From f2af193bb8b05e59d15ed3f729ff152e6ce131eb Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 26 Dec 2021 18:40:42 +0100
Subject: [PATCH 01/39] Ignoring /.coverage

---
 .gitignore | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index a7b6698..ba552da 100644
--- a/.gitignore
+++ b/.gitignore
@@ -246,5 +246,5 @@ dmypy.json
 
 # End of https://www.toptal.com/developers/gitignore/api/jetbrains,python
 
-var/terraform/.terraform/
-var/terraform/.terraform.lock.hcl
+
+.coverage

From fe4bf3afdfcd9ab9bfb2c5367b16a5efb05c2ccf Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 26 Dec 2021 18:49:47 +0100
Subject: [PATCH 02/39] Cosmetic change

---
 mrmat_python_api_flask/apis/greeting/v1/model.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mrmat_python_api_flask/apis/greeting/v1/model.py b/mrmat_python_api_flask/apis/greeting/v1/model.py
index a20ddd0..cd77038 100644
--- a/mrmat_python_api_flask/apis/greeting/v1/model.py
+++ b/mrmat_python_api_flask/apis/greeting/v1/model.py
@@ -35,7 +35,7 @@ class Meta:
         required=True,
         dump_only=True,
         metadata={
-            'description': 'The message returned'
+            'description': 'A greeting message'
         }
     )
 

From 3ec814d49c57b102e41ca3c12132fa6bd57c5cb7 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 26 Dec 2021 18:50:19 +0100
Subject: [PATCH 03/39] Cosmetic change

---
 mrmat_python_api_flask/apis/greeting/v2/model.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mrmat_python_api_flask/apis/greeting/v2/model.py b/mrmat_python_api_flask/apis/greeting/v2/model.py
index 146908f..a8f8365 100644
--- a/mrmat_python_api_flask/apis/greeting/v2/model.py
+++ b/mrmat_python_api_flask/apis/greeting/v2/model.py
@@ -49,7 +49,7 @@ class Meta:
         required=True,
         dump_only=True,
         metadata={
-            'description': 'The message returned'
+            'description': 'A greeting message'
         }
     )
 

From 36391fd84ef334583b60337d7dbeba906e8d259b Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Thu, 30 Dec 2021 11:14:24 +0100
Subject: [PATCH 04/39] Interim

---
 .idea/mrmat-python-api-flask.iml              |  1 +
 mrmat_python_api_flask/apis/__init__.py       | 30 +++++++++++++
 .../apis/healthz/__init__.py                  |  1 -
 mrmat_python_api_flask/apis/healthz/api.py    | 20 ++++-----
 mrmat_python_api_flask/apis/healthz/model.py  | 42 -----------------
 .../apis/resource/v1/__init__.py              |  4 +-
 .../apis/resource/v1/api.py                   | 18 ++++----
 .../apis/resource/v1/model.py                 | 13 +-----
 tests/test_healthz.py                         |  5 ++-
 tests/test_resource_v1.py                     | 45 ++++++++++++++++++-
 10 files changed, 101 insertions(+), 78 deletions(-)
 delete mode 100644 mrmat_python_api_flask/apis/healthz/model.py

diff --git a/.idea/mrmat-python-api-flask.iml b/.idea/mrmat-python-api-flask.iml
index a5ec002..6334ba1 100644
--- a/.idea/mrmat-python-api-flask.iml
+++ b/.idea/mrmat-python-api-flask.iml
@@ -16,6 +16,7 @@
       <excludeFolder url="file://$MODULE_DIR$/.idea/dataSources" />
       <excludeFolder url="file://$MODULE_DIR$/var/terraform/.terraform" />
       <excludeFolder url="file://$MODULE_DIR$/instance" />
+      <excludeFolder url="file://$MODULE_DIR$/tests/build" />
     </content>
     <orderEntry type="jdk" jdkName="Python 3.10 (mrmat-python-api-flask)" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
diff --git a/mrmat_python_api_flask/apis/__init__.py b/mrmat_python_api_flask/apis/__init__.py
index c386ce8..d9e9c8f 100644
--- a/mrmat_python_api_flask/apis/__init__.py
+++ b/mrmat_python_api_flask/apis/__init__.py
@@ -19,3 +19,33 @@
 #  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
+
+"""
+Code that can be re-used by all APIs
+"""
+
+from marshmallow import fields
+
+from mrmat_python_api_flask import ma
+
+
+class StatusOutputSchema(ma.Schema):
+    class Meta:
+        fields = ('code', 'message')
+
+    code = fields.Int(
+        default=0,
+        metadata={
+            'description': 'An integer status code which will typically match the HTTP status code'
+        }
+    )
+    message = fields.Str(
+        required=True,
+        dump_only=True,
+        metadata={
+            'description': 'A human-readable message'
+        }
+    )
+
+
+status_output = StatusOutputSchema()
diff --git a/mrmat_python_api_flask/apis/healthz/__init__.py b/mrmat_python_api_flask/apis/healthz/__init__.py
index 9fd9dbd..60b7b26 100644
--- a/mrmat_python_api_flask/apis/healthz/__init__.py
+++ b/mrmat_python_api_flask/apis/healthz/__init__.py
@@ -23,5 +23,4 @@
 """Pluggable blueprint of the Health API
 """
 
-from .model import HealthzOutput            # noqa: F401
 from .api import bp as api_healthz          # noqa: F401
diff --git a/mrmat_python_api_flask/apis/healthz/api.py b/mrmat_python_api_flask/apis/healthz/api.py
index f65781f..3f7be71 100644
--- a/mrmat_python_api_flask/apis/healthz/api.py
+++ b/mrmat_python_api_flask/apis/healthz/api.py
@@ -23,18 +23,16 @@
 """Blueprint for the Healthz API
 """
 
-from flask.views import MethodView
-from flask_smorest import Blueprint
-from .model import HealthzOutput, healthz_output
+#from flask_smorest import Blueprint
+from flask import Blueprint
 
-bp = Blueprint('healthz',
-               __name__,
-               description='Health API')
+from mrmat_python_api_flask.apis import status_output
 
+#bp = Blueprint('healthz', __name__, description='Health API')
+bp = Blueprint('healthz', __name__)
 
-@bp.route('/')
-class Healthz(MethodView):
 
-    @bp.response(200, HealthzOutput)
-    def get(self):
-        return healthz_output.dump({'status': 'OK'}), 200
+@bp.route('/')
+#@bp.response(200, StatusOutputSchema)
+def get():
+    return status_output.dump(status=200, message='OK'), 200
diff --git a/mrmat_python_api_flask/apis/healthz/model.py b/mrmat_python_api_flask/apis/healthz/model.py
deleted file mode 100644
index d3c305b..0000000
--- a/mrmat_python_api_flask/apis/healthz/model.py
+++ /dev/null
@@ -1,42 +0,0 @@
-#  MIT License
-#
-#  Copyright (c) 2021 MrMat
-#
-#  Permission is hereby granted, free of charge, to any person obtaining a copy
-#  of this software and associated documentation files (the "Software"), to deal
-#  in the Software without restriction, including without limitation the rights
-#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-#  copies of the Software, and to permit persons to whom the Software is
-#  furnished to do so, subject to the following conditions:
-#
-#  The above copyright notice and this permission notice shall be included in
-#  all copies or substantial portions of the Software.
-#
-#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-#  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-#  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-#  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-#  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-#  SOFTWARE.
-
-"""Healthz API Model"""
-
-from marshmallow import fields
-
-from mrmat_python_api_flask import ma
-
-
-class HealthzOutput(ma.Schema):
-    class Meta:
-        fields = ('status',)
-
-    status = fields.Str(
-        required=True,
-        dump_only=True,
-        metadata={
-            'description': 'An indication of application health'
-        })
-
-
-healthz_output = HealthzOutput()
diff --git a/mrmat_python_api_flask/apis/resource/v1/__init__.py b/mrmat_python_api_flask/apis/resource/v1/__init__.py
index d2ca02f..52bde28 100644
--- a/mrmat_python_api_flask/apis/resource/v1/__init__.py
+++ b/mrmat_python_api_flask/apis/resource/v1/__init__.py
@@ -23,5 +23,5 @@
 """Pluggable blueprint of the Resource API v1
 """
 
