inspec-core 5.7.9 → 5.14.0

data/lib/inspec/resources/lxc.rb

@@ -0,0 +1,57 @@
+require "inspec/resources/command"
+module Inspec::Resources
+  class Lxc < Inspec.resource(1)
+    name "lxc"
+    # Restrict to only run on the below platforms
+    supports platform: "linux"
+    desc "Use the lxc InSpec audit resource to test if container exists and/or is running for linux container"
+    example <<~EXAMPLE
+      describe lxc("ubuntu-container") do
+        it { should exist }
+        it { should be_running }
+      end
+    EXAMPLE
+
+    # Resource initialization.
+    def initialize(container_name)
+      @container_name = container_name
+
+      raise Inspec::Exceptions::ResourceSkipped, "The `lxc` resource is not supported on your OS yet." unless inspec.os.linux?
+    end
+
+    def resource_id
+      @container_name
+    end
+
+    def to_s
+      "lxc #{resource_id}"
+    end
+
+    def exists?
+      lxc_info_cmd.exit_status.to_i == 0
+    end
+
+    def running?
+      container_info = lxc_info_cmd.stdout.split(":").map(&:strip)
+      container_info[0] == "Status" && container_info[1] == "Running"
+    end
+
+    private
+
+    # Method to find lxc
+    def find_lxc_or_error
+      %w{/usr/sbin/lxc /sbin/lxc lxc}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `lxc`"
+    end
+
+    def lxc_info_cmd
+      bin = find_lxc_or_error
+      info_cmd = "info #{@container_name} | grep -i Status"
+      lxc_cmd = format("%s %s", bin, info_cmd).strip
+      inspec.command(lxc_cmd)
+    end
+  end
+end

data/lib/inspec/resources/mail_alias.rb

@@ -0,0 +1,46 @@
+require "inspec/resources/command"
+module Inspec::Resources
+  class Mailalias < Inspec.resource(1)
+    # resource internal name.
+    name "mail_alias"
+
+    # Restrict to only run on the below platforms (if none were given,
+    # all OS's and cloud API's supported)
+    supports platform: "unix"
+
+    desc "Use the mail_alias InSpec audit resource to test mail alias present in the aliases file"
+
+    example <<~EXAMPLE
+      describe mail_alias("toor") do
+        it { should be_aliased_to "root" }
+      end
+    EXAMPLE
+
+    def initialize(alias_key)
+      skip_resource "The `mail_alias` resource is not yet available on your OS." unless inspec.os.unix?
+      @alias_key = alias_key
+    end
+
+    # resource_id is used in reporting engines to uniquely identify the individual resource.
+    def resource_id
+      "#{@alias_key}"
+    end
+
+    # resource appearance in test reports.
+    def to_s
+      "mail_alias #{resource_id}"
+    end
+
+    # aliased_to matcher checks if the given alias_value is set to the initialized alias_key
+    def aliased_to?(alias_value)
+      # /etc/aliases if the file where the alias and its value(s) are stored
+      cmd = inspec.command("cat /etc/aliases | grep '^#{@alias_key}:'")
+      raise Inspec::Exceptions::ResourceFailed, "#{@alias_key} is not a valid key in the aliases" if cmd.exit_status.to_i != 0
+
+      # in general aliases file contains : separated values like alias_key : alias_value1, alias_value2
+      alias_values_combined = cmd.stdout.split(":").map(&:strip)[1]
+      alias_values_splitted = alias_values_combined.split(",").map(&:strip)
+      alias_values_splitted.include?(alias_value)
+    end
+  end
+end

data/lib/inspec/resources/oracledb_session.rb

@@ -61,9 +61,13 @@ module Inspec::Resources
         raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
       else
         begin
-          DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout))
-        rescue
-          raise Inspec::Exceptions::ResourceFailed, "Oracle query with errors: #{out}"
+          unless inspec_cmd.stdout.empty?
+            DatabaseHelper::SQLQueryResult.new(inspec_cmd, parse_csv_result(inspec_cmd.stdout))
+          else
+            inspec_cmd.stdout
+          end
+        rescue Exception => ex
+          raise Inspec::Exceptions::ResourceFailed, "Oracle query with exception: #{ex}"
         end
       end
     end

