
  gem 'chef-utils'
  gem 'cinc-auditor-bin'
  gem 'inspec'
  gem 'inspec-core'
end

TL;DR: The other gems being pulled from Package Cloud are all dependencies of cinc-auditor-bin, so we pull them from PackageCloud and not RubyGems.

Hope this helps!

Engineering
Chef
Infrastructure as Code
InSpec