-from .api import bp as api_resource_v1       # noqa: F401
-from .model import Owner, Resource, OwnerSchema, ResourceSchema  # noqa: F401
+from .api import bp as api_resource_v1                              # noqa: F401
+from .model import Owner, Resource, OwnerSchema, ResourceSchema     # noqa: F401
diff --git a/mrmat_python_api_flask/apis/resource/v1/api.py b/mrmat_python_api_flask/apis/resource/v1/api.py
index 7fb3247..0413d64 100644
--- a/mrmat_python_api_flask/apis/resource/v1/api.py
+++ b/mrmat_python_api_flask/apis/resource/v1/api.py
@@ -30,6 +30,7 @@
 from marshmallow import ValidationError
 
 from mrmat_python_api_flask import db, oidc
+from mrmat_python_api_flask.apis import status_output
 from .model import Owner, Resource, resource_schema, resources_schema
 
 bp = Blueprint('resource_v1', __name__)
@@ -57,7 +58,7 @@ def get_one(i: int):
     logger.info(f'Called by {client_id} for {name}')
     resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
-        return {'status': 404, 'message': f'Unable to find entry with identifier {i} in database'}, 404
+        return status_output.dump(code=404, message='Unable to find a resource with this id'), 404
     return resource_schema.dump(resource), 200
 
 
@@ -69,7 +70,7 @@ def create():
     try:
         json_body = request.get_json()
         if not json_body:
-            return {'message': 'No input data provided'}, 400
+            return status_output.dump(code=400, message='Missing input data'), 400
         body = resource_schema.load(request.get_json())
     except ValidationError as ve:
         return ve.messages, 422
@@ -81,8 +82,8 @@ def create():
         .filter(Resource.name == body['name'] and Resource.owner.client_id == client_id)\
         .one_or_none()
     if resource is not None:
-        return {'status': 409,
-                'message': f'A resource with the same name and owner already exists with id {resource.id}'}, 409
+        # TODO: Allow turning this off because it can be used as an enumeration attack
+        return status_output.dump(code=409, message='This resource already exists'), 409
 
     #
     # Look up the owner and create one if necessary
@@ -107,9 +108,9 @@ def modify(i: int):
 
     resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
-        return {'status': 404, 'message': 'Unable to find requested resource'}, 404
+        return status_output.dump(code=404, message='Unable to find a resource with this id'), 404
     if resource.owner.client_id != client_id:
-        return {'status': 401, 'message': 'You do not own this resource'}, 401
+        return status_output.dump(code=401, message='You are not authorised to modify this resource'), 401
     resource.name = body['name']
 
     db.session.add(resource)
@@ -125,9 +126,10 @@ def remove(i: int):
 
     resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
-        return {'status': 410, 'message': 'The requested resource is permanently deleted'}, 410
+        # TODO: Allow turning this off because it can be used as an enumeration attack
+        return status_output.dump(code=410, message='The resource is gone'), 410
     if resource.owner.client_id != client_id:
-        return {'status': 401, 'message': 'You do not own this resource'}, 401
+        return status_output.dump(code=401, message='You are not authorised to remove this resource'), 401
 
     db.session.delete(resource)
     db.session.commit()
diff --git a/mrmat_python_api_flask/apis/resource/v1/model.py b/mrmat_python_api_flask/apis/resource/v1/model.py
index d3daaf0..a767473 100644
--- a/mrmat_python_api_flask/apis/resource/v1/model.py
+++ b/mrmat_python_api_flask/apis/resource/v1/model.py
@@ -48,24 +48,15 @@ class Resource(db.Model):
     UniqueConstraint('owner_id', 'name', name='no_duplicate_names_per_owner')
 
 
-class OwnerSchema(ma.Schema):
+class OwnerSchema(ma.SQLAlchemyAutoSchema):
     class Meta:
         fields = ('id', 'client_id', 'name')
 
-    id = fields.Int(dump_only=True)
-    client_id = fields.Str(dump_only=True)
-    name = fields.Str()
 
-
-class ResourceSchema(ma.Schema):
+class ResourceSchema(ma.SQLAlchemyAutoSchema):
     class Meta:
         fields = ('id', 'owner', 'name')
 
-    id = fields.Int()
-    owner_id = fields.Int(load_only=True)
-    owner = fields.Nested(lambda: OwnerSchema(), dump_only=True)    # pylint: disable=W0108
-    name = fields.Str()
-
 
 owner_schema = OwnerSchema()
 owners_schema = OwnerSchema(many=True)
diff --git a/tests/test_healthz.py b/tests/test_healthz.py
index 96de54d..53f7ec9 100644
--- a/tests/test_healthz.py
+++ b/tests/test_healthz.py
@@ -32,5 +32,6 @@ def test_healthz(self, no_test_infrastructure):
         with no_test_infrastructure.app_client() as client:
             rv: Response = client.get('/healthz/')
             json_body = rv.get_json()
-            assert 'status' in json_body
-            assert json_body['status'] == 'OK'
+            assert rv.status_code == 200
+            assert json_body['code'] == 200
+            assert json_body['message'] == 'OK'
diff --git a/tests/test_resource_v1.py b/tests/test_resource_v1.py
index 64028a6..f99ebe4 100644
--- a/tests/test_resource_v1.py
+++ b/tests/test_resource_v1.py
@@ -63,8 +63,8 @@ def test_resource_lifecycle(self, tmpdir, local_test_infrastructure):
 
                 (resp, resp_body) = rac.remove(resource_id)
                 assert resp.status_code == 410
+                assert resp_body['code'] == 410
                 assert resp_body['message'] == 'The requested resource is permanently deleted'
-                assert resp_body['status'] == 410
 
     def test_insufficient_scope(self, tmpdir, local_test_infrastructure):
         with local_test_infrastructure.app_client(tmpdir) as client:
@@ -81,3 +81,46 @@ def test_insufficient_scope(self, tmpdir, local_test_infrastructure):
                 (resp, resp_body) = rac.remove(1)
                 assert resp.status_code == 401
                 assert resp_body is None
+
+    def test_duplicate_creation_fails(self, tmpdir, local_test_infrastructure):
+        with local_test_infrastructure.app_client(tmpdir) as client:
+            with local_test_infrastructure.user_token(scopes=['mpaf-read', 'mpaf-write']) as user_token:
+                rac = ResourceAPIClient(client, token=user_token['access_token'])
+
+                resource_name = f'Test Resource {datetime.utcnow()}'
+                (resp, resp_body) = rac.create(name=resource_name)
+                assert resp.status_code == 201
+                assert resp_body['id'] is not None
+                assert resp_body['name'] == resource_name
+
+                (resp, resp_body) = rac.create(name=resource_name)
+                assert resp.status_code == 409
+                assert resp_body['code'] == 409
+                assert resp_body['message'] == 'This resource already exists'
+
+    def test_ownership_is_maintained(self, tmpdir, local_test_infrastructure):
+        with local_test_infrastructure.app_client(tmpdir) as client, \
+             local_test_infrastructure.user_token(user_id='test-user1', scopes=['mpaf-read', 'mpaf-write']) as token1, \
+             local_test_infrastructure.user_token(user_id='test-user2', scopes=['mpaf-read', 'mpaf-write']) as token2:
+
+            rac1 = ResourceAPIClient(client, token=token1['access_token'])
+            rac2 = ResourceAPIClient(client, token=token2['access_token'])
+
+            resource_name = f'Test Resource {datetime.utcnow()}'
+            (resp, resp_body) = rac1.create(name=resource_name)
+            assert resp.status_code == 201
+
+            (resp, resp_body) = rac2.create(name=resource_name)
+            assert resp.status_code == 201
+            user2_resource = resp_body['id']
+
+            (resp, resp_body) = rac1.modify(user2_resource, name='Test')
+            assert resp.status_code == 401
+            assert resp_body['code'] == 401
+            assert resp_body['message'] == 'You are not authorised to modify this resource'
+
+            (resp, resp_body) = rac1.remove(user2_resource)
+            assert resp.status_code == 401
+            assert resp_body['code'] == 401
+            assert resp_body['message'] == 'You are not authorised to remove this resource'
+

From 6cb4704063ba64d102863f3dc1fdb5c69a888105 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:22:43 +0100
Subject: [PATCH 05/39] Changed from FLASK_CONFIG to APP_CONFIG

