Comment 35 for bug 1939389

Reproduced the same problem on Ussuri when trying to extend already attached volume as a regular user (a user assigned 'member' role only). Steps to recreate:

1. OpenStack Ussuri, charm: cinder| ussuri/edge | rev. 568
2. create a volume and attach it to a VM
3. as a user with the 'member' role assigned to the project try to extend the volume:
`cinder extend <vol id> <new size>
4. the command completes with the rc 0 (all good), `openstack volume show` shows new size but cinder-volume.log contains following error and the volume size from the VM perspective remains unchanged:
#### actual 403 error message from nova #####
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova [req-13d1093e-9a7f-4f03-b505-c985d9d45691 754c0e6eae22488982f393b69e9800a3 d6761dacbb0649189a07a4a1a191a8c0 - 6a4439622e71431c8b96073e33c3b7e1 6a4439622e71431c8b96073e33c3b7e1] Failed to notify nova on events: [{'name': 'volume-extended', 'server_uuid': '3d51176f-281c-4ab3-8631-042ccd407d1d', 'tag': '99c14113-f1ed-4e28-a9b9-54c7eb862db8'}].: novaclient.exceptions.Forbidden: Policy doesn't allow os_compute_api:os-server-external-events:create to be performed. (HTTP 403) (Request-ID: req-6a908980-00ae-455e-b8fb-aab951032251)
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova Traceback (most recent call last):
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova File "/usr/lib/python3/dist-packages/cinder/compute/nova.py", line 149, in _send_events
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova response = nova.server_external_events.create(events)
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova File "/usr/lib/python3/dist-packages/novaclient/v2/server_external_events.py", line 38, in create
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova return self._create('/os-server-external-events', body, 'events',
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova File "/usr/lib/python3/dist-packages/novaclient/base.py", line 363, in _create
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova resp, body = self.api.client.post(url, body=body)
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova File "/usr/lib/python3/dist-packages/keystoneauth1/adapter.py", line 392, in post
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova return self.request(url, 'POST', **kwargs)
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova File "/usr/lib/python3/dist-packages/novaclient/client.py", line 78, in request
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova raise exceptions.from_response(resp, body, url, method)
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova novaclient.exceptions.Forbidden: Policy doesn't allow os_compute_api:os-server-external-events:create to be performed. (HTTP 403) (Request-ID: req-6a908980-00ae-455e-b8fb-aab951032251)
2022-11-21 12:53:22.806 1243598 ERROR cinder.compute.nova

#### successful completion - that is wrong ####
2022-11-21 12:53:22.880 1243598 INFO cinder.volume.manager [req-13d1093e-9a7f-4f03-b505-c985d9d45691 754c0e6eae22488982f393b69e9800a3 d6761dacbb0649189a07a4a1a191a8c0 - 6a4439622e71431c8b96073e33c3b7e1 6a4439622e71431c8b96073e33c3b7e1] Extend volume completed successfully.

This is because if the [nova] section in the cinder.conf is missing, the api request to the nova-api from the cinder is executed as the user who initiated the cinder cli call (in the case above its 754c0e6eae22488982f393b69e9800a3) who does not have privileges to execute 'volume-extend'.

Adding following [nova] section to the cinder.conf solves the problem:
[nova]
url = <nova api url>
region_name = <region>
auth_url = <keystone api url>
auth_type = password
project_domain_name = <project_domain>
user_domain_name = <nova_user_domain>
project_name = <project_name>
username = nova
password = <password>

Please provide the fix to the Ussuri version of the charm (ussri channel).
Thank you.