data/lib/inspec/resources/postgres_session.rb

@@ -55,8 +55,10 @@ module Inspec::Resources
       psql_cmd = create_psql_cmd(query, db)
       cmd = inspec.command(psql_cmd, redact_regex: %r{(:\/\/[a-z]*:).*(@)})
       out = cmd.stdout + "\n" + cmd.stderr
-      if cmd.exit_status != 0 || out =~ /could not connect to .*/ || out.downcase =~ /^error:.*/
-        raise Inspec::Exceptions::ResourceFailed, "PostgreSQL query with errors: #{out}"
+      if cmd.exit_status != 0 && ( out =~ /could not connect to/ || out =~ /password authentication failed/ ) && out.downcase =~ /error:/
+        raise Inspec::Exceptions::ResourceFailed, "PostgreSQL connection error: #{out}"
+      elsif cmd.exit_status != 0 && out.downcase =~ /error:/
+        Lines.new(out, "PostgreSQL query with error: #{query}")
       else
         Lines.new(cmd.stdout.strip, "PostgreSQL query: #{query}")
       end

data/lib/inspec/resources/routing_table.rb

@@ -0,0 +1,137 @@
+require "inspec/resources/command"
+
+module Inspec::Resources
+  class Routingtable < Inspec.resource(1)
+    # resource internal name.
+    name "routing_table"
+
+    # Restrict to only run on the below platforms (if none were given,
+    # all OS's and cloud API's supported)
+    supports platform: "unix"
+    supports platform: "windows"
+
+    desc "Use the `routing_table` Chef InSpec audit resource to test the routing information parameters(destination, gateway and interface) present in the routing table."
+
+    example <<~EXAMPLE
+      describe routing_table do
+        it do
+          should have_entry(
+            :destination => '192.168.43.1/32',
+            :interface   => 'lxdbr0',
+            :gateway     => '172.31.80.1',
+          )
+        end
+      end
+
+      describe routing_table do
+        it { should have_entry(destination: '0.0.0.0', interface: 'eth0', gateway: '172.31.80.1') }
+      end
+    EXAMPLE
+
+    def initialize
+      skip_resource "The `routing_table` resource is not yet available on your OS." unless inspec.os.unix? || inspec.os.windows?
+      # fetch the routing information and store it in @routing_info (could be hash, tbd)
+      @routing_info = {}
+      fetch_routing_information
+    end
+
+    # resource appearance in test reports.
+    def to_s
+      "routing_table"
+    end
+
+    def has_entry?(input_route)
+      # check if the destination, gateway, interface exists as part of the routing_info
+      if input_route.key?(:destination) && input_route.key?(:gateway) && input_route.key?(:interface)
+        # check if there is key with destination's value in hash;
+        # if yes, check if destination and gateway is present else return false
+        @routing_info.key?(input_route[:destination]) ? @routing_info[input_route[:destination]].include?([input_route[:gateway], input_route[:interface]]) : false
+      else
+        raise Inspec::Exceptions::ResourceSkipped, "One or more missing key, have_entry? matcher expects a hash with 3 keys: destination, gateway and interface"
+      end
+    end
+
+    private
+
+    # fetches the routing information for the system
+    def fetch_routing_information
+      # check if netstat is available on the system
+      utility = find_netstat_or_error
+
+      # the command to fetch the routing information
+      fetch_route_cmd = "#{utility} -rn"
+
+      # execute the above netstat command
+      cmd = inspec.command(fetch_route_cmd)
+
+      # raise error if the exit status is not zero;
+      raise Inspec::Exceptions::ResourceFailed, "Executing netstat failed: #{cmd.stderr}" if cmd.exit_status.to_i != 0
+
+      # Todo:
+      # Improve logic to fetch destination, gateway & interface efficiently.
+      # The below logic assumes the following:
+      # 1. destination, gateway & interface header is present as Destination, Gateway & (Iface or Netif or Interface) respectively.
+      #    (Netif on BSD, Darwin,Iface on linux & Interface on Windows)
+      # 2. there is no blank data for any columns or the blank data are present after the interface column.
+
+      # cmd.stdout is the standard out of netstat -rn; split on new line to get the rows
+      raw_route_info = cmd.stdout.split("\n")
+
+      # since raw_route_info contains some row before the header (i.e. Destination Gateway ...); remove those rows
+      raw_route_info.shift until raw_route_info[0] =~ /Destination/i
+
+      # split each rows based on space to get the individual columns
+      # raw_route_info is now array of arrays with the routing information
+      raw_route_info.map! { |info| info.strip.split }
+
+      # these variables will store the indices where destination, gateway and interface are present
+      destination_index, gateway_index, interface_index = -1, -1, -1
+
+      # The headers in windows are as:
+      # Network Destination        Netmask          Gateway       Interface  Metric
+      # Splitting on space makes "Network Destination" to be two separate values as "Network" & "Destination"
+      # Remove "Network" value to apply the logic of finding index
+      raw_route_info[0].shift if inspec.os.windows?
+
+      # find the indices of destination, gateway and interface;
+      # because the position of gateway & interface varies with operating system
+      raw_route_info[0].each_with_index do |header, index|
+        if header =~ /Destination/i
+          destination_index = index
+        elsif header =~ /Gateway/i
+          gateway_index = index
+        elsif header =~ /Iface|Netif|Interface/i
+          interface_index = index
+        end
+      end
+
+      # remove the initial header consisting of Destination, Gateway, Mask, ... since this is of no use
+      raw_route_info.shift
+
+      # check the indices are assigned with some index and not -1
+      if destination_index != -1 && gateway_index != -1 && interface_index != -1
+        # iterate through the route_info; and find destination, gateway and interface from each row
+        raw_route_info.each do |info|
+          # if value exists at the destination_index, gateway_index, and interface_index; store the value in @routing_info
+          if !info[destination_index].nil? && !info[gateway_index].nil? && !info[interface_index].nil?
+            # if the destination_key is already present, append the gateway & interface; else create new array and add them
+            if @routing_info.key?(info[destination_index])
+              @routing_info[info[destination_index]] << [info[gateway_index], info[interface_index]]
+            else
+              @routing_info[info[destination_index]] = [[info[gateway_index], info[interface_index]]]
+            end
+          end
+        end
+      end
+    end
+
+    # check if netstat is available on the system
+    def find_netstat_or_error
+      %w{/usr/sbin/netstat /sbin/netstat /usr/bin/netstat /bin/netstat netstat}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `netstat` utility to view routing table information"
+    end
+  end
+end