---
 .idea/runConfigurations/build.xml                         | 6 +++---
 .idea/runConfigurations/mrmat_python_api_flask__prod_.xml | 2 +-
 .idea/runConfigurations/test__resources_.xml              | 2 +-
 .idea/runConfigurations/tests.xml                         | 2 +-
 .idea/runConfigurations/tests__no_infrastructure_.xml     | 2 +-
 README.md                                                 | 6 +++---
 mrmat_python_api_flask/__init__.py                        | 5 +++--
 7 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/.idea/runConfigurations/build.xml b/.idea/runConfigurations/build.xml
index 65ea552..da868f9 100644
--- a/.idea/runConfigurations/build.xml
+++ b/.idea/runConfigurations/build.xml
@@ -6,14 +6,14 @@
     <envs>
       <env name="PYTHONUNBUFFERED" value="1" />
     </envs>
-    <option name="SDK_HOME" value="C:\Users\imfeldma\var\venv\mrmat-python-api-flask\Scripts\python.exe" />
+    <option name="SDK_HOME" value="" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
-    <option name="IS_MODULE_SDK" value="false" />
+    <option name="IS_MODULE_SDK" value="true" />
     <option name="ADD_CONTENT_ROOTS" value="true" />
     <option name="ADD_SOURCE_ROOTS" value="true" />
     <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
     <option name="SCRIPT_NAME" value="build" />
-    <option name="PARAMETERS" value="-n" />
+    <option name="PARAMETERS" value="-n --wheel" />
     <option name="SHOW_COMMAND_LINE" value="false" />
     <option name="EMULATE_TERMINAL" value="false" />
     <option name="MODULE_MODE" value="true" />
diff --git a/.idea/runConfigurations/mrmat_python_api_flask__prod_.xml b/.idea/runConfigurations/mrmat_python_api_flask__prod_.xml
index 9311fa9..ac96355 100644
--- a/.idea/runConfigurations/mrmat_python_api_flask__prod_.xml
+++ b/.idea/runConfigurations/mrmat_python_api_flask__prod_.xml
@@ -7,7 +7,7 @@
     <option name="INTERPRETER_OPTIONS" value="" />
     <option name="PARENT_ENVS" value="true" />
     <envs>
-      <env name="FLASK_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask.json" />
+      <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask.json" />
       <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
     </envs>
     <option name="SDK_HOME" value="" />
diff --git a/.idea/runConfigurations/test__resources_.xml b/.idea/runConfigurations/test__resources_.xml
index dea29b7..ff56277 100644
--- a/.idea/runConfigurations/test__resources_.xml
+++ b/.idea/runConfigurations/test__resources_.xml
@@ -4,7 +4,7 @@
     <option name="INTERPRETER_OPTIONS" value="" />
     <option name="PARENT_ENVS" value="true" />
     <envs>
-      <env name="FLASK_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
+      <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
       <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
       <env name="TI_CONFIG" value="$USER_HOME$/etc/ted.json" />
     </envs>
diff --git a/.idea/runConfigurations/tests.xml b/.idea/runConfigurations/tests.xml
index cd0ad61..d401112 100644
--- a/.idea/runConfigurations/tests.xml
+++ b/.idea/runConfigurations/tests.xml
@@ -4,7 +4,7 @@
     <option name="INTERPRETER_OPTIONS" value="" />
     <option name="PARENT_ENVS" value="true" />
     <envs>
-      <env name="FLASK_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
+      <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
       <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
       <env name="TI_CONFIG" value="$USER_HOME$/etc/ted.json" />
     </envs>
diff --git a/.idea/runConfigurations/tests__no_infrastructure_.xml b/.idea/runConfigurations/tests__no_infrastructure_.xml
index 4b0e37f..3534ce4 100644
--- a/.idea/runConfigurations/tests__no_infrastructure_.xml
+++ b/.idea/runConfigurations/tests__no_infrastructure_.xml
@@ -4,7 +4,7 @@
     <option name="INTERPRETER_OPTIONS" value="" />
     <option name="PARENT_ENVS" value="true" />
     <envs>
-      <env name="FLASK_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
+      <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
       <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
     </envs>
     <option name="SDK_HOME" value="" />
diff --git a/README.md b/README.md
index e397e59..43a5a92 100644
--- a/README.md
+++ b/README.md
@@ -175,8 +175,8 @@ $ docker run --rm mrmat-python-api-flask:0.0.1
 
 ## Configuration
 
-You can provide configuration in a JSON file pointed to by the FLASK_CONFIG environment variable. The file is expected
-to be in the following format. The configuration file can contain anything the app picks up (see
+You can provide configuration in a JSON file pointed to by the APP_CONFIG environment variable, which defaults to
+`~/etc/mrmat-python-api-flask.json`. The configuration file can contain anything the app picks up (see
 `mrmat_python_api_flask/__init__.py`) but should typically contain the following three items:
 
 ```json
@@ -274,7 +274,7 @@ No authentication/authorisation is enforced by default. Token-based authenticati
 enforced by configuring connectivity to such extra central infrastructure. For this to happen, you must register the
 app in your OIDC IdP and create an OIDC secrets configuration file (json) of the following structure, which you
 subsequently point to using the `--oidc-secrets` option of the CLI or the `OIDC_CLIENT_SECRETS` key of the configuration
-file pointed to by the `FLASK_CONFIG` environment variable.
+file pointed to by the `APP_CONFIG` environment variable.
 
 ```json
 {
diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index 76c9b1b..b313dcb 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -81,8 +81,9 @@ def create_app(config_override=None, instance_path=None):
     app.config.setdefault('SQLALCHEMY_TRACK_MODIFICATIONS', False)
     app.config.setdefault('OIDC_USER_INFO_ENABLED', True)
     app.config.setdefault('OIDC_RESOURCE_SERVER_ONLY', True)
-    if 'FLASK_CONFIG' in os.environ and os.path.exists(os.path.expanduser(os.environ['FLASK_CONFIG'])):
-        app.config.from_json(os.path.expanduser(os.environ['FLASK_CONFIG']))
+    app_config_file = os.path.expanduser(os.environ.get('APP_CONFIG', '~/etc/mrmat-python-api-flask.json'))
+    if os.path.exists(app_config_file):
+        app.config.from_json(app_config_file)
     if config_override is not None:
         app.config.from_mapping(config_override)
     if app.config['SECRET_KEY'] is None:

From a9a97b047ebaf44c4e7e576c789f545ec6475f78 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:51:22 +0100
Subject: [PATCH 06/39] Added new run configurations for migration mgmt

---
 .idea/runConfigurations/db_current.xml   | 25 ++++++++++++++++++++++++
 .idea/runConfigurations/db_downgrade.xml | 25 ++++++++++++++++++++++++
 .idea/runConfigurations/db_revision.xml  | 25 ++++++++++++++++++++++++
 .idea/runConfigurations/db_upgrade.xml   | 25 ++++++++++++++++++++++++
 4 files changed, 100 insertions(+)
 create mode 100644 .idea/runConfigurations/db_current.xml
 create mode 100644 .idea/runConfigurations/db_downgrade.xml
 create mode 100644 .idea/runConfigurations/db_revision.xml
 create mode 100644 .idea/runConfigurations/db_upgrade.xml

