Skip to main content

Release Notes for Self-Hosted Styra DAS

Self-Hosted Styra DAS 0.12.0 was released on 05-12-23.

Helm Chart Updates

New Features and Enhancements

Web Service

The web service has been included in this Self-Hosted release to lay the groundwork for future scalability and reliability improvements. Going forward, the backend microservices will be updated to more heavily rely on web for horizontally scalable peer-to-peer networking and work distribution.

Fixed Issues

Metrics-Exporter Service

The metrics-exporter service is required for some monitoring integrations, but was previously not packaged with Self-Hosted releases. It has now been added to the Self-Hosted release process, as well as relevant documentation.

Application Updates

New Features and Enhancements

Styra DAS API Configuration

This release adds support to the /v1/systems API for customizing the Discovery configuration for OPAs linked to a System. Any nested key values provided in the System's configuration through the field deployment_parameters.discovery will be rendered as part of the System’s discovery configuration

You can also override caching.inter_query_builtin_cache.max_size_bytes in the System configuration through optional customization by adding it to the request body for a POST/PUT operation for the /v1/systems API.

Styra Link allows you to manage Styra DAS using the Styra CLI. With the Styra Link workflow, you write, test, and validate your policy locally as an integrated part of your development.

Styra Visual Studio Code Extension

The Styra VS Code extension increases your productivity through a single, centralized IDE by avoiding switching back and forth using different tools. Through the Styra VS Code extension, you can manage commonly used features of Styra DAS and Rego development within the VS Code ecosphere.

Library Editing Support

Styra DAS Libraries are collection of functions, pre-compiled routines, or reusable code components which can be easily edited and are associated with Systems or Stacks. Libraries are only available in Styra DAS Enterprise. To enable this feature, please contact your Styra Customer Success Manager.

Support for Glob Matching

The Kubernetes System type rule card inclusion and exclusion filters now support glob patterns in all fields (namespaces, kinds, label-key, label-value, annotation-key, and annotation-value). Previously, glob-match was supported only on the label-value and annotation-value fields.

  • Git configuration is consolidated into the ‘styra link config git’ command removing ‘publish’.
  • Commands for listing installation and uninstallation instructions are now available.
  • Kubernetes Systems with Stacks can now initialize successfully.
  • Support was added for initializing Systems with older System type versions.
  • Debug output will mask sensitive values when displaying API request bodies.

Policy Builder

The application centric Policy Builder is designed to make it easier to author and review policy rules using snippets. Enabling this feature will currently only affect policy authoring in Entitlements Systems.

Policy Builder is an Alpha feature. To access Policy Builder click the User icon > Feature preview > Policy Builder.

Styra CLI 0.10.0

Styra CLI 0.10.0 is available which includes Entitlements System type support in Styra Link. Rules parsing is updated to support new schema types. Cache directory handling is updated to prevent missing directory warnings on Windows.

Compliance Scalability and Stability Improvements

Compliance API calls now optionally run as a Kubernetes job, which improves scalability and stability.

Bundle Optimization Settings

Bundle optimization can be configured in the Styra DAS UI. Bundle optimization level controls how bundles are optimized. Optimization applies partial evaluation to pre-compute known values in the system policies. Higher values increase bundle generation time and bundle propagation time to agents. To enable this feature, please contact your Styra Customer Success Manager.

Stateless Kubernetes Configuration Option

Kubernetes Systems support stateless and stateful systems. In Kubernetes deployment options there is a new configuration option, Use ephemeral storage. If ephemeral storage is disabled bundles are stored in persistent storage as a stateful system type. If ephemeral storage is enabled bundles are stored in ephemeral storage as a stateless system type. To enable this feature, please contact your Styra Customer Success Manager.

Beta Kubernetes Module View

The Kubernetes Module View differs from the Standard Kubernetes View by supporting a more customized policy structure. It exposes the underlying Rego modules and provides options for Add Policy, Add Data Source, and Add Monitor Policy.

To enable the Kubernetes Module View click the User icon > Feature preview > Kubernetes Module View.

Beta Policy Builder

The Application-Centric Policy Builder (Policy Builder) includes new functionality and is available as a beta release.

To enable Policy Builder click the User icon > Feature preview > Policy Builder.

Styra DAS and Styra Load Integration

Styra DAS now includes Styra Load integration.

Cosign-Based Image Validation

This release adds support for cosign-based image validation to the Kubernetes System. The OPA Webhooks can be configured to use cosign policy snippets with a list of images to verify and their associated parameters.

SLP Update

Styra DAS is updated with SLP 0.7.0. SLP 0.7.0 adds an internal validation API to be used with the cosign policy snippet.

Fixed Issues

Styra DAS UI

When attempting to create a JSON Data Source in the same folder as a Rego file (which is an operation that is not allowed) the Styra DAS UI was crashing rather than reporting the error. This has now been fixed.