1 files changed, 35 insertions, 17 deletions

diff --git a/keystoneclient/access.py b/keystoneclient/access.py
index dfd7e9a..3c89cc1 100644
--- a/keystoneclient/access.py
+++ b/keystoneclient/access.py
@@ -33,35 +33,43 @@ class AccessInfo(dict):
     """
 
     @classmethod
-    def factory(cls, resp=None, body=None, region_name=None, **kwargs):
+    def factory(cls, resp=None, body=None, region_name=None, auth_token=None,
+                **kwargs):
         """Create AccessInfo object given a successful auth response & body
            or a user-provided dict.
         """
         # FIXME(jamielennox): Passing region_name is deprecated. Provide an
         # appropriate warning.
+        auth_ref = None
 
         if body is not None or len(kwargs):
             if AccessInfoV3.is_valid(body, **kwargs):
-                token = None
-                if resp:
-                    token = resp.headers['X-Subject-Token']
+                if resp and not auth_token:
+                    auth_token = resp.headers['X-Subject-Token']
+                # NOTE(jamielennox): these return AccessInfo because they
+                # already have auth_token installed on them.
                 if body:
                     if region_name:
                         body['token']['region_name'] = region_name
-                    return AccessInfoV3(token, **body['token'])
+                    return AccessInfoV3(auth_token, **body['token'])
                 else:
-                    return AccessInfoV3(token, **kwargs)
+                    return AccessInfoV3(auth_token, **kwargs)
             elif AccessInfoV2.is_valid(body, **kwargs):
                 if body:
                     if region_name:
                         body['access']['region_name'] = region_name
-                    return AccessInfoV2(**body['access'])
+                    auth_ref = AccessInfoV2(**body['access'])
                 else:
-                    return AccessInfoV2(**kwargs)
+                    auth_ref = AccessInfoV2(**kwargs)
             else:
                 raise NotImplementedError('Unrecognized auth response')
         else:
-            return AccessInfoV2(**kwargs)
+            auth_ref = AccessInfoV2(**kwargs)
+
+        if auth_token:
+            auth_ref.auth_token = auth_token
+
+        return auth_ref
 
     def __init__(self, *args, **kwargs):
         super(AccessInfo, self).__init__(*args, **kwargs)
@@ -110,7 +118,18 @@ class AccessInfo(dict):
 
         :returns: str
         """
-        raise NotImplementedError()
+        return self['auth_token']
+
+    @auth_token.setter
+    def auth_token(self, value):
+        self['auth_token'] = value
+
+    @auth_token.deleter
+    def auth_token(self):
+        try:
+            del self['auth_token']
+        except KeyError:
+            pass
 
     @property
     def expires(self):
@@ -395,9 +414,12 @@ class AccessInfoV2(AccessInfo):
     def has_service_catalog(self):
         return 'serviceCatalog' in self
 
-    @property
+    @AccessInfo.auth_token.getter
     def auth_token(self):
-        return self['token']['id']
+        try:
+            return super(AccessInfoV2, self).auth_token
+        except KeyError:
+            return self['token']['id']
 
     @property
     def expires(self):
@@ -568,7 +590,7 @@ class AccessInfoV3(AccessInfo):
             token=token,
             region_name=self._region_name)
         if token:
-            self.update(auth_token=token)
+            self.auth_token = token
 
     @classmethod
     def is_valid(cls, body, **kwargs):
@@ -583,10 +605,6 @@ class AccessInfoV3(AccessInfo):
         return 'catalog' in self
 
     @property
-    def auth_token(self):
-        return self['auth_token']
-
-    @property
     def expires(self):
         return timeutils.parse_isotime(self['expires_at'])