fix: Set cinder auth in nova

drive-by: bump nova chart version and apply patches instead of local changes
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index 641e158..07e3872 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/nova
 - https://opendev.org/openstack/openstack-helm
-version: 0.3.10
+version: 0.3.16
diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml
index 7d3703e..e6aec81 100644
--- a/charts/nova/charts/helm-toolkit/Chart.yaml
+++ b/charts/nova/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
 sources:
 - https://opendev.org/openstack/openstack-helm-infra
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.53
+version: 0.2.54
diff --git a/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl b/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
index b99c00d..4a88dd8 100644
--- a/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
@@ -27,10 +27,12 @@
 {{- else if kindIs "slice" $dependencyMixinParam }}
 {{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }}
 {{- range $k, $v := $dependencyMixinParam -}}
+{{- if ( index $envAll.Values.dependencies.dynamic.targeted $v ) }}
 {{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}}
 {{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}}
 {{- end }}
 {{- end }}
+{{- end }}
 {{- else -}}
 {{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}}
 {{- end -}}
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 09252e0..6db5f70 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: helm-toolkit
   repository: file://../../openstack-helm-infra/helm-toolkit
-  version: 0.2.53
-digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
-generated: "2023-05-24T17:05:16.690446288Z"
+  version: 0.2.54
+digest: sha256:337a0f1ffb3eae591150b305c22293d85fb8c18abec78f56672de4f3ada2faae
+generated: "2023-08-19T09:33:02.220997881Z"
diff --git a/charts/nova/templates/bin/_health-probe.py.tpl b/charts/nova/templates/bin/_health-probe.py.tpl
index 9b06f40..660d62b 100644
--- a/charts/nova/templates/bin/_health-probe.py.tpl
+++ b/charts/nova/templates/bin/_health-probe.py.tpl
@@ -65,9 +65,14 @@
             server=_get_hostname(service_queue_name, use_fqdn),
             namespace='baseapi',
             version="1.1")
-        client = oslo_messaging.RPCClient(transport, target,
-                                          timeout=rpc_timeout,
-                                          retry=rpc_retries)
+        if hasattr(oslo_messaging, 'get_rpc_client'):
+            client = oslo_messaging.get_rpc_client(transport, target,
+                                                   timeout=rpc_timeout,
+                                                   retry=rpc_retries)
+        else:
+            client = oslo_messaging.RPCClient(transport, target,
+                                              timeout=rpc_timeout,
+                                              retry=rpc_retries)
         client.call(context.RequestContext(),
                     'ping',
                     arg=None)
@@ -137,7 +142,7 @@
     try:
         with open(sys.argv[2]) as conf_file:
             for line in conf_file:
-                if line.startswith("connection ="):
+                if "connection =" in line:
                     service = line.split(':', 3)[3].split('/')[1].rstrip('\n')
                     if service == "nova":
                         database_ports.add(
@@ -199,7 +204,7 @@
     log.logging.basicConfig(level=log.{{ .Values.health_probe.logging.level }})
 
     try:
-        transport = oslo_messaging.get_notification_transport(cfg.CONF)
+        transport = oslo_messaging.get_rpc_transport(cfg.CONF)
     except Exception as ex:
         message = getattr(ex, "message", str(ex))
         sys.stderr.write("Message bus driver load error: %s" % message)
@@ -238,16 +243,19 @@
     data = {}
     if os.path.isfile(pidfile):
         with open(pidfile,'r') as f:
-            data = json.load(f)
-        if check_pid_running(data['pid']):
-            if data['exit_count'] > 1:
-                # Third time in, kill the previous process
-                os.kill(int(data['pid']), signal.SIGTERM)
-            else:
-                data['exit_count'] = data['exit_count'] + 1
-                with open(pidfile, 'w') as f:
-                    json.dump(data, f)
-                sys.exit(0)
+            file_content = f.read().strip()
+            if file_content:
+                data = json.loads(file_content)
+
+    if 'pid' in data and check_pid_running(data['pid']):
+        if 'exit_count' in data and data['exit_count'] > 1:
+            # Third time in, kill the previous process
+            os.kill(int(data['pid']), signal.SIGTERM)
+        else:
+            data['exit_count'] = data.get('exit_count', 0) + 1
+            with open(pidfile, 'w') as f:
+                json.dump(data, f)
+            sys.exit(0)
     data['pid'] = os.getpid()
     data['exit_count'] = 0
     with open(pidfile, 'w') as f:
diff --git a/charts/nova/templates/certificate-novnc.yaml b/charts/nova/templates/certificate-novnc.yaml
index 8c5ebb0..e0b613b 100644
--- a/charts/nova/templates/certificate-novnc.yaml
+++ b/charts/nova/templates/certificate-novnc.yaml
@@ -1,31 +1,31 @@
-{{/*
-Copyright (c) 2023 VEXXHOST, Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) -}}
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: nova-novncproxy-vencrypt
-  namespace: {{ .Release.Namespace }}
-spec:
-  secretName: nova-novncproxy-vencrypt
-  commonName: nova-novncproxy
-  usages:
-  - client auth
-  issuerRef:
-    kind: Issuer
-    name: libvirt-vnc
-{{- end -}}
+{{/*

+Copyright (c) 2023 VEXXHOST, Inc.