diff --git a/.idea/runConfigurations/db_current.xml b/.idea/runConfigurations/db_current.xml
new file mode 100644
index 0000000..8e315fd
--- /dev/null
+++ b/.idea/runConfigurations/db_current.xml
@@ -0,0 +1,25 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="db current" type="PythonConfigurationType" factoryName="Python">
+    <module name="mrmat-python-api-flask" />
+    <option name="INTERPRETER_OPTIONS" value="" />
+    <option name="PARENT_ENVS" value="true" />
+    <envs>
+      <env name="PYTHONUNBUFFERED" value="1" />
+      <env name="FLASK_APP" value="mrmat_python_api_flask" />
+    </envs>
+    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
+    <option name="IS_MODULE_SDK" value="false" />
+    <option name="ADD_CONTENT_ROOTS" value="true" />
+    <option name="ADD_SOURCE_ROOTS" value="true" />
+    <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
+    <option name="SCRIPT_NAME" value="flask" />
+    <option name="PARAMETERS" value="db current" />
+    <option name="SHOW_COMMAND_LINE" value="false" />
+    <option name="EMULATE_TERMINAL" value="true" />
+    <option name="MODULE_MODE" value="true" />
+    <option name="REDIRECT_INPUT" value="false" />
+    <option name="INPUT_FILE" value="" />
+    <method v="2" />
+  </configuration>
+</component>
\ No newline at end of file
diff --git a/.idea/runConfigurations/db_downgrade.xml b/.idea/runConfigurations/db_downgrade.xml
new file mode 100644
index 0000000..ef877ec
--- /dev/null
+++ b/.idea/runConfigurations/db_downgrade.xml
@@ -0,0 +1,25 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="db downgrade" type="PythonConfigurationType" factoryName="Python">
+    <module name="mrmat-python-api-flask" />
+    <option name="INTERPRETER_OPTIONS" value="" />
+    <option name="PARENT_ENVS" value="true" />
+    <envs>
+      <env name="PYTHONUNBUFFERED" value="1" />
+      <env name="FLASK_APP" value="mrmat_python_api_flask" />
+    </envs>
+    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
+    <option name="IS_MODULE_SDK" value="false" />
+    <option name="ADD_CONTENT_ROOTS" value="true" />
+    <option name="ADD_SOURCE_ROOTS" value="true" />
+    <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
+    <option name="SCRIPT_NAME" value="flask" />
+    <option name="PARAMETERS" value="db downgrade" />
+    <option name="SHOW_COMMAND_LINE" value="false" />
+    <option name="EMULATE_TERMINAL" value="true" />
+    <option name="MODULE_MODE" value="true" />
+    <option name="REDIRECT_INPUT" value="false" />
+    <option name="INPUT_FILE" value="" />
+    <method v="2" />
+  </configuration>
+</component>
\ No newline at end of file
diff --git a/.idea/runConfigurations/db_revision.xml b/.idea/runConfigurations/db_revision.xml
new file mode 100644
index 0000000..985a2cd
--- /dev/null
+++ b/.idea/runConfigurations/db_revision.xml
@@ -0,0 +1,25 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="db revision" type="PythonConfigurationType" factoryName="Python">
+    <module name="mrmat-python-api-flask" />
+    <option name="INTERPRETER_OPTIONS" value="" />
+    <option name="PARENT_ENVS" value="true" />
+    <envs>
+      <env name="PYTHONUNBUFFERED" value="1" />
+      <env name="FLASK_APP" value="mrmat_python_api_flask" />
+    </envs>
+    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
+    <option name="IS_MODULE_SDK" value="false" />
+    <option name="ADD_CONTENT_ROOTS" value="true" />
+    <option name="ADD_SOURCE_ROOTS" value="true" />
+    <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
+    <option name="SCRIPT_NAME" value="flask" />
+    <option name="PARAMETERS" value="db revision -m newest --autogenerate" />
+    <option name="SHOW_COMMAND_LINE" value="false" />
+    <option name="EMULATE_TERMINAL" value="true" />
+    <option name="MODULE_MODE" value="true" />
+    <option name="REDIRECT_INPUT" value="false" />
+    <option name="INPUT_FILE" value="" />
+    <method v="2" />
+  </configuration>
+</component>
\ No newline at end of file
diff --git a/.idea/runConfigurations/db_upgrade.xml b/.idea/runConfigurations/db_upgrade.xml
new file mode 100644
index 0000000..2a4dd4c
--- /dev/null
+++ b/.idea/runConfigurations/db_upgrade.xml
@@ -0,0 +1,25 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="db upgrade" type="PythonConfigurationType" factoryName="Python">
+    <module name="mrmat-python-api-flask" />
+    <option name="INTERPRETER_OPTIONS" value="" />
+    <option name="PARENT_ENVS" value="true" />
+    <envs>
+      <env name="PYTHONUNBUFFERED" value="1" />
+      <env name="FLASK_APP" value="mrmat_python_api_flask" />
+    </envs>
+    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
+    <option name="IS_MODULE_SDK" value="false" />
+    <option name="ADD_CONTENT_ROOTS" value="true" />
+    <option name="ADD_SOURCE_ROOTS" value="true" />
+    <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
+    <option name="SCRIPT_NAME" value="flask" />
+    <option name="PARAMETERS" value="db upgrade" />
+    <option name="SHOW_COMMAND_LINE" value="false" />
+    <option name="EMULATE_TERMINAL" value="true" />
+    <option name="MODULE_MODE" value="true" />
+    <option name="REDIRECT_INPUT" value="false" />
+    <option name="INPUT_FILE" value="" />
+    <method v="2" />
+  </configuration>
+</component>
\ No newline at end of file

From d1420a880058935ca9a36be2259d9a5fc1d7ff91 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:51:34 +0100
Subject: [PATCH 07/39] Adjusted local datasources

---
 .idea/dataSources.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.idea/dataSources.xml b/.idea/dataSources.xml
index 31fad70..610a59b 100644
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@@ -8,5 +8,12 @@
       <jdbc-url>jdbc:postgresql://localhost:5432/localdb</jdbc-url>
       <working-dir>$ProjectFileDir$</working-dir>
     </data-source>
+    <data-source source="LOCAL" name="mpaf@localdb" uuid="4875dced-5da7-4cb2-9b21-a2d07f9ddcd0">
+      <driver-ref>postgresql</driver-ref>
+      <synchronize>true</synchronize>
+      <jdbc-driver>org.postgresql.Driver</jdbc-driver>
+      <jdbc-url>jdbc:postgresql://localhost:5432/localdb</jdbc-url>
+      <working-dir>$ProjectFileDir$</working-dir>
+    </data-source>
   </component>
 </project>
\ No newline at end of file

From d433a4cf7f91950b12b6360e60be15f052af4b9b Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:52:00 +0100
Subject: [PATCH 08/39] Regenerated migration

---
 .../{1bea80b612cc_initial.py => 2c4268119c7e_initial.py}  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename migrations/versions/{1bea80b612cc_initial.py => 2c4268119c7e_initial.py} (91%)

diff --git a/migrations/versions/1bea80b612cc_initial.py b/migrations/versions/2c4268119c7e_initial.py
similarity index 91%
rename from migrations/versions/1bea80b612cc_initial.py
rename to migrations/versions/2c4268119c7e_initial.py
index be6ec5f..96546d3 100644
--- a/migrations/versions/1bea80b612cc_initial.py
+++ b/migrations/versions/2c4268119c7e_initial.py
@@ -1,8 +1,8 @@
-"""initial
+"""newest
 
-Revision ID: 1bea80b612cc
+Revision ID: 2c4268119c7e
 Revises: 
-Create Date: 2021-12-25 13:31:36.003378
+Create Date: 2021-12-31 09:46:33.167275
 
 """
 from alembic import op
@@ -10,7 +10,7 @@
 
 
 # revision identifiers, used by Alembic.
-revision = '1bea80b612cc'
+revision = '2c4268119c7e'
 down_revision = None
 branch_labels = None
 depends_on = None

From 076e04a88f4fc82c3347894eee3acfe47a6e2af8 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:52:38 +0100
Subject: [PATCH 09/39] Log when overriding configuration

---
 mrmat_python_api_flask/__init__.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index b313dcb..432fa78 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -83,10 +83,13 @@ def create_app(config_override=None, instance_path=None):
     app.config.setdefault('OIDC_RESOURCE_SERVER_ONLY', True)
     app_config_file = os.path.expanduser(os.environ.get('APP_CONFIG', '~/etc/mrmat-python-api-flask.json'))
     if os.path.exists(app_config_file):
+        app.logger.info(f'Applying configuration from {app_config_file}')
         app.config.from_json(app_config_file)
     if config_override is not None:
+        app.logger.info(f'Overriding configuration from {type(config_override)}')
         app.config.from_mapping(config_override)
     if app.config['SECRET_KEY'] is None:
+        app.logger.warning(f'Generating new secret key')
         app.config['SECRET_KEY'] = secrets.token_urlsafe(16)
 
     #

From e2a5963972266263f679f6b2141f351e8207c060 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:53:10 +0100
Subject: [PATCH 10/39] Adjusted generated accounts so they don't clash

---
 tests/conftest.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/conftest.py b/tests/conftest.py
index 6429974..de3f8c5 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -238,8 +238,8 @@ def app_auth(self,
     @contextlib.contextmanager
     def app(self,
             tmpdir,
-            pg_role: str = 'mpaf',
-            pg_password: str = 'mpaf',
+            pg_role: str = 'mpaf-test',
+            pg_password: str = 'mpaf-test',
             pg_schema: str = 'mpaf-test',
             drop_finally: bool = False):
         with self.app_dsn(role=pg_role, password=pg_password, schema=pg_schema, drop_finally=drop_finally) as dsn, \
@@ -262,8 +262,8 @@ def app_client(self, app_dir):
 
     @contextlib.contextmanager
     def user_token(self,
-                   user_id: str = 'test-user',
-                   user_password: str = 'test',
+                   user_id: str = 'mpaf-test-user',
+                   user_password: str = 'mpaf-test-user',
                    scopes: List[str] = None,
                    drop_finally: bool = False):
         try:

