Release Notes for Self-Hosted Styra DAS

Self-Hosted Styra DAS 0.16.1 was released on August 29th, 2024.

Self-Hosted Environment Changes

Faster pod startup times

Significantly improved pod startup times of DAS services for new installs.

Bundle Dependencies and SBOM features enabled by default

Feature flags have been added to the Helm chart values files to enable the bundle dependency and SBOM features by default:

    BUNDLE_DEPENDENCIES: true
    SBOM: true

Both features require that the bundle registry is enabled.

New Features and Changes

Beta UI Additions

Added support for all user role types. Added user activity log view. Added print output pane to policy editor during policy preview. Improved decision log load times.

Upgraded to OPA v0.67.1

The internal version of OPA used by Styra DAS has now been upgraded to OPA 0.67.1. This also adds support for the strings.count built-in introduced in OPA version 0.67.0.

Bundle rego_version parameter

New bundle builds will include rego_version: 0 in the bundle manifest in preparation for OPA v1 release. This ensures bundles will be run in Rego v0 mode once OPA v1 is released. Prior to OPA v1 release in late 2024, any Systems without a new bundle build after this DAS release will automatically have their bundles rebuilt to add the rego_version parameter to ensure compatibility.

Enterprise OPA batch_decision_id field in decisions

Decisions delivered to DAS from Enterprise OPA's batch decisions API will include a batch_decision_id field in decision logs shown in the UI.

SSO configuration test connection

During SSO setup, users can test the SSO connection before enabling to ensure the configuration is correct. This will trigger login via the SSO provider and return back to the SSO setup process if the setup is valid. If an error occurs during the Test Connection flow, any error returned from the SSO provider will be shown in the UI.

Return SSO claims from test SSO connection

During SSO setup, when using the Test Connection feature, the UI will display the claims returned from the SSO provider to aid in configuring role mappings.

Addition of PatchWorkspace API

Added the new PatchWorkspace API operation (PATCH /v1/workspace). This operates the same as the UpdateWorkspace API operation (PUT /v1/workspace) without requiring all values to be specified.

Deprecation of GetS3Config and UpdateS3Config APIs

Two redundant APIs have been marked deprecated and will be removed in a future DAS release: GetS3Config (GET /v1/workspace/s3-config) and UpdateS3Config (PUT /v1/workspace/s3-config). Customers who may be using these APIs should transition to use GetWorkspace and UpdateWorkspace, respectively.

Disabled decision indexing informational message

For tenants which may have decision indexing disabled, the UI will display a message for clarity that decision indexing and search is disabled.

Fixed Issues

Query page inconsistency with PostgreSQL database

Due to an inconsistency between building PostgreSQL queries and DynamoDB queries, in some cases the /v1/activity API could return fewer activity records than requested from the database for PostgreSQL installs.

Bundle build job failure with large input

In same cases, a System with a very large amount of policy and data files could result in a bundle build job failure.

Incorrect Timeseries decision counts

In some cases, a small number of decisions could be omitted from Timeseries decision metrics counts for a System if an error caused a Timeseries service restart in the middle of a job. This did not impact decision log delivery to DAS or decision log export.

Git sync failure for sub-packages with no rego file at root

In certain cases where a Git-backed resource consisted of two or more sub-packages with no Rego files at the root, a Git sync failure could block further Git syncs for that resource.

UI Git configuration error for SSH key with no passphrase

The UI required a passphrase when using an SSH key for Git configuration, even if the SSH key was created without a passphrase.

System dashboard error when missing compliance pack metadata

In some cases, compliance pack metadata was missing total resource counts, resulting in an error on the compliance pack chart on the System dashboard.

Print output pane does not scroll

For very long print outputs during policy preview, the print output pane did not scroll.

UI error when passing a set to Kubernetes library rules

Kubernetes system type library rules which allowed for passing in data for rule configuration parameters as an array could cause a UI error if a set was passed into the library rule instead.

Self-Hosted Environment Changes​

Faster pod startup times​

Bundle Dependencies and SBOM features enabled by default​

New Features and Changes​

Beta UI Additions​

Upgraded to OPA v0.67.1​

Bundle rego_version parameter​

Enterprise OPA batch_decision_id field in decisions​

SSO configuration test connection​

Return SSO claims from test SSO connection​

Addition of PatchWorkspace API​

Deprecation of GetS3Config and UpdateS3Config APIs​

Disabled decision indexing informational message​

Fixed Issues​

Query page inconsistency with PostgreSQL database​

Bundle build job failure with large input​

Incorrect Timeseries decision counts​

Git sync failure for sub-packages with no rego file at root​

UI Git configuration error for SSH key with no passphrase​

System dashboard error when missing compliance pack metadata​

Print output pane does not scroll​

UI error when passing a set to Kubernetes library rules​