data/lib/inspec/resources/service.rb

@@ -271,6 +271,30 @@ module Inspec::Resources
       info[:startname]
     end
 
+    # matcher equivalent to startmode property; compares start-up mode
+    # supported only on windows.
+    def has_start_mode?(mode)
+      raise Inspec::Exceptions::ResourceSkipped, "The `has_start_mode` matcher is not supported on your OS yet." unless inspec.os.windows?
+
+      mode == startmode
+    end
+
+    # matcher to check if the service is monitored by the given monitoring tool/software
+    def monitored_by?(monitoring_tool)
+      # Currently supported monitoring tools are: monit & god
+      # To add support for new monitoring tools, extend the case statement with additional monitoring tool and
+      # add the definition and logic in a new class (inheriting the base class MonitoringTool: optional)
+      case monitoring_tool
+      when "monit"
+        current_monitoring_tool = Monit.new(inspec, @service_name)
+      when "god"
+        current_monitoring_tool = God.new(inspec, @service_name)
+      else
+        puts "The monitoring tool #{monitoring_tool} is not yet supported by InSpec."
+      end
+      current_monitoring_tool.is_service_monitored?
+    end
+
     def to_s
       "Service #{@service_name}"
     end
@@ -537,9 +561,22 @@ module Inspec::Resources
     end
 
     def info(service_name)
+      # `service -l` lists all files in /etc/rc.d and the local startup directories
+      # % service -l
+      # accounting
+      # addswap
+      # adjkerntz
+      # apm
+      # archdep
+      cmd = inspec.command("#{service_ctl} -l")
+      return nil if cmd.exit_status != 0
+
+      # search for the service
+      srv = /^#{service_name}$/.match(cmd.stdout)
+      return nil if srv.nil? || srv[0].nil?
+
       # check if service is enabled
       cmd = inspec.command("#{service_ctl} #{service_name} enabled")
-
       enabled = cmd.exit_status == 0
 
