2025.1 Series Release Notes

15.0.0-5

New Features

  • A new module, blazar.wsgi, has been added as a place to gather WSGI application objects. This is intended to ease deployment by providing a consistent location for these objects. For example, if using uWSGI then instead of:

    [uwsgi]
    wsgi-file = /bin/blazar-api-wsgi
    

    You can now use:

    [uwsgi]
    module = blazar.wsgi.api:application
    

    This also simplifies deployment with other WSGI servers that expect module paths such as gunicorn.

Upgrade Notes

  • The WSGI script blazar-api-wsgi has been removed. Deployment tooling should instead reference the Python module path for the wsgi module in Blazar, blazar.wsgi.api:application if their chosen WSGI server supports this (gunicorn, uWSGI, etc.) or implement a .wsgi script themselves if not (mod_wsgi).

Security Issues

  • Fixes a bug where any user could update/delete a lease from any project, provided that they had the lease ID. When using the default policy configuration, there is no way for a regular user to see lease IDs of another project. However, operators that are running the Resource Availability Calendar may have overridden this policy, and so may be vulnerable without this fix. LP#2120655

15.0.0

New Features

  • The Blazar policies implemented the scope concept and new default roles (admin, member, and reader) provided by keystone.

Upgrade Notes

  • All the policies implement the scope_type and new defaults.

    • Scope

      Each policy is protected with project scope_type.

    • New Defaults(Admin, Member and Reader)

      Policies are default to Admin, Member and Reader roles. Old roles are also supported. There is no change in the legacy admin access.

Bug Fixes

  • Fixes functionality of host randomization feature. LP#2099927