Release Notes for Self-Hosted Styra DAS
Self-Hosted Styra DAS 0.11.0 was released on 03-24-23.
Helm Chart Updates
New Features and Enhancements
Certificates Through Values
The Self-Hosted Styra DAS Helm Chart can now load certificates for the gateway
and gateway-secondary
services, as well as
for Custom CA Certificates
from the values file.
Prior to this enhancement the only way of providing certificates was to copy them into a tls
directory in an unpacked
copy of the chart. Being able to provide certificates in the values file now makes it possible for users to provide
certificates without having to download the Helm chart locally.
Loading the certificates from the file system is still supported for both the gateway services and custom CA Certificates.
Loading certificates from the tls
directory remains the default setting for the gateway services.
This update changes the customCA
field from a boolean value to a nested section. If you previously set customCA
to true
,
you must now update your values.yaml
to use customCA.enabled: true
, and either customCA.fromFile
or
customCA.fromValues
.
Application Updates
New Features and Enhancements
This section describes new features and enhancements.
Enhancement for Decision Log Management
Decisions now come with an nd_builtin_cache field. When the Styra DAS UI replays a decision, that decision’s nd_builtin_cache value is supplied in the request body parameter into the decision replay API.
OPA Update
Styra DAS is updated with OPA 0.47.
Terraform v2
Terraform v2 returns additional metadata with each rule violation.
Styra DAS API Configuration
This release adds support to the /v1/systems
API for customizing the
Discovery configuration for OPAs linked to a System. Any nested key values
provided in the System's configuration through the field
deployment_parameters.discovery
will be rendered as part of the System’s
discovery configuration
See OPA Discovery for information on how to use this feature.
Fixed Issues
This section describes fixed issues.
Terraform Rule
The Terraform GCP KICS "IP Forwarding Enabled" Rule was not working.
Kubernetes Data
Kubernetes data was not properly pushed to OPA by SLP.
Terraform System
Terraform configuration could not be modified by SSO users with Admin access.