       # check if the service is running
@@ -880,4 +917,53 @@ module Inspec::Resources
       Runit.new(inspec, service_ctl)
     end
   end
+
+  # Helper class for monitored_by matcher
+  class MonitoringTool
+    attr_reader :inspec, :service_name
+    def initialize(inspec, service_name)
+      @inspec = inspec
+      @service_name ||= service_name
+    end
+
+    def find_utility_or_error(utility_name)
+      [ "/usr/sbin/#{utility_name}" , "/sbin/#{utility_name}" , "/usr/bin/#{utility_name}" , "/bin/#{utility_name}" , "#{utility_name}" ].each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `#{utility_name}`"
+    end
+  end
+
+  class Monit < MonitoringTool
+    def is_service_monitored?
+      utility = find_utility_or_error("monit")
+      utility_cmd = inspec.command("#{utility} summary")
+
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} summary failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0
+
+      monitoring_info = utility_cmd.stdout.split("\n")
+      monitoring_info.map! { |info| info.strip.squeeze(" ") }
+      is_monitored = false
+      monitoring_info.each do |info|
+        if info =~ /^#{service_name} OK.*/
+          is_monitored = true
+          break
+        end
+      end
+      is_monitored
+    end
+  end
+
+  class God < MonitoringTool
+    def is_service_monitored?
+      utility = find_utility_or_error("god")
+      utility_cmd = inspec.command("#{utility} status #{service_name}")
+
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} status #{service_name} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0
+
+      monitoring_info = utility_cmd.stdout.strip
+      monitoring_info =~ /^#{service_name}: up/
+    end
+  end
 end

data/lib/inspec/resources/user.rb

@@ -1 +1,13 @@
 require "inspec/resources/users"
+# user resource belong_to matcher for serverspec compatibility
+RSpec::Matchers.define :belong_to_primary_group do |group|
+  match do |user|
+    user.belongs_to_primary_group?(group)
+  end
+end
+
+RSpec::Matchers.define :belong_to_group do |group|
+  match do |user|
+    user.belongs_to_group?(group)
+  end
+end

data/lib/inspec/resources/users.rb

@@ -137,20 +137,17 @@ module Inspec::Resources
   #   its('badpasswordattempts') { should eq 0 }
   # end
   #
-  # The following  Serverspec  matchers are deprecated in favor for direct value access
+  # The following  Serverspec  matchers were deprecated in favor for direct value access
+  # but are made available as part of Serverspec compatibility in March, 2022.
   #
   # describe user('root') do
   #   it { should belong_to_group 'root' }
+  #   it { should belong_to_primary_group 'root' }
   #   it { should have_uid 0 }
   #   it { should have_home_directory '/root' }
   #   it { should have_login_shell '/bin/bash' }
   #   its('minimum_days_between_password_change') { should eq 0 }
   #   its('maximum_days_between_password_change') { should eq 99 }
-  # end
-  #
-  # ServerSpec tests that are not supported:
-  #
-  # describe user('root') do
   #   it { should have_authorized_key 'ssh-rsa ADg54...3434 user@example.local' }
   #   its(:encrypted_password) { should eq 1234 }
   # end
@@ -258,36 +255,56 @@ module Inspec::Resources
 
     # implement 'mindays' method to be compatible with serverspec
     def minimum_days_between_password_change
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `minimum_days_between_password_change` property is deprecated. Please use `mindays`.")
       mindays
     end
 
     # implement 'maxdays' method to be compatible with serverspec
     def maximum_days_between_password_change
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `maximum_days_between_password_change` property is deprecated. Please use `maxdays`.")
       maxdays
     end
 
     # implements rspec has matcher, to be compatible with serverspec
     # @see: https://github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb
+    # has_uid matcher: compatibility with serverspec
     def has_uid?(compare_uid)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_uid?` matcher is deprecated.")
       uid == compare_uid
     end
 
