diff --git a/manifests/key_manager/barbican.pp b/manifests/key_manager/barbican.pp
index d05d1e4..590caca 100644
--- a/manifests/key_manager/barbican.pp
+++ b/manifests/key_manager/barbican.pp
@@ -41,6 +41,29 @@
 # (Optional) The service uses service token feature when this is set as true.
 # Defaults to $facts['os_service_default']
 #
+# [*insecure*]
+# (Optional) If true, explicitly allow TLS without checking server cert
+# against any certificate authorities. WARNING: not recommended. Use with
+# caution.
+# Defaults to $facts['os_service_default']
+#
+# [*cafile*]
+# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
+# connections.
+# Defaults to $facts['os_service_default'].
+#
+# [*certfile*]
+# (Optional) Required if identity server requires client certificate
+# Defaults to $facts['os_service_default'].
+#
+# [*keyfile*]
+# (Optional) Required if identity server requires client certificate
+# Defaults to $facts['os_service_default'].
+#
+# [*timeout*]
+# (Optional) Timeout value for connecting to barbican in seconds.
+# Defaults to $facts['os_service_default']
+#
 define oslo::key_manager::barbican (
 $config = $name,
 $barbican_endpoint = $facts['os_service_default'],
@@ -51,6 +74,11 @@ define oslo::key_manager::barbican (
 $barbican_endpoint_type = $facts['os_service_default'],
 $barbican_region_name = $facts['os_service_default'],
 $send_service_user_token = $facts['os_service_default'],
+ $insecure = $facts['os_service_default'],
+ $cafile = $facts['os_service_default'],
+ $certfile = $facts['os_service_default'],
+ $keyfile = $facts['os_service_default'],
+ $timeout = $facts['os_service_default'],
 ) {
 $barbican_options = {
 'barbican/barbican_endpoint' => { value => $barbican_endpoint },
@@ -61,6 +89,11 @@ define oslo::key_manager::barbican (
 'barbican/barbican_endpoint_type' => { value => $barbican_endpoint_type },
 'barbican/barbican_region_name' => { value => $barbican_region_name },
 'barbican/send_service_user_token' => { value => $send_service_user_token },
+ 'barbican/insecure' => { value => $insecure },
+ 'barbican/cafile' => { value => $cafile },
+ 'barbican/certfile' => { value => $certfile },
+ 'barbican/keyfile' => { value => $keyfile },
+ 'barbican/timeout' => { value => $timeout },
 }
 
 create_resources($config, $barbican_options)
diff --git a/manifests/key_manager/barbican/service_user.pp b/manifests/key_manager/barbican/service_user.pp
index 7b87a6f..0d099d4 100644
--- a/manifests/key_manager/barbican/service_user.pp
+++ b/manifests/key_manager/barbican/service_user.pp
@@ -62,6 +62,10 @@
 # (Optional) Required if identity server requires client certificate
 # Defaults to $facts['os_service_default'].
 #
+# [*timeout*]
+# (Optional) Timeout value for connecting to keystone in seconds.
+# Defaults to $facts['os_service_default']
+#
 # [*region_name*]
 # (Optional) The region in which the identity server can be found.
 # Defaults to $facts['os_service_default'].
@@ -80,6 +84,7 @@ define oslo::key_manager::barbican::service_user (
 $cafile = $facts['os_service_default'],
 $certfile = $facts['os_service_default'],
 $keyfile = $facts['os_service_default'],
+ $timeout = $facts['os_service_default'],
 $region_name = $facts['os_service_default'],
 ) {
 if is_service_default($system_scope) {
@@ -95,10 +100,6 @@ define oslo::key_manager::barbican::service_user (
 $service_user_options = {
 'barbican_service_user/auth_type' => { 'value' => $auth_type },
 'barbican_service_user/auth_version' => { 'value' => $auth_version },
- 'barbican_service_user/cafile' => { 'value' => $cafile },
- 'barbican_service_user/certfile' => { 'value' => $certfile },
- 'barbican_service_user/keyfile' => { 'value' => $keyfile },
- 'barbican_service_user/region_name' => { 'value' => $region_name },
 'barbican_service_user/auth_url' => { 'value' => $auth_url },
 'barbican_service_user/username' => { 'value' => $username },
 'barbican_service_user/password' => { 'value' => $password, 'secret' => true },
@@ -107,6 +108,11 @@ define oslo::key_manager::barbican::service_user (
 'barbican_service_user/project_domain_name' => { 'value' => $project_domain_name_real },
 'barbican_service_user/system_scope' => { 'value' => $system_scope },
 'barbican_service_user/insecure' => { 'value' => $insecure },
+ 'barbican_service_user/cafile' => { 'value' => $cafile },
+ 'barbican_service_user/certfile' => { 'value' => $certfile },
+ 'barbican_service_user/keyfile' => { 'value' => $keyfile },
+ 'barbican_service_user/timeout' => { 'value' => $timeout },
+ 'barbican_service_user/region_name' => { 'value' => $region_name },
 }
 
