23.11.002
Released on 6 November, 2023.
Server
Features
- Hosts can now be blocked from the client en-masse via DNS block lists. Block lists can be manually curated or regularly pulled from a plain text file over http or https.
- Adds the ability to set configuration options on the control plane.
GET and POST against /-net/api/v0/organization/config can influence control plane operations such as the following:
- If a user successfully authenticates after installing a Bowtie client,
automatically approve the device.
allow_device_approval_on_user_auth: bool
- If a controller has a PSK, automatically approve it’s joining the
control plane.
allow_controller_approval_with_psk_only: bool
These new options are configurable over the web interface under the “Settings” section in the navigation bar.
- If a user successfully authenticates after installing a Bowtie client,
automatically approve the device.
- If groups are passed in from SSO via the groups attribute, they will be parsed and applied to the user.
- The cloud-init executable is now included in the global system $PATH for any images that support cloud-init.
Documentation
Enhancements
- The documentation outlining how to use cloud-init and leveraging it for automated setup has been overhauled to include additional documentation for the skip-gui-init file and PSK parameter.
- Added some important information about how Bowtie Controllers automatically provision SSL/TLS with ACME providers. If you leverage ACME heavily in your organization and may be subject to rate limits or make use of alternative validation schemes like tls-alpn-01, you may want to consult the updated section on ACME caveats.
Features
- Added documentation outlining how to use the Bowtie Terraform provider.