From 99859ae681e80baa59a42459ac075a55697e2a7b Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Fri, 31 Dec 2021 09:53:22 +0100
Subject: [PATCH 11/39] Fixed local docker configuration

---
 .idea/runConfigurations/docker__nostromo_.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.idea/runConfigurations/docker__nostromo_.xml b/.idea/runConfigurations/docker__nostromo_.xml
index 0c5b2e9..825f08f 100644
--- a/.idea/runConfigurations/docker__nostromo_.xml
+++ b/.idea/runConfigurations/docker__nostromo_.xml
@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="docker (nostromo)" type="docker-deploy" factoryName="dockerfile" server-name="docker@nostromo">
+  <configuration default="false" name="docker (nostromo)" type="docker-deploy" factoryName="dockerfile" server-name="Docker">
     <deployment type="dockerfile">
       <settings>
         <option name="imageTag" value="mrmat-python-api-flask:0.0.1" />

From 564b1b4baf2def1bbe76ae43b4cee671a96969e5 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sat, 1 Jan 2022 14:44:41 +0100
Subject: [PATCH 12/39] Added IDEA pylint configuration

---
 .idea/pylint.xml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 .idea/pylint.xml

diff --git a/.idea/pylint.xml b/.idea/pylint.xml
new file mode 100644
index 0000000..46ea4e7
--- /dev/null
+++ b/.idea/pylint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PylintConfigService">
+    <option name="pylintrcPath" value=".pylintrc" />
+  </component>
+</project>
\ No newline at end of file

From cb3c49acf5c75c3c6dc8dc0a8d48715c870f5a06 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sat, 1 Jan 2022 14:45:11 +0100
Subject: [PATCH 13/39] Removed unnecesssary f-string

---
 mrmat_python_api_flask/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index 432fa78..08da872 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -89,7 +89,7 @@ def create_app(config_override=None, instance_path=None):
         app.logger.info(f'Overriding configuration from {type(config_override)}')
         app.config.from_mapping(config_override)
     if app.config['SECRET_KEY'] is None:
-        app.logger.warning(f'Generating new secret key')
+        app.logger.warning('Generating new secret key')
         app.config['SECRET_KEY'] = secrets.token_urlsafe(16)
 
     #

From 976889492c81aa462be05b5873e6735c1dff56ff Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sat, 1 Jan 2022 14:58:48 +0100
Subject: [PATCH 14/39] Adjusted path to local configuration

---
 .idea/runConfigurations/cui.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.idea/runConfigurations/cui.xml b/.idea/runConfigurations/cui.xml
index 89cd374..bd5122a 100644
--- a/.idea/runConfigurations/cui.xml
+++ b/.idea/runConfigurations/cui.xml
@@ -14,7 +14,7 @@
     <option name="ADD_SOURCE_ROOTS" value="true" />
     <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
     <option name="SCRIPT_NAME" value="mrmat_python_api_flask.cui" />
-    <option name="PARAMETERS" value="--instance-path $USER_HOME$/build/api-flask --port 8090 --oidc-secrets $USER_HOME$/etc/mpaf-oidc.json --dsn postgresql://mpaf:mpaf@localhost:5432/localdb" />
+    <option name="PARAMETERS" value="--instance-path $USER_HOME$/build/api-flask --port 8090 --oidc-secrets ~/etc/mrmat-python-api-flask-oidc.json --dsn postgresql://mpaf:mpaf@localhost:5432/localdb" />
     <option name="SHOW_COMMAND_LINE" value="false" />
     <option name="EMULATE_TERMINAL" value="false" />
     <option name="MODULE_MODE" value="true" />

From 3797dbc39d1f168fdbd9f928d7fdeaa6e3b88887 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sat, 1 Jan 2022 14:59:26 +0100
Subject: [PATCH 15/39] Logs config overrides by cui

---
 mrmat_python_api_flask/__init__.py | 3 ++-
 mrmat_python_api_flask/cui.py      | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index 08da872..becfb13 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -86,7 +86,8 @@ def create_app(config_override=None, instance_path=None):
         app.logger.info(f'Applying configuration from {app_config_file}')
         app.config.from_json(app_config_file)
     if config_override is not None:
-        app.logger.info(f'Overriding configuration from {type(config_override)}')
+        for override in config_override:
+            app.logger.info(f'Overriding configuration for {override} from the command line')
         app.config.from_mapping(config_override)
     if app.config['SECRET_KEY'] is None:
         app.logger.warning('Generating new secret key')
diff --git a/mrmat_python_api_flask/cui.py b/mrmat_python_api_flask/cui.py
index 726da28..f1354ef 100644
--- a/mrmat_python_api_flask/cui.py
+++ b/mrmat_python_api_flask/cui.py
@@ -23,6 +23,7 @@
 """Main entry point when executing this application from the CLI
 """
 
+import os
 import sys
 import argparse
 
@@ -67,7 +68,11 @@ def main() -> int:
 
     overrides = {'DEBUG': args.debug}
     if args.oidc_secrets is not None:
-        overrides['OIDC_CLIENT_SECRETS'] = args.oidc_secrets
+        oidc_secrets_config = os.path.expanduser(args.oidc_secrets)
+        if not os.path.exists(oidc_secrets_config):
+            print(f'ERROR: {oidc_secrets_config} does not exist')
+            return 1
+        overrides['OIDC_CLIENT_SECRETS'] = oidc_secrets_config
     if args.dsn is not None:
         overrides['SQLALCHEMY_DATABASE_URI'] = args.dsn
 

From 53c04dd225998259c38938e085777bc61fbe702f Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 13 Feb 2022 11:34:20 +0100
Subject: [PATCH 16/39] Interim

---
 .idea/runConfigurations/docker__nostromo_.xml | 18 +++-
 README.md                                     |  3 +
 mrmat_python_api_flask/__init__.py            | 92 +++++++++++++++----
 .../apis/greeting/v1/api.py                   | 32 ++++---
 var/docker/Dockerfile                         |  2 +-
 5 files changed, 115 insertions(+), 32 deletions(-)

