Starter Conjur policy for Digitas groups

digitas-groups.rb

# conjur policy load --as-group security_admin digitas-policy.rb

# Create group 'devops', add user 'dustin' as an admin
devops = group '/devops' do
  add_member user('/dustin'), admin_option: true
end

# Create group 'developers', add user 'katie' as a member
developers = group '/developers' do
  add_member user('/katie')
end

# Create a postgres password variable
# Group 'devops' can read and change it
# Group 'developers' can only read it
postgres_password = variable '/databases/postgres/password' do |v|
  v.permit 'execute', devops
  v.permit 'update', devops

  v.permit 'execute', developers
end

step 1:
install UI plugin, launch it in background
step 2:
create variable, user, group via CLI - view in the UI
step 3:
permit group to read variable - view in UI
step 4:
edit and apply policy - view in UI

run through https://github.com/conjurdemos/conjur-kitchen