+

+Licensed under the Apache License, Version 2.0 (the "License");

+you may not use this file except in compliance with the License.

+You may obtain a copy of the License at

+

+  http://www.apache.org/licenses/LICENSE-2.0

+

+Unless required by applicable law or agreed to in writing, software

+distributed under the License is distributed on an "AS IS" BASIS,

+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+See the License for the specific language governing permissions and

+limitations under the License.

+*/}}

+

+{{- if (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) -}}

+apiVersion: cert-manager.io/v1

+kind: Certificate

+metadata:

+  name: nova-novncproxy-vencrypt

+  namespace: {{ .Release.Namespace }}

+spec:

+  secretName: nova-novncproxy-vencrypt

+  commonName: nova-novncproxy

+  usages:

+  - client auth

+  issuerRef:

+    kind: Issuer

+    name: libvirt-vnc

+{{- end -}}

diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index aec97ef..230305a 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -256,6 +256,29 @@
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}}
 {{- end -}}
 
+{{- if empty .Values.conf.nova.cinder.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.cinder "auth_url" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.nova.cinder.os_region_name -}}
+{{- $_ := set .Values.conf.nova.cinder "os_region_name" .Values.endpoints.identity.auth.cinder.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.project_name -}}
+{{- $_ := set .Values.conf.nova.cinder "project_name" .Values.endpoints.identity.auth.cinder.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.project_domain_name -}}
+{{- $_ := set .Values.conf.nova.cinder "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.user_domain_name -}}
+{{- $_ := set .Values.conf.nova.cinder "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.username -}}
+{{- $_ := set .Values.conf.nova.cinder "username" .Values.endpoints.identity.auth.cinder.username -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.password -}}
+{{- $_ := set .Values.conf.nova.cinder "password" .Values.endpoints.identity.auth.cinder.password -}}
+{{- end -}}
+
 {{- if empty .Values.conf.nova.DEFAULT.osapi_compute_listen_port -}}
 {{- $_ := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
 {{- end -}}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index d4ce127..7f897ee 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -270,7 +270,7 @@
             service: local_image_registry
     targeted:
       ovn:
-        libvirt:
+        compute:
           pod:
             - requireSameNode: true
               labels:
@@ -1347,6 +1347,10 @@
       service_metadata_proxy: True
       auth_type: password
       auth_version: v3
+    cinder:
+      catalog_info: volumev3::internalURL
+      auth_url: null
+      auth_type: password
     database:
       max_retries: -1
     api_database:
@@ -1354,6 +1358,8 @@
     cell0_database:
       max_retries: -1
     keystone_authtoken:
+      service_token_roles: service
+      service_token_roles_required: true
       auth_type: password
       auth_version: v3
       memcache_security_strategy: ENCRYPT
@@ -1362,7 +1368,7 @@
       notify_on_state_change: vm_and_task_state
     service_user:
       auth_type: password
-      send_service_user_token: false
+      send_service_user_token: true
     libvirt:
       connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock"
       images_type: qcow2
@@ -1652,7 +1658,7 @@
         user_domain_name: default
         project_domain_name: default
       nova:
-        role: admin
+        role: admin,service
         region_name: RegionOne
         username: nova
         password: password
@@ -1687,6 +1693,14 @@
         project_name: service
         user_domain_name: service
         project_domain_name: service
+      cinder:
+        role: admin,service
+        region_name: RegionOne
+        username: cinder
+        password: password
+        project_name: service
+        user_domain_name: service
+        project_domain_name: service
       test:
         role: admin
         region_name: RegionOne
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index aa94ca0..7b1f887 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -135,9 +135,15 @@
   | filterdiff -p1 -i 'neutron/*' \
   | patch -p2 -d ${ATMOSPHERE}/charts/neutron
 
-NOVA_VERISON=0.3.10
+NOVA_VERISON=0.3.16
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/nova-${NOVA_VERISON}.tgz \
   | tar -xz -C ${ATMOSPHERE}/charts
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm~893563/revisions/1/patch?download' \
+  | base64 --decode \
+  | filterdiff -p1 -x 'releasenotes/*' \
+  | filterdiff -p2 -x 'Chart.yaml' \
+  | filterdiff -p1 -i 'nova/*' \
+  | patch -p2 -d ${ATMOSPHERE}/charts/nova
 
 SENLIN_VERSION=0.2.9
 curl -sL https://tarballs.opendev.org/openstack/openstack-helm/senlin-${SENLIN_VERSION}.tgz \