Release Notes for Styra DAS On-Premises 0.5.2
Styra DAS On-premises version 0.5.2 was released on June 30, 2021.
Release Summary
This release delivers the new features and enhancements in Styra DAS On-premises 0.5.2. The latest Release Notes for Styra DAS is available here.
New Features and Enhancements
This section describes the new features and enhancements in Styra DAS On-premises 0.5.2.
CLI
- This release adds a
mutating
flag to thestyra-cli .styra.yaml
file. The mutating flag adds mutating policy checks to thestyra-cli
validatecheck-local
command.
Backend
- DAS now has a Stack Owner role. This new authorization role behaves similarly to the existing System Owner role, except it works over stacks rather than systems. A stack owner has full authorization over a stack's configuration, policies, and data sources.
Git
- Git synchronization now supports the ability to use Git tags in addition to branches.
GUI
Starting with this release, policies can now import functions defined in a draft policy.
When editing a Rego policy in code view, auto-complete now provides suggestions for constants, functions, rules, and local variables.
Styra DAS now offers the best out-of-the-box rule set to address CIS (Center for Internet Security) benchmarks applicable to Kubernetes Admission Controller. The new CIS benchmarks pack can be found under the Manage Compliance Packs selector in each Kubernetes system’s UI.
This release provides support to configure Git repository per stack.
Styra DAS provides new Monitoring Integrations under Workspace >> Settings. Select Add data metrics targets to configure the DAS to periodically send the systems and time-series metrics to remote Datadog and Signalfx targets.
When inviting a new user to a DAS workspace, you can now generate a invitation link without sending an email.
On-Premises
- This release allows you to provide values for
DECISIONS_GC_HISTORY
andLOG_VIEW_LIMIT_TIME
invalues.yaml
instead of updating and maintaining a fork ofsettings-config.tpl
.
Policy Builder
- Policy Builder is now live! Policy Builder is a graphical way to read and author policies, and makes this possible for users to learn Rego. The code editor view will now have an option to toggle between code, swimlanes, and the policy editor. This feature is currently in
Beta
and is available to all DAS Free users immediately.
Storage
- Starting with this release, policies and data (LDAP, UAM, Rego, and signatures) are stored using Google Cloud Storage (S3-compatible) instead of GitHub Enterprise (GHE).
Systems
- This releases introduces the ability for users to toggle partial evaluation via API per system. Partial evaluation for bundles can be enabled on individual systems on Styra DAS. The configuration for partial evaluation is toggled using a setting in the deployment parameters that are part of a system's configuration.
Issues Fixed
This section describes the issues fixed in Styra DAS On-premises 0.5.2.
API
GET/POST
queries to/v1/data
(without path) were permitted if accompanied by an ad-hoc Rego query (Rego parameter). This release fixed the previously broken Rego preview for stack policies.
Git
Fixed an issue that prevented policy from being deleted when all of its modules were deleted through the API or by a Git synchronization.
Removed the empty policy logs automatically.
Previously, overwriting the history of a branch with force pushing broke the Git synchronization. This release fixed the issue and force pushing to branches was supported.
GUI
Fixed an issue where the UI crashes on the Decisions tab if a decision’s details has a
null
value in the results field.Updated the UI container image to remove vulnerable dependencies. In particular,
busybox
andapk-tools
were removed from the image.Fixed an issue in the decision mappings where the value of
expected value
is displayed correctly and handled when the value is set to an empty string.