diff --git a/.idea/runConfigurations/docker__nostromo_.xml b/.idea/runConfigurations/docker__nostromo_.xml
index 825f08f..94c0d6f 100644
--- a/.idea/runConfigurations/docker__nostromo_.xml
+++ b/.idea/runConfigurations/docker__nostromo_.xml
@@ -5,8 +5,24 @@
         <option name="imageTag" value="mrmat-python-api-flask:0.0.1" />
         <option name="containerName" value="mrmat-python-api-flask" />
         <option name="contextFolderPath" value="." />
-        <option name="publishAllPorts" value="true" />
+        <option name="portBindings">
+          <list>
+            <DockerPortBindingImpl>
+              <option name="containerPort" value="8080" />
+              <option name="hostIp" value="127.0.0.1" />
+              <option name="hostPort" value="10080" />
+            </DockerPortBindingImpl>
+          </list>
+        </option>
         <option name="sourceFilePath" value="var/docker/Dockerfile" />
+        <option name="volumeBindings">
+          <list>
+            <DockerVolumeBindingImpl>
+              <option name="containerPath" value="/app/instance" />
+              <option name="hostPath" value="/opt/dyn/mrmat-python-api-flask" />
+            </DockerVolumeBindingImpl>
+          </list>
+        </option>
       </settings>
     </deployment>
     <method v="2" />
diff --git a/README.md b/README.md
index 43a5a92..d42b070 100644
--- a/README.md
+++ b/README.md
@@ -356,3 +356,6 @@ following form. The DISCOVERY_URL must point to the URL where the IdP publishes
 ```
 
 >The client requires configuration with OIDC secrets and currently implements the Device code flow
+
+### Logging
+
diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index becfb13..94d3d70 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -26,24 +26,71 @@
 import sys
 import os
 import logging
+import logging.config
 import secrets
 import importlib.metadata
 
-from rich.console import Console
-from rich.logging import RichHandler
-
-from flask import Flask
+import flask
+from flask import Flask, has_request_context, request
 from flask_sqlalchemy import SQLAlchemy
 from flask_migrate import Migrate
 from flask_marshmallow import Marshmallow
 from flask_oidc import OpenIDConnect
 
-logging.basicConfig(level='INFO',
-                    handlers=[RichHandler(rich_tracebacks=True,
-                                          show_path=False,
-                                          omit_repeated_times=False)])
+#
+# Establish consistent logging
+# The logger we obtain here is an operational logger, not the one logging requests. The former uses the matching
+# logger '__name__', the latter uses 'werkzeug'
+
+
+class RequestFormatter(logging.Formatter):
+    def format(self, record):
+        if has_request_context():
+            record.blueprint = request.blueprint
+            record.url = request.full_path
+            record.remote_addr = request.remote_addr
+            record.user_agent = request.user_agent
+        else:
+            record.url = None
+            record.remote_addr = None
+        return super().format(record)
+
+
+logging.config.dictConfig({
+        'version': 1,
+        'formatters': {
+            'default': {
+                'class': 'logging.Formatter',
+                'format': '%(asctime)s %(name)-22s %(levelname)-8s %(message)s'
+            }
+        },
+        'handlers': {
+            'console': {
+                'class': 'logging.StreamHandler',
+                'level': 'INFO',
+                'formatter': 'default'
+            }
+        },
+        'loggers': {
+            __name__: {
+                'level': 'INFO',
+                'handlers': ['console'],
+                'propagate': False
+            }
+        },
+        'root': {
+            'level': 'INFO',
+            'formatter': 'default',
+            'handlers': ['console']
+        }
+    })
 log = logging.getLogger(__name__)
-console = Console()
+
+#
+# Establish consistent logging
+
+#
+# Determine the version we're at and a version header we add to each response
 
 try:
     __version__ = importlib.metadata.version('mrmat-python-api-flask')
@@ -51,6 +98,9 @@
     # You have not actually installed the wheel yet. We may be within CI so pick that version or fall back
     __version__ = os.environ.get('MRMAT_VERSION', '0.0.0.dev0')
 
+#
+# Initialise supporting services
+
 db = SQLAlchemy()
 ma = Marshmallow()
 migrate = Migrate()
@@ -83,14 +133,14 @@ def create_app(config_override=None, instance_path=None):
     app.config.setdefault('OIDC_RESOURCE_SERVER_ONLY', True)
     app_config_file = os.path.expanduser(os.environ.get('APP_CONFIG', '~/etc/mrmat-python-api-flask.json'))
     if os.path.exists(app_config_file):
-        app.logger.info(f'Applying configuration from {app_config_file}')
+        log.info(f'Applying configuration from {app_config_file}')
         app.config.from_json(app_config_file)
     if config_override is not None:
         for override in config_override:
-            app.logger.info(f'Overriding configuration for {override} from the command line')
+            log.info(f'Overriding configuration for {override} from the command line')
         app.config.from_mapping(config_override)
     if app.config['SECRET_KEY'] is None:
-        app.logger.warning('Generating new secret key')
+        log.warning('Generating new secret key')
         app.config['SECRET_KEY'] = secrets.token_urlsafe(16)
 
     #
@@ -98,12 +148,12 @@ def create_app(config_override=None, instance_path=None):
 
     try:
         if not os.path.exists(app.instance_path):
-            app.logger.info(f'Creating new instance path at {app.instance_path}')
+            log.info(f'Creating new instance path at {app.instance_path}')
             os.makedirs(app.instance_path)
         else:
-            app.logger.info(f'Using existing instance path at {app.instance_path}')
+            log.info(f'Using existing instance path at {app.instance_path}')
     except OSError:
-        app.logger.error(f'Failed to create new instance path at {app.instance_path}')
+        log.error(f'Failed to create new instance path at {app.instance_path}')
         sys.exit(1)
 
     # When using Flask-SQLAlchemy, there is no need to explicitly import DAO classes because they themselves
@@ -115,7 +165,7 @@ def create_app(config_override=None, instance_path=None):
     if 'OIDC_CLIENT_SECRETS' in app.config.keys():
         oidc.init_app(app)
     else:
-        app.logger.warning('Running without any authentication/authorisation')
+        log.warning('Running without any authentication/authorisation')
 
     #
     # Import and register our APIs here
@@ -131,4 +181,14 @@ def create_app(config_override=None, instance_path=None):
     app.register_blueprint(api_greeting_v3, url_prefix='/api/greeting/v3')
     app.register_blueprint(api_resource_v1, url_prefix='/api/resource/v1')
 
+    #
+    # Postprocess the request
+    # Log its result and add our version header to it
+
+    @app.after_request
+    def after_request(response: flask.Response) -> flask.Response:
+        log.info(f'[{response.status_code}]')
+        response.headers.add('X-MrMat-Python-API-Flask-Version', __version__)
+        return response
+
     return app
diff --git a/mrmat_python_api_flask/apis/greeting/v1/api.py b/mrmat_python_api_flask/apis/greeting/v1/api.py
index d2cd2a2..78441ed 100644
--- a/mrmat_python_api_flask/apis/greeting/v1/api.py
+++ b/mrmat_python_api_flask/apis/greeting/v1/api.py
@@ -20,22 +20,26 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
-"""Blueprint for the Greeting API in V1
 """
-from flask.views import MethodView
-from flask_smorest import Blueprint
-from .model import greeting_v1_output, GreetingV1Output
+Blueprint for the Greeting API in V1
+"""
 
-bp = Blueprint('greeting_v1',
-               __name__,
-               description='Greeting V1 API')
+import logging
+
+from flask_smorest import Blueprint
+from mrmat_python_api_flask.apis.greeting.v1.model import greeting_v1_output, GreetingV1Output
 
+bp = Blueprint('greeting_v1', __name__, description='Greeting V1 API')
+log = logging.getLogger('api')
 
-@bp.route('/')
-class GreetingV1(MethodView):
 
-    @bp.response(200, GreetingV1Output)
-    def get(self):
-        """Get a Hello World message
-        """
-        return greeting_v1_output.dump({'message': 'Hello World'}), 200
+@bp.route('/', methods=['GET'])
+@bp.response(200, GreetingV1Output)
+def get_greeting():
+    """
+    Receive a Hello World message
+    Returns:
+        A plain-text hello world message
+    """
+    log.info('v1/helloworld')
+    return greeting_v1_output.dump({'message': 'Hello World'}), 200
diff --git a/var/docker/Dockerfile b/var/docker/Dockerfile
index e483850..34c7ac0 100644
--- a/var/docker/Dockerfile
+++ b/var/docker/Dockerfile
@@ -25,4 +25,4 @@ RUN \
 
 EXPOSE 8080
 USER 1000:1000
-ENTRYPOINT /app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8080 'mrmat_python_api_flask:create_app()'
