Release Notes for Styra DAS On-Premises 0.4.1
Styra DAS On-premises version 0.4.1 was released on May 12, 2020.
Styra DAS On-premises 0.4.1 delivers the key requirements, location of Styra DAS On-premises 0.4.0, installation docs, new features and enhancements, and the list of fixed issues.
Any upgrade to Styra DAS On-premises 0.4.1 will require Styra DAS On-premises 0.4.0 to be installed first, or a disruptive upgrade.
All pods must be stopped prior to the upgrade.
The following shows the location for Styra DAS On-premises 0.4.1.
- Location: s3://styra-release/releases/0.4.1/on-premises.tar.gz.
- AWS Link: aws s3 presign s3://styra-release/releases/0.4.1/on-premises.tar.gz --expires-in 600000.
The Styra DAS On-premises installation docs are now available on
New Features and Enhancements
This section describes the Enhancements in Styra DAS On-premises 0.4.1.
Prior to this release,
logreplayonly replayed decisions for at most 30 seconds. Therefore,
logreplaywas not used for analysis of big volume decisions. This release enhances the use of replay API by introducing a timeout mechanism that allows arbitrary timeout values for the
logreplay. A configuration option to set the maximum replay duration is also added.
If data patches are provided in the request, then they are applied to the Rego data namespace before each decision replay. This could cause performance issues for larger patches and lack of ability to reuse previously loaded and patched data for subsequent queries. This release enhances the implementation details to cache the data namespace for decisions of the same revision.
This section describes the Issues Fixed in Styra DAS On-premises 0.4.1.
- Support for utilizing mixture of authentication mechanisms for communications with different AWS services was added.
Examples are listed, as follows:
Using static credentials for local Elasticsearch (ES).
Using Identity and Access Management (IAM) roles authentication for AWS managed Simple Storage Service (S3).
opa.runtimewas mocked, and the
ALLOW_UNSAFE_BUILTINSfeature flag was deprecated.
- When users were deleted, they were not fully removed from the
rolebindingswhere they were attached. For example, an owner assigned to a given system. When the system ownership was changed, the patch was not supported. The UI added a new user by pulling the current list, adding the new user, and pushing the updated list. But, the handler rejected subjects list where the user was not valid. Therefore, the system owner bug was changed after the owner deletion. Starting from Styra DAS On-premises 0.4.1, do not return non-existent owners when pulling the current
kustomize.yamlfile was not added to the Kustomize tar generation logic, the Kustomize installation option for the Kubernetes system did not include the
MutatingWebhookConfigurationresource. This issue was fixed by adding the
kustomize.yamlfile to tar that is generated for Kustomize download.
For every 30 seconds, the false changes were reported for Git mounted policies causing performance issues. This issue occurred when Git or Rego data source plugin reported insignificant timestamps on each execution, which changed the data source revision even though the files did not change. Starting from Styra DAS On-premises 0.4.1, the data source plugin updates were reduced to significant changes only (file contents or folder structure).