Release Notes for Self-Hosted Styra DAS
Self-Hosted Styra DAS 0.14.1 was released on January 2, 2024.
New Features and Changes
Updated to OPA v0.59.0
The internal version of OPA used by Styra DAS has now been updated to OPA 0.59.0.
Policy Bundle Software Bill of Materials (SBOM)
This feature adds a Software Bill of Materials (SBOM) to policy bundles, detailing the git references used in the bundle for each package namespace. The SBOM details will be added to the metadata
in the bundle's manifest file as well as the bundles API. An updated transactional Git sync process was added to support this feature, which also improves previous inconsistencies in Git sync edge cases. The feature can be enabled by setting the SBOM
feature flag to true
in your installation's Helm values.yaml
file.
Configure bundle activation per bundle type
For systems configured with manual bundle deployment and separate data bundles enabled, users can configure data bundles to be automatically deployed. The Deployments tab has been updated to more clearly indicate bundle types and their activation modes.
Exported bundle name templating
When exporting bundles to Amazon S3 or GCS, discovery and policy bundle names support using template variables in the form of $VARIABLE
or ${VARIABLE}
. Supported variables include: $VERSION
, $BUNDLE_DIGEST
, $REVISION_DIGEST
, $COMMIT
, $SYSTEM
, $SYSTEM_NAME
, and $TIMESTAMP
.
Enterprise OPA neo4j Built-in Support
Styra DAS supports defining and mocking Enterprise OPA's neo4j.query
built-in in the policy editor.
Fixed Issues
Fixed policies retained after changing Git settings
When changing the Git settings on a system, stack, or library (e.g., changing the Git reference), deleted or moved policies would not be automatically reconciled in DAS policy storage and would be retained in the system, stack, or library until manually deleted. This fix requires the SBOM
feature flag to be enabled to use the new transactional Git sync functionality.
Fixed Data Source Agent timeout causing reporting failure
In some cases a network timeout could cause the Data Source Agent to stop reporting data until restarted.
Fixed missing Allow/Deny toggle on Entitlements library rules
Library rules in the Entitlements system type using an Allow/Deny toggle were missing the toggle in some UI views.
Fixed WorkspaceViewer role missing Decisions
Users with only a WorkspaceViewer role were missing the Workspace-level Decisions tab in the UI.
Fixed error on default function
When using the default keyword on a function, DAS UI editor showed an invalid parser error.
Fixed system status load delay
In some cases when loading the DAS UI, the loading of system status could be delayed for up to a minute.
Fixed Enterprise OPA sql.send query arguments mocking
When mocking the Enterprise OPA sql.send
built-in, query arguments were excluded in matching mock objects to sql.send
usages.
Fixed replaying system decision for user without stack role
When replaying a system decision which included stack policies, a user without access to that stack would see an error in the UI.
Fixed SSO config support for multiple = in SSO claims
In the SSO provider claims configuration, the UI would only save the first key/value pair and remove any additional equal signs (=) and values following the additional equal signs.