+ENTRYPOINT /app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8080 --error-logfile /app/instance/error.log --access-logfile /app/instance/access.log 'mrmat_python_api_flask:create_app()'

From 263574667e6b79fdcc943e5126c23283e6287795 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 13 Feb 2022 12:56:33 +0100
Subject: [PATCH 17/39] Different schema rendering

For some strange reason, we must dump the schema differently here
---
 mrmat_python_api_flask/apis/healthz/api.py | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/mrmat_python_api_flask/apis/healthz/api.py b/mrmat_python_api_flask/apis/healthz/api.py
index 3f7be71..57ac363 100644
--- a/mrmat_python_api_flask/apis/healthz/api.py
+++ b/mrmat_python_api_flask/apis/healthz/api.py
@@ -20,19 +20,20 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
-"""Blueprint for the Healthz API
+"""
+Blueprint for the Healthz API
 """
 
-#from flask_smorest import Blueprint
-from flask import Blueprint
+from flask_smorest import Blueprint
+# from flask import Blueprint
 
-from mrmat_python_api_flask.apis import status_output
+from mrmat_python_api_flask.apis import status_output, StatusOutputSchema
 
-#bp = Blueprint('healthz', __name__, description='Health API')
-bp = Blueprint('healthz', __name__)
+bp = Blueprint('healthz', __name__, description='Health API')
+# bp = Blueprint('healthz', __name__)
 
 
-@bp.route('/')
-#@bp.response(200, StatusOutputSchema)
+@bp.route('/', methods=['GET'])
+@bp.response(200, StatusOutputSchema)
 def get():
-    return status_output.dump(status=200, message='OK'), 200
+    return status_output.dump(dict(code=200, message='OK')), 200

From 45ca4341ed7aa0f0c44d5d31f97516f457d447c1 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 13 Feb 2022 12:57:06 +0100
Subject: [PATCH 18/39] Updated the databases

---
 .idea/dataSources.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.idea/dataSources.xml b/.idea/dataSources.xml
index 610a59b..4e8fe8c 100644
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@@ -8,11 +8,11 @@
       <jdbc-url>jdbc:postgresql://localhost:5432/localdb</jdbc-url>
       <working-dir>$ProjectFileDir$</working-dir>
     </data-source>
-    <data-source source="LOCAL" name="mpaf@localdb" uuid="4875dced-5da7-4cb2-9b21-a2d07f9ddcd0">
+    <data-source source="LOCAL" name="imfeldma@prometheusdb" uuid="9cb3727e-b0a4-4fb9-a2ab-9c167911aa9c">
       <driver-ref>postgresql</driver-ref>
       <synchronize>true</synchronize>
       <jdbc-driver>org.postgresql.Driver</jdbc-driver>
-      <jdbc-url>jdbc:postgresql://localhost:5432/localdb</jdbc-url>
+      <jdbc-url>jdbc:postgresql://prometheus.mrmat.org:5432/prometheusdb</jdbc-url>
       <working-dir>$ProjectFileDir$</working-dir>
     </data-source>
   </component>

From ad983a52551233cfcfbe85613aeaf9189966f502 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sun, 13 Feb 2022 12:57:20 +0100
Subject: [PATCH 19/39] Sanitised run configurations

---
 ..._python_api_flask__no_infrastructure_.xml} |  2 +-
 ..._api_flask__no_infrastructure__debug_.xml} |  2 +-
 .idea/runConfigurations/test__resources_.xml  | 24 -------------------
 ...s.xml => tests__local_infrastructure_.xml} |  2 +-
 4 files changed, 3 insertions(+), 27 deletions(-)
 rename .idea/runConfigurations/{mrmat_python_api_flask__default_.xml => mrmat_python_api_flask__no_infrastructure_.xml} (87%)
 rename .idea/runConfigurations/{mrmat_python_api_flask__default__debug_.xml => mrmat_python_api_flask__no_infrastructure__debug_.xml} (87%)
 delete mode 100644 .idea/runConfigurations/test__resources_.xml
 rename .idea/runConfigurations/{tests.xml => tests__local_infrastructure_.xml} (91%)

diff --git a/.idea/runConfigurations/mrmat_python_api_flask__default_.xml b/.idea/runConfigurations/mrmat_python_api_flask__no_infrastructure_.xml
similarity index 87%
rename from .idea/runConfigurations/mrmat_python_api_flask__default_.xml
rename to .idea/runConfigurations/mrmat_python_api_flask__no_infrastructure_.xml
index 240cee6..b30fe57 100644
--- a/.idea/runConfigurations/mrmat_python_api_flask__default_.xml
+++ b/.idea/runConfigurations/mrmat_python_api_flask__no_infrastructure_.xml
@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="mrmat-python-api-flask (default)" type="Python.FlaskServer">
+  <configuration default="false" name="mrmat-python-api-flask (no infrastructure)" type="Python.FlaskServer">
     <module name="mrmat-python-api-flask" />
     <option name="target" value="mrmat_python_api_flask" />
     <option name="targetType" value="PYTHON" />
diff --git a/.idea/runConfigurations/mrmat_python_api_flask__default__debug_.xml b/.idea/runConfigurations/mrmat_python_api_flask__no_infrastructure__debug_.xml
similarity index 87%
rename from .idea/runConfigurations/mrmat_python_api_flask__default__debug_.xml
rename to .idea/runConfigurations/mrmat_python_api_flask__no_infrastructure__debug_.xml
index 67a858c..b5d7e44 100644
--- a/.idea/runConfigurations/mrmat_python_api_flask__default__debug_.xml
+++ b/.idea/runConfigurations/mrmat_python_api_flask__no_infrastructure__debug_.xml
@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="mrmat-python-api-flask (default, debug)" type="Python.FlaskServer">
+  <configuration default="false" name="mrmat-python-api-flask (no infrastructure, debug)" type="Python.FlaskServer">
     <option name="flaskDebug" value="true" />
     <module name="mrmat-python-api-flask" />
     <option name="target" value="mrmat_python_api_flask" />
diff --git a/.idea/runConfigurations/test__resources_.xml b/.idea/runConfigurations/test__resources_.xml
deleted file mode 100644
index ff56277..0000000
--- a/.idea/runConfigurations/test__resources_.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="test [resources]" type="tests" factoryName="py.test">
-    <module name="mrmat-python-api-flask" />
-    <option name="INTERPRETER_OPTIONS" value="" />
-    <option name="PARENT_ENVS" value="true" />
-    <envs>
-      <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
-      <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
-      <env name="TI_CONFIG" value="$USER_HOME$/etc/ted.json" />
-    </envs>
-    <option name="SDK_HOME" value="" />
-    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/tests" />
-    <option name="IS_MODULE_SDK" value="true" />
-    <option name="ADD_CONTENT_ROOTS" value="true" />
-    <option name="ADD_SOURCE_ROOTS" value="true" />
-    <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
-    <option name="_new_keywords" value="&quot;&quot;" />
-    <option name="_new_parameters" value="&quot;&quot;" />
-    <option name="_new_additionalArguments" value="&quot;&quot;" />
-    <option name="_new_target" value="&quot;test_resource_v1.TestWithLocalInfrastructure&quot;" />
-    <option name="_new_targetType" value="&quot;PYTHON&quot;" />
-    <method v="2" />
-  </configuration>
-</component>
\ No newline at end of file
diff --git a/.idea/runConfigurations/tests.xml b/.idea/runConfigurations/tests__local_infrastructure_.xml
similarity index 91%
rename from .idea/runConfigurations/tests.xml
rename to .idea/runConfigurations/tests__local_infrastructure_.xml
index d401112..5e0afc9 100644
--- a/.idea/runConfigurations/tests.xml
+++ b/.idea/runConfigurations/tests__local_infrastructure_.xml
@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="tests" type="tests" factoryName="py.test">
+  <configuration default="false" name="tests (local infrastructure)" type="tests" factoryName="py.test">
     <module name="mrmat-python-api-flask" />
     <option name="INTERPRETER_OPTIONS" value="" />
     <option name="PARENT_ENVS" value="true" />

From 99aef1e7c4a4c39cefe32280fc569936661ca0b7 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Sat, 19 Feb 2022 08:14:30 +0100
Subject: [PATCH 20/39] Transfer

---
 .idea/runConfigurations/db_current.xml        |  4 +-
 .idea/runConfigurations/db_downgrade.xml      |  4 +-
 .idea/runConfigurations/db_revision.xml       |  4 +-
 .idea/runConfigurations/db_upgrade.xml        |  4 +-
 ...thon_api_flask__local_infrastructure_.xml} |  4 +-
 mrmat_python_api_flask/__init__.py            | 82 ++++++++++++-------
 .../apis/greeting/v1/api.py                   |  2 +
 .../apis/greeting/v2/api.py                   | 44 +++++-----
 .../apis/greeting/v3/api.py                   | 20 ++++-
 .../apis/greeting/v3/model.py                 | 14 ----
 mrmat_python_api_flask/apis/healthz/api.py    |  9 +-
 .../apis/resource/v1/api.py                   | 23 +++++-
 pytest.ini                                    |  2 +-
 requirements.txt                              |  2 +-
 setup.cfg                                     |  2 +-
 15 files changed, 130 insertions(+), 90 deletions(-)
 rename .idea/runConfigurations/{mrmat_python_api_flask__prod_.xml => mrmat_python_api_flask__local_infrastructure_.xml} (83%)

diff --git a/.idea/runConfigurations/db_current.xml b/.idea/runConfigurations/db_current.xml
index 8e315fd..8d98a8d 100644
--- a/.idea/runConfigurations/db_current.xml
