Release Notes for Styra DAS On-Premises 0.5.2

Styra DAS On-premises version 0.5.2 was released on June 30, 2021.

Release Summary

This release delivers the new features and enhancements in Styra DAS On-premises 0.5.2. The latest Release Notes for Styra DAS is available here.

New Features and Enhancements

This section describes the new features and enhancements in Styra DAS On-premises 0.5.2.

CLI

• This release adds a mutating flag to the styra-cli .styra.yaml file. The mutating flag adds mutating policy checks to the styra-cli validate check-local command.

Backend

• DAS now has a Stack Owner role. This new authorization role behaves similarly to the existing System Owner role, except it works over stacks rather than systems. A stack owner has full authorization over a stack's configuration, policies, and data sources.

Git

• Git synchronization now supports the ability to use Git tags in addition to branches.

GUI

• Starting with this release, policies can now import functions defined in a draft policy.

• The scroll position is remembered when switching between different authoring views (Swimlane and Code)

• When editing a Rego policy in code view, auto-complete now provides suggestions for constants, functions, rules, and local variables.

• Styra DAS now offers the best out-of-the-box rule set to address CIS (Center for Internet Security) benchmarks applicable to Kubernetes Admission Controller. The new CIS benchmarks pack can be found under the Manage Compliance Packs selector in each Kubernetes system’s UI.

• This release provides support to configure Git repository per stack.

• Styra DAS provides new Monitoring Integrations under Workspace >> Settings. Select Add data metrics targets to configure the DAS to periodically send the systems and time-series metrics to remote Datadog and Signalfx targets.

• When inviting a new user to a DAS workspace, you can now generate a invitation link without sending an email.

On-Premises

• This release allows you to provide values for DECISIONS_GC_HISTORY and LOG_VIEW_LIMIT_TIME in values.yaml instead of updating and maintaining a fork of settings-config.tpl.

Policy Builder

• Policy Builder is now live! Policy Builder is a graphical way to read and author policies, and makes this possible for users to learn Rego. The code editor view will now have an option to toggle between code, swimlanes, and the policy editor. This feature is currently in Beta and is available to all DAS Free users immediately.

Storage

• Starting with this release, policies and data (LDAP, UAM, Rego, and signatures) are stored using Google Cloud Storage (S3-compatible) instead of GitHub Enterprise (GHE).

Systems

• This releases introduces the ability for users to toggle partial evaluation via API per system. Partial evaluation for bundles can be enabled on individual systems on Styra DAS. The configuration for partial evaluation is toggled using a setting in the deployment parameters that are part of a system's configuration.

Issues Fixed

This section describes the issues fixed in Styra DAS On-premises 0.5.2.

API

• GET/POST queries to /v1/data (without path) were permitted if accompanied by an ad-hoc Rego query (Rego parameter). This release fixed the previously broken Rego preview for stack policies.

• Rego traces produced by the summary tracer (/v1/data/path?trace=summary) could return incomplete information for certain Rego rules. This could have lead to Envoy decisions not replaying correctly.

Git

• Fixed an issue that prevented policy from being deleted when all of its modules were deleted through the API or by a Git synchronization.

• Removed the empty policy logs automatically.

• Previously, overwriting the history of a branch with force pushing broke the Git synchronization. This release fixed the issue and force pushing to branches was supported.

• Removed the Git synchronization state when the system or stack was deleted, or after a timeout period (24 hrs).

• Git synchronization times have steadily increased over the last couple of months due to increased workloads.

GUI

• Fixed an issue where the UI crashes on the Decisions tab if a decision’s details has a null value in the results field.

• Updated the UI container image to remove vulnerable dependencies. In particular, busybox and apk-tools were removed from the image.

• Fixed an issue in the decision mappings where the value of expected value is displayed correctly and handled when the value is set to an empty string.