inspec · arlimus · Dec 11, 2015 · Dec 11, 2015 · Dec 11, 2015 · Dec 11, 2015
diff --git a/docs/inspec_and_friends.rst b/docs/inspec_and_friends.rst
@@ -64,7 +64,7 @@ One of the key differences is that InSpec targets more user groups. It is optimi
       insecure SSHv1 connections anymore.
     "
     describe sshd_config do
-      its('Protocol') { should eq('2') }
+      its('Protocol') { should cmp 2 }
     end
   end
 

diff --git a/docs/resources.rst b/docs/resources.rst
@@ -275,6 +275,13 @@ This |inspec resource| matches any keyword that is listed in the ``auditd.conf``
 
    its('log_format') { should eq 'raw' }
 
+Since all option names and values are case insensitive for ``auditd_conf``, we recommend to compare values with `cmp` instead of the `eq`.
+
+.. code-block:: ruby
+
+   its('log_format') { should cmp 'raw' }
+   its('max_log_file') { should cmp 6 }
+
 Examples
 -----------------------------------------------------
 The following examples show how to use this InSpec audit resource.
@@ -284,20 +291,20 @@ The following examples show how to use this InSpec audit resource.
 .. code-block:: ruby
 
    describe auditd_conf do
-     its('log_file') { should eq '/full/path/to/file' }
-     its('log_format') { should eq 'raw' }
-     its('flush') { should eq 'none' }
-     its('freq') { should eq '1' }
-     its('num_logs') { should eq '0' }
-     its('max_log_file') { should eq '6' }
-     its('max_log_file_action') { should eq 'email' }
-     its('space_left') { should eq '2' }
-     its('action_mail_acct') { should eq 'root' }
-     its('space_left_action') { should eq 'email' }
-     its('admin_space_left') { should eq '1' }
-     its('admin_space_left_action') { should eq 'halt' }
-     its('disk_full_action') { should eq 'halt' }
-     its('disk_error_action') { should eq 'halt' }
+     its('log_file') { should cmp '/full/path/to/file' }
+     its('log_format') { should cmp 'raw' }
+     its('flush') { should cmp 'none' }
+     its('freq') { should cmp 1 }
+     its('num_logs') { should cmp 0 }
+     its('max_log_file') { should cmp 6 }
+     its('max_log_file_action') { should cmp 'email' }
+     its('space_left') { should cmp 2 }
+     its('action_mail_acct') { should cmp 'root' }
+     its('space_left_action') { should cmp 'email' }
+     its('admin_space_left') { should cmp 1 }
+     its('admin_space_left_action') { should cmp 'halt' }
+     its('disk_full_action') { should cmp 'halt' }
+     its('disk_error_action') { should cmp 'halt' }
    end
 
 
@@ -3910,7 +3917,7 @@ The following examples show how to use this InSpec audit resource.
 .. code-block:: ruby
 
    describe sshd_config do
-     its('Protocol') { should eq '2' }
+     its('Protocol') { should cmp 2 }
    end
 
 **Test ciphers**
@@ -3926,7 +3933,7 @@ The following examples show how to use this InSpec audit resource.
 .. code-block:: ruby
 
    describe sshd_config do
-     its('Port') { should eq '22' }
+     its('Port') { should cmp 22 }
      its('UsePAM') { should eq 'yes' }
      its('ListenAddress') { should eq nil }
      its('HostKey') { should eq [

diff --git a/lib/matchers/matchers.rb b/lib/matchers/matchers.rb
@@ -219,3 +219,43 @@
     fail "[UNSUPPORTED] `contain` matcher. Please use the following syntax `its('content') { should match('value') }`."
   end
 end
+
+# This matcher implements a compare feature that cannot be covered by the default
+# `eq` matcher
+# You can use it in the following cases:
+# - compare strings case-insensitive
+# - you expect a number (strings will be converted if possible)
+#
+RSpec::Matchers.define :cmp do |expected|
+
+  def integer?(value)
+    return true if value =~ /\A\d+\Z/
+    false
+  end
+
+  def float?(value)
+    true if Float(value) rescue false
+  end
+
+  match do |actual|
+    # if actual and expected are strings
+    if actual.is_a?(String) && expected.is_a?(String)
+      actual.casecmp(expected) == 0
+    elsif expected.is_a?(Integer) && integer?(actual)
+      expected == actual.to_i
+    elsif expected.is_a?(Float) && float?(actual)
+      expected == actual.to_f
+    # fallback to equal
+    else
+      actual == expected
+    end
+  end
+
+  failure_message do |actual|
+    "\nexpected: #{expected}\n     got: #{actual}\n\n(compared using `cmp` matcher)\n"
+  end
+
+  failure_message_when_negated do |actual|
+    "\nexpected: value != #{expected}\n     got: #{actual}\n\n(compared using `cmp` matcher)\n"
+  end
+end
diff --git a/test/integration/test/integration/default/compare_matcher_spec.rb b/test/integration/test/integration/default/compare_matcher_spec.rb
@@ -0,0 +1,19 @@
+# encoding: utf-8
+
+# uses the `cmp` matcher instead of the eq matcher
+describe sshd_config do
+  its('Port') { should eq '22' }
+  its('Port') { should_not eq 22 }
+
+  its('Port') { should cmp '22' }
+  its('Port') { should cmp 22 }
+  its('Port') { should cmp 22.0 }
+  its('Port') { should_not cmp 22.1 }
+
+  its('LogLevel') { should eq 'INFO' }
+  its('LogLevel') { should_not eq 'info'}
+
+  its('LogLevel') { should cmp 'INFO' }
+  its('LogLevel') { should cmp 'info' }
+  its('LogLevel') { should cmp 'InfO' }
+end