Release Notes for Self-Hosted Styra DAS
Self-Hosted Styra DAS 0.12.0 was released on 05-12-23.
Helm Chart Updates
New Features and Enhancements
Web Service
The web service has been included in this Self-Hosted release to lay the groundwork for future scalability and
reliability improvements. Going forward, the backend microservices will be updated to more heavily rely on web
for horizontally scalable peer-to-peer networking and work distribution.
Fixed Issues
Metrics-Exporter Service
The metrics-exporter service is required for some monitoring integrations, but was previously not packaged with
Self-Hosted releases. It has now been added to the Self-Hosted release process, as well as relevant documentation.
Application Updates
New Features and Enhancements
Styra DAS API Configuration
This release adds support to the /v1/systems API for customizing the
Discovery configuration for OPAs linked to a System. Any nested key values
provided in the System's configuration through the field
deployment_parameters.discovery will be rendered as part of the System’s
discovery configuration
You can also override caching.inter_query_builtin_cache.max_size_bytes in the
System configuration through optional customization by adding it to the request
body for a POST/PUT operation for the /v1/systems API.
Styra Link
Styra Link allows you to manage Styra DAS using the Styra CLI. With the Styra Link workflow, you write, test, and validate your policy locally as an integrated part of your development.
Styra Visual Studio Code Extension
The Styra VS Code extension increases your productivity through a single, centralized IDE by avoiding switching back and forth using different tools. Through the Styra VS Code extension, you can manage commonly used features of Styra DAS and Rego development within the VS Code ecosphere.
Library Editing Support
Styra DAS Libraries are collection of functions, pre-compiled routines, or reusable code components which can be easily edited and are associated with Systems or Stacks. Libraries are only available in Styra DAS Enterprise. To enable this feature, please contact your Styra Customer Success Manager.
Support for Glob Matching
The Kubernetes System type rule card inclusion and exclusion filters now support glob patterns in all fields (namespaces, kinds, label-key, label-value, annotation-key, and annotation-value). Previously, glob-match was supported only on the label-value and annotation-value fields.
Styra CLI 0.9.0 – Link Updates
- Git configuration is consolidated into the ‘styra link config git’ command removing ‘publish’.
- Commands for listing installation and uninstallation instructions are now available.
- Kubernetes Systems with Stacks can now initialize successfully.
- Support was added for initializing Systems with older System type versions.
- Debug output will mask sensitive values when displaying API request bodies.
Policy Builder
The application centric Policy Builder is designed to make it easier to author and review policy rules using snippets. Enabling this feature will currently only affect policy authoring in Entitlements Systems.
Policy Builder is an Alpha feature. To access Policy Builder click the User icon > Feature preview > Policy Builder.
Styra CLI 0.10.0
Styra CLI 0.10.0 is available which includes Entitlements System type support in Styra Link. Rules parsing is updated to support new schema types. Cache directory handling is updated to prevent missing directory warnings on Windows.
Compliance Scalability and Stability Improvements
Compliance API calls now optionally run as a Kubernetes job, which improves scalability and stability.
Bundle Optimization Settings
Bundle optimization can be configured in the Styra DAS UI. Bundle optimization level controls how bundles are optimized. Optimization applies partial evaluation to pre-compute known values in the system policies. Higher values increase bundle generation time and bundle propagation time to agents. To enable this feature, please contact your Styra Customer Success Manager.
Stateless Kubernetes Configuration Option
Kubernetes Systems support stateless and stateful systems. In Kubernetes deployment options there is a new configuration option, Use ephemeral storage. If ephemeral storage is disabled bundles are stored in persistent storage as a stateful system type. If ephemeral storage is enabled bundles are stored in ephemeral storage as a stateless system type. To enable this feature, please contact your Styra Customer Success Manager.
Beta Kubernetes Module View
The Kubernetes Module View differs from the Standard Kubernetes View by supporting a more customized policy structure. It exposes the underlying Rego modules and provides options for Add Policy, Add Data Source, and Add Monitor Policy.
To enable the Kubernetes Module View click the User icon > Feature preview > Kubernetes Module View.
Beta Policy Builder
The Application-Centric Policy Builder (Policy Builder) includes new functionality and is available as a beta release.
To enable Policy Builder click the User icon > Feature preview > Policy Builder.
Styra DAS and Styra Load Integration
Styra DAS now includes Styra Load integration.
Cosign-Based Image Validation
This release adds support for cosign-based image validation to the Kubernetes System. The OPA Webhooks can be configured to use cosign policy snippets with a list of images to verify and their associated parameters.
SLP Update
Styra DAS is updated with SLP 0.7.0. SLP 0.7.0 adds an internal validation API to be used with the cosign policy snippet.
Fixed Issues
Styra DAS UI
When attempting to create a JSON Data Source in the same folder as a Rego file (which is an operation that is not allowed) the Styra DAS UI was crashing rather than reporting the error. This has now been fixed.