Release Notes for Styra DAS On-Premises 0.5.2
Styra DAS On-premises version 0.5.2 was released on June 30, 2021.
This release delivers the new features and enhancements in Styra DAS On-premises 0.5.2. The latest Release Notes for Styra DAS is available here.
New Features and Enhancements
This section describes the new features and enhancements in Styra DAS On-premises 0.5.2.
- This release adds a
mutatingflag to the
styra-cli .styra.yamlfile. The mutating flag adds mutating policy checks to the
- DAS now has a Stack Owner role. This new authorization role behaves similarly to the existing System Owner role, except it works over stacks rather than systems. A stack owner has full authorization over a stack's configuration, policies, and data sources.
- Git synchronization now supports the ability to use Git tags in addition to branches.
Starting with this release, policies can now import functions defined in a draft policy.
The scroll position is remembered when switching between different authoring views (Swimlane and Code)
When editing a Rego policy in code view, auto-complete now provides suggestions for constants, functions, rules, and local variables.
Styra DAS now offers the best out-of-the-box rule set to address CIS (Center for Internet Security) benchmarks applicable to Kubernetes Admission Controller. The new CIS benchmarks pack can be found under the Manage Compliance Packs selector in each Kubernetes system’s UI.
This release provides support to configure Git repository per stack.
Styra DAS provides new Monitoring Integrations under Workspace >> Settings. Select Add data metrics targets to configure the DAS to periodically send the systems and time-series metrics to remote Datadog and Signalfx targets.
When inviting a new user to a DAS workspace, you can now generate a invitation link without sending an email.
- This release allows you to provide values for
values.yamlinstead of updating and maintaining a fork of
- Policy Builder is now live! Policy Builder is a graphical way to read and author policies, and makes this possible for users to learn Rego. The code editor view will now have an option to toggle between code, swimlanes, and the policy editor. This feature is currently in
Betaand is available to all DAS Free users immediately.
- Starting with this release, policies and data (LDAP, UAM, Rego, and signatures) are stored using Google Cloud Storage (S3-compatible) instead of GitHub Enterprise (GHE).
- This releases introduces the ability for users to toggle partial evaluation via API per system. Partial evaluation for bundles can be enabled on individual systems on Styra DAS. The configuration for partial evaluation is toggled using a setting in the deployment parameters that are part of a system's configuration.
This section describes the issues fixed in Styra DAS On-premises 0.5.2.
/v1/data(without path) were permitted if accompanied by an ad-hoc Rego query (Rego parameter). This release fixed the previously broken Rego preview for stack policies.
Rego traces produced by the summary tracer (
/v1/data/path?trace=summary) could return incomplete information for certain Rego rules. This could have lead to Envoy decisions not replaying correctly.
Fixed an issue that prevented policy from being deleted when all of its modules were deleted through the API or by a Git synchronization.
Removed the empty policy logs automatically.
Previously, overwriting the history of a branch with force pushing broke the Git synchronization. This release fixed the issue and force pushing to branches was supported.
Removed the Git synchronization state when the system or stack was deleted, or after a timeout period (24 hrs).
Git synchronization times have steadily increased over the last couple of months due to increased workloads.
Fixed an issue where the UI crashes on the Decisions tab if a decision’s details has a
nullvalue in the results field.
Updated the UI container image to remove vulnerable dependencies. In particular,
apk-toolswere removed from the image.
Fixed an issue in the decision mappings where the value of
expected valueis displayed correctly and handled when the value is set to an empty string.