+    # has_home_directory matcher: compatibility with serverspec
     def has_home_directory?(compare_home)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_home_directory?` matcher is deprecated. Please use `its('home')`.")
       home == compare_home
     end
 
+    # has_login_shell matcher: compatibility with serverspec
     def has_login_shell?(compare_shell)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_login_shell?` matcher is deprecated. Please use `its('shell')`.")
       shell == compare_shell
     end
 
-    def has_authorized_key?(_compare_key)
-      Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_authorized_key?` matcher is deprecated. There is no currently implemented alternative")
-      raise NotImplementedError
+    # has_authorized_key matcher: compatibility with serverspec
+    def has_authorized_key?(compare_key)
+      # get_authorized_keys returns the list of key, check if given key is included.
+      get_authorized_keys.include?(compare_key)
+    end
+
+    # belongs_to_primary_group matcher: compatibility with serverspec
+    def belongs_to_primary_group?(group_name)
+      groupname == group_name
+    end
+
+    # belongs_to_group matcher: compatibility with serverspec
+    def belongs_to_group?(group_name)
+      groups.include?(group_name)
+    end
+
+    # encrypted_password property: compatibility with serverspec
+    # it allows to run test against the hashed passwords of the given user
+    # applicable for unix/linux systems with getent utility.
+    def encrypted_password
+      raise Inspec::Exceptions::ResourceSkipped, "encrypted_password property is not applicable for your system" if inspec.os.windows? || inspec.os.darwin?
+
+      # shadow_information returns array of the information from the shadow file
+      # the value at 1st index is the encrypted_password information
+      shadow_information[1]
     end
 
     def to_s
@@ -314,6 +331,54 @@ module Inspec::Resources
 
       @cred_cache = @user_provider.credentials(@username) unless @user_provider.nil?
     end
+
+    # helper method for has_authorized_key matcher
+    # get_authorized_keys return the key/keys stored in the authorized_keys path
+    def get_authorized_keys
+      # cat is used in unix system to display content of file; similarly type is used for windows
+      bin = inspec.os.windows? ? "type" : "cat"
+
+      # auth_path gets assigned with the valid path for authorized_keys
+      auth_path = ""
+
+      # possible paths where authorized_keys are stored
+      # inspec.command is used over inspec.file because inspec.file requires absolute path
+      %w{~/.ssh/authorized_keys ~/.ssh/authorized_keys2}.each do |path|
+        if inspec.command("#{bin} #{path}").exit_status == 0
+          auth_path = path
+          break
+        end
+      end
+
+      # if auth_path is empty, no valid path was found, hence raise exception
+      raise Inspec::Exceptions::ResourceSkipped, "Can't find any valid path for authorized_keys" if auth_path.empty?
+
+      # authorized_keys are obtained in the standard output;
+      # split keys on newline if more than one keys are part of authorized_keys
+      inspec.command("#{bin} #{auth_path}").stdout.split("\n").map(&:strip)
+    end
+
+    # Helper method for encrypted_password property
+    def shadow_information
+      # check if getent is available on the system
+      bin = find_getent_utility
+
+      # fetch details of the passwd file for the current user using getent
+      cmd = inspec.command("#{bin} shadow #{@username}")
+      raise Inspec::Exceptions::ResourceFailed, "Executing #{bin} shadow #{@username} failed: #{cmd.stderr}" if cmd.exit_status.to_i != 0
+
+      # shadow information are : separated values, split and return
+      cmd.stdout.split(":").map(&:strip)
+    end
+
+    # check if getent exist in the system
+    def find_getent_utility
+      %w{/usr/bin/getent /bin/getent getent}.each do |cmd|
+        return cmd if inspec.command(cmd).exist?
+      end
+
+      raise Inspec::Exceptions::ResourceFailed, "Could not find `getent` on your system."
+    end
   end
 