 create_resources($name, $service_user_options)
diff --git a/releasenotes/notes/key-manager-session-options-859bddc410a85798.yaml b/releasenotes/notes/key-manager-session-options-859bddc410a85798.yaml
new file mode 100644
index 0000000..ac3103b
--- /dev/null
+++ b/releasenotes/notes/key-manager-session-options-859bddc410a85798.yaml
@@ -0,0 +1,14 @@
+---
+features:
+ - &#124;
+ The following parameters have been added to
+ the ``oslo::key_manager::barbican`` defined resource type.
+
+ - ``insecure``
+ - ``cafile``
+ - ``certfile``
+ - ``keyfile``
+
+ - &#124;
+ The new ``oslo::key_manager::barbican::service_type::timeout`` parameter
+ has been added.
diff --git a/spec/defines/oslo_key_manager_barbican_service_user_spec.rb b/spec/defines/oslo_key_manager_barbican_service_user_spec.rb
index c33590e..ece2f6d 100644
--- a/spec/defines/oslo_key_manager_barbican_service_user_spec.rb
+++ b/spec/defines/oslo_key_manager_barbican_service_user_spec.rb
@@ -26,6 +26,7 @@ describe 'oslo::key_manager::barbican::service_user' do
 is_expected.to contain_keystone_config('barbican_service_user/cafile').with_value('<service DEFAULT>')
 is_expected.to contain_keystone_config('barbican_service_user/certfile').with_value('<service DEFAULT>')
 is_expected.to contain_keystone_config('barbican_service_user/keyfile').with_value('<service DEFAULT>')
+ is_expected.to contain_keystone_config('barbican_service_user/timeout').with_value('<service DEFAULT>')
 is_expected.to contain_keystone_config('barbican_service_user/region_name').with_value('<service DEFAULT>')
 end
 end
@@ -45,6 +46,7 @@ describe 'oslo::key_manager::barbican::service_user' do
 :cafile => 'cafile.pem',
 :certfile => 'certfile.crt',
 :keyfile => 'somekey.key',
+ :timeout => 60,
 :region_name => 'MyRegion',
 })
 end
@@ -61,6 +63,7 @@ describe 'oslo::key_manager::barbican::service_user' do
 is_expected.to contain_keystone_config('barbican_service_user/cafile').with_value(params[:cafile])
 is_expected.to contain_keystone_config('barbican_service_user/certfile').with_value(params[:certfile])
 is_expected.to contain_keystone_config('barbican_service_user/keyfile').with_value(params[:keyfile])
+ is_expected.to contain_keystone_config('barbican_service_user/timeout').with_value(params[:timeout])
 is_expected.to contain_keystone_config('barbican_service_user/region_name').with_value(params[:region_name])
 end
 end
diff --git a/spec/defines/oslo_key_manager_barbican_spec.rb b/spec/defines/oslo_key_manager_barbican_spec.rb
index 1623e71..11adb3a 100644
--- a/spec/defines/oslo_key_manager_barbican_spec.rb
+++ b/spec/defines/oslo_key_manager_barbican_spec.rb
@@ -20,6 +20,11 @@ describe 'oslo::key_manager::barbican' do
 is_expected.to contain_keystone_config('barbican/barbican_endpoint_type').with_value('<service DEFAULT>')
 is_expected.to contain_keystone_config('barbican/barbican_region_name').with_value('<service DEFAULT>')
 is_expected.to contain_keystone_config('barbican/send_service_user_token').with_value('<service DEFAULT>')
+ is_expected.to contain_keystone_config('barbican/insecure').with_value('<service DEFAULT>')
+ is_expected.to contain_keystone_config('barbican/cafile').with_value('<service DEFAULT>')
+ is_expected.to contain_keystone_config('barbican/certfile').with_value('<service DEFAULT>')
+ is_expected.to contain_keystone_config('barbican/keyfile').with_value('<service DEFAULT>')
+ is_expected.to contain_keystone_config('barbican/timeout').with_value('<service DEFAULT>')
 end
 end
 
@@ -34,6 +39,11 @@ describe 'oslo::key_manager::barbican' do
 :barbican_endpoint_type => 'public',
 :barbican_region_name => 'regionOne',
 :send_service_user_token => true,
+ :insecure => false,
+ :cafile => 'cafile.pem',
+ :certfile => 'certfile.crt',
+ :keyfile => 'somekey.key',
+ :timeout => 60,
 }
 end
 
@@ -46,6 +56,11 @@ describe 'oslo::key_manager::barbican' do
 is_expected.to contain_keystone_config('barbican/barbican_endpoint_type').with_value('public')
 is_expected.to contain_keystone_config('barbican/barbican_region_name').with_value('regionOne')
 is_expected.to contain_keystone_config('barbican/send_service_user_token').with_value(true)
+ is_expected.to contain_keystone_config('barbican/insecure').with_value(false)
+ is_expected.to contain_keystone_config('barbican/cafile').with_value('cafile.pem')
+ is_expected.to contain_keystone_config('barbican/certfile').with_value('certfile.crt')
+ is_expected.to contain_keystone_config('barbican/keyfile').with_value('somekey.key')
+ is_expected.to contain_keystone_config('barbican/timeout').with_value(60)
 end
 end
 end
</div><div class="naked_ctrl">
<form action="/index.cgi/larger-text" method="get" name="gate">
<p><a href="http://altstyle.alfasado.net">AltStyle</a> によって変換されたページ <a href="https://opendev.org/openstack/puppet-oslo/commit/e449a0bb21e6b898eace88b91ba34d29ebd77b86.diff">(-&gt;オリジナル)</a>
/ <label>アドレス: <input type="text" name="naked_post_url" value="https://opendev.org/openstack/puppet-oslo/commit/e449a0bb21e6b898eace88b91ba34d29ebd77b86.diff" size="22" /></label> <label>モード: <select name="naked_post_mode">
<option value="default">デフォルト</option>
<option value="speech">音声ブラウザ</option>
<option value="ruby">ルビ付き</option>
<option value="contrast">配色反転</option>
<option value="larger-text" selected="selected">文字拡大</option>
<option value="mobile">モバイル</option>
</select>
<input type="submit" value="表示" />
</p>
</form>
</div>