   # Class defined to compare for groups without case-sensitivity

data/lib/inspec/resources/virtualization.rb

@@ -190,7 +190,7 @@ module Inspec::Resources
       true
     end
 
-    # Detect LXC/Docker
+    # Detect LXC/Docker/k8s/podman
     #
     # /proc/self/cgroup will look like this inside a docker container:
     # <index #>:<subsystem>:/lxc/<hexadecimal container id>
@@ -208,7 +208,7 @@ module Inspec::Resources
     #
     # Full notes, https://tickets.opscode.com/browse/OHAI-551
     # Kernel docs, https://www.kernel.org/doc/Documentation/cgroups
-    def detect_lxc_docker
+    def detect_container
       return false unless inspec.file("/proc/self/cgroup").exist?
 
       cgroup_content = inspec.file("/proc/self/cgroup").content
@@ -216,6 +216,12 @@ module Inspec::Resources
           cgroup_content =~ %r{^\d+:[^:]+:/[^/]+/(lxc|docker)-.+$} # rubocop:disable Layout/MultilineOperationIndentation
         @virtualization_data[:system] = $1 # rubocop:disable Style/PerlBackrefs
         @virtualization_data[:role] = "guest"
+      elsif cgroup_content =~ %r{^\d+:[^:]+:/(kubepods)/.+$}
+        @virtualization_data[:system] = $1
+        @virtualization_data[:role] = "guest"
+      elsif /container=podman/.match?(file_read("/proc/1/environ"))
+        @virtualization_data[:system] = "podman"
+        @virtualization_data[:role] = "guest"
       elsif lxc_version_exists? && cgroup_content =~ %r{\d:[^:]+:/$}
         # lxc-version shouldn't be installed by default
         # Even so, it is likely we are on an LXC capable host that is not being used as such
@@ -297,7 +303,7 @@ module Inspec::Resources
       return if detect_docker
       return if detect_virtualbox
       return if detect_lxd
-      return if detect_lxc_docker
+      return if detect_container
       return if detect_linux_vserver
       return if detect_kvm_from_cpuinfo
       return if detect_kvm_from_sys

data/lib/inspec/ui.rb

@@ -140,6 +140,15 @@ module Inspec
       print_or_return(result, opts[:print])
     end
 
+    def line_with_width(width = 80, opts = { print: true } )
+      if color?
+        result = ANSI_CODES[:bold] + GLYPHS[:heavy_dash] * width + ANSI_CODES[:reset] + "\n"
+      else
+        result = "-" * width + "\n"
+      end
+      print_or_return(result, opts[:print])
+    end
+
     # Makes a bullet point.
     def list_item(str, opts = { print: true })
       bullet = color? ? ANSI_CODES[:bold] + ANSI_CODES[:color][:white] + GLYPHS[:bullet] + ANSI_CODES[:reset] : "*"

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "5.7.9".freeze
+  VERSION = "5.14.0".freeze
 end

data/lib/plugins/inspec-artifact/inspec-artifact.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-artifact"
+  spec.summary       = ""
+  spec.description   = "Plugin to generate asymmetrical keys that you can use to encrypt profiles"
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-compliance/inspec-compliance.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-compliance"
+  spec.summary       = "Plugin to perform operations with Chef Automate"
+  spec.description   = "This extensions will allow you to interact with Chef Automate"
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-habitat/inspec-habitat.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-habitat"
+  spec.summary       = "Plugin to create/upload habitat package"
+  spec.description   = "This extensions will allow you to create/upload habitat package from an inspec profile."
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-init/inspec-init.gemspec

@@ -0,0 +1,9 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-init"
+  spec.summary       = "Plugin for scaffolding profile, plugin or a resource"
+  spec.description   = "This extensions helps you to easily create a new profile, plugin or a resource."
+  spec.license       = "Apache-2.0"
+end

data/lib/plugins/inspec-plugin-manager-cli/inspec-plugin-manager-cli.gemspec

@@ -0,0 +1,10 @@
+# .gemspec file is added to add plugin details
+# These specs are used in plugin list and search command
+
+Gem::Specification.new do |spec|
+  spec.name          = "inspec-plugin-manager-cli"
+  spec.summary       = "CLI plugin for InSpec"
+  spec.description   = "This is a CLI plugin for InSpec.  It uses the Plugins API v2 to create a
+  series of commands to manage plugins."
+  spec.license = "Apache-2.0"
+end