+++ b/.idea/runConfigurations/db_current.xml
@@ -7,9 +7,9 @@
       <env name="PYTHONUNBUFFERED" value="1" />
       <env name="FLASK_APP" value="mrmat_python_api_flask" />
     </envs>
-    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="SDK_HOME" value="" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
-    <option name="IS_MODULE_SDK" value="false" />
+    <option name="IS_MODULE_SDK" value="true" />
     <option name="ADD_CONTENT_ROOTS" value="true" />
     <option name="ADD_SOURCE_ROOTS" value="true" />
     <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
diff --git a/.idea/runConfigurations/db_downgrade.xml b/.idea/runConfigurations/db_downgrade.xml
index ef877ec..e7c88f0 100644
--- a/.idea/runConfigurations/db_downgrade.xml
+++ b/.idea/runConfigurations/db_downgrade.xml
@@ -7,9 +7,9 @@
       <env name="PYTHONUNBUFFERED" value="1" />
       <env name="FLASK_APP" value="mrmat_python_api_flask" />
     </envs>
-    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="SDK_HOME" value="" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
-    <option name="IS_MODULE_SDK" value="false" />
+    <option name="IS_MODULE_SDK" value="true" />
     <option name="ADD_CONTENT_ROOTS" value="true" />
     <option name="ADD_SOURCE_ROOTS" value="true" />
     <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
diff --git a/.idea/runConfigurations/db_revision.xml b/.idea/runConfigurations/db_revision.xml
index 985a2cd..6ac4b7c 100644
--- a/.idea/runConfigurations/db_revision.xml
+++ b/.idea/runConfigurations/db_revision.xml
@@ -7,9 +7,9 @@
       <env name="PYTHONUNBUFFERED" value="1" />
       <env name="FLASK_APP" value="mrmat_python_api_flask" />
     </envs>
-    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="SDK_HOME" value="" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
-    <option name="IS_MODULE_SDK" value="false" />
+    <option name="IS_MODULE_SDK" value="true" />
     <option name="ADD_CONTENT_ROOTS" value="true" />
     <option name="ADD_SOURCE_ROOTS" value="true" />
     <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
diff --git a/.idea/runConfigurations/db_upgrade.xml b/.idea/runConfigurations/db_upgrade.xml
index 2a4dd4c..7bff3b9 100644
--- a/.idea/runConfigurations/db_upgrade.xml
+++ b/.idea/runConfigurations/db_upgrade.xml
@@ -7,9 +7,9 @@
       <env name="PYTHONUNBUFFERED" value="1" />
       <env name="FLASK_APP" value="mrmat_python_api_flask" />
     </envs>
-    <option name="SDK_HOME" value="/opt/dyn/python/mrmat-python-api-flask/bin/python" />
+    <option name="SDK_HOME" value="" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
-    <option name="IS_MODULE_SDK" value="false" />
+    <option name="IS_MODULE_SDK" value="true" />
     <option name="ADD_CONTENT_ROOTS" value="true" />
     <option name="ADD_SOURCE_ROOTS" value="true" />
     <EXTENSION ID="PythonCoverageRunConfigurationExtension" runner="coverage.py" />
diff --git a/.idea/runConfigurations/mrmat_python_api_flask__prod_.xml b/.idea/runConfigurations/mrmat_python_api_flask__local_infrastructure_.xml
similarity index 83%
rename from .idea/runConfigurations/mrmat_python_api_flask__prod_.xml
rename to .idea/runConfigurations/mrmat_python_api_flask__local_infrastructure_.xml
index ac96355..7cbd771 100644
--- a/.idea/runConfigurations/mrmat_python_api_flask__prod_.xml
+++ b/.idea/runConfigurations/mrmat_python_api_flask__local_infrastructure_.xml
@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="mrmat-python-api-flask (prod)" type="Python.FlaskServer">
+  <configuration default="false" name="mrmat-python-api-flask (local infrastructure)" type="Python.FlaskServer">
     <option name="flaskEnv" value="production" />
     <module name="mrmat-python-api-flask" />
     <option name="target" value="mrmat_python_api_flask" />
@@ -7,7 +7,7 @@
     <option name="INTERPRETER_OPTIONS" value="" />
     <option name="PARENT_ENVS" value="true" />
     <envs>
-      <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask.json" />
+      <env name="APP_CONFIG" value="$USER_HOME$/etc/mpaf-local.json" />
       <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
     </envs>
     <option name="SDK_HOME" value="" />
diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index 94d3d70..a97a0da 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -36,6 +36,8 @@
 from flask_migrate import Migrate
 from flask_marshmallow import Marshmallow
 from flask_oidc import OpenIDConnect
+from flask_smorest import Api
+
 
 #
 # Establish consistent logging
@@ -57,33 +59,33 @@ def format(self, record):
 
 
 logging.config.dictConfig({
-        'version': 1,
-        'formatters': {
-            'default': {
-                'class': 'logging.Formatter',
-                'format': '%(asctime)s %(name)-22s %(levelname)-8s %(message)s'
-            }
-        },
-        'handlers': {
-            'console': {
-                'class': 'logging.StreamHandler',
-                'level': 'INFO',
-                'formatter': 'default'
-            }
-        },
-        'loggers': {
-            __name__: {
-                'level': 'INFO',
-                'handlers': ['console'],
-                'propagate': False
-            }
-        },
-        'root': {
+    'version': 1,
+    'formatters': {
+        'default': {
+            'class': 'logging.Formatter',
+            'format': '%(asctime)s %(name)-22s %(levelname)-8s %(message)s'
+        }
+    },
+    'handlers': {
+        'console': {
+            'class': 'logging.StreamHandler',
+            'level': 'INFO',
+            'formatter': 'default'
+        }
+    },
+    'loggers': {
+        __name__: {
             'level': 'INFO',
-            'formatter': 'default',
-            'handlers': ['console']
+            'handlers': ['console'],
+            'propagate': False
         }
-    })
+    },
+    'root': {
+        'level': 'INFO',
+        'formatter': 'default',
+        'handlers': ['console']
+    }
+})
 log = logging.getLogger(__name__)
 
 #
@@ -105,6 +107,7 @@ def format(self, record):
 ma = Marshmallow()
 migrate = Migrate()
 oidc = OpenIDConnect()
+api = Api()
 
 
 def create_app(config_override=None, instance_path=None):
@@ -131,6 +134,13 @@ def create_app(config_override=None, instance_path=None):
     app.config.setdefault('SQLALCHEMY_TRACK_MODIFICATIONS', False)
     app.config.setdefault('OIDC_USER_INFO_ENABLED', True)
     app.config.setdefault('OIDC_RESOURCE_SERVER_ONLY', True)
+    app.config.setdefault('API_TITLE', 'MrMat :: Python :: API :: Flask')
+    app.config.setdefault('API_VERSION', __version__)
+    app.config.setdefault('OPENAPI_VERSION', '3.0.2')
+    app.config.setdefault('OPENAPI_URL_PREFIX', '/doc')
+    app.config.setdefault('OPENAPI_JSON_PATH', '/openapi.json')
+    app.config.setdefault('OPENAPI_SWAGGER_UI_PATH', '/swagger-ui')
+    app.config.setdefault('OPENAPI_SWAGGER_UI_URL', 'https://cdn.jsdelivr.net/npm/swagger-ui-dist@4.5.0/')
     app_config_file = os.path.expanduser(os.environ.get('APP_CONFIG', '~/etc/mrmat-python-api-flask.json'))
     if os.path.exists(app_config_file):
         log.info(f'Applying configuration from {app_config_file}')
@@ -162,24 +172,34 @@ def create_app(config_override=None, instance_path=None):
     db.init_app(app)
     migrate.init_app(app, db)
     ma.init_app(app)
+    api.init_app(app)
     if 'OIDC_CLIENT_SECRETS' in app.config.keys():
         oidc.init_app(app)
     else:
         log.warning('Running without any authentication/authorisation')
 
+    #
+    # Security Schemes
+
+    api.spec.components.security_scheme('openId', dict(
+                                            type='openIdConnect',
+                                            description='MrMat OIDC',
+                                            openIdConnectUrl='http://localhost:8080/auth/realms/master/.well-known/openid-configuration'
+                                        ))
+
     #
     # Import and register our APIs here
 
-    from mrmat_python_api_flask.apis.healthz import api_healthz          # pylint: disable=import-outside-toplevel
+    from mrmat_python_api_flask.apis.healthz import api_healthz  # pylint: disable=import-outside-toplevel
     from mrmat_python_api_flask.apis.greeting.v1 import api_greeting_v1  # pylint: disable=import-outside-toplevel
     from mrmat_python_api_flask.apis.greeting.v2 import api_greeting_v2  # pylint: disable=import-outside-toplevel
     from mrmat_python_api_flask.apis.greeting.v3 import api_greeting_v3  # pylint: disable=import-outside-toplevel
     from mrmat_python_api_flask.apis.resource.v1 import api_resource_v1  # pylint: disable=import-outside-toplevel
-    app.register_blueprint(api_healthz, url_prefix='/healthz')
-    app.register_blueprint(api_greeting_v1, url_prefix='/api/greeting/v1')
-    app.register_blueprint(api_greeting_v2, url_prefix='/api/greeting/v2')
-    app.register_blueprint(api_greeting_v3, url_prefix='/api/greeting/v3')
-    app.register_blueprint(api_resource_v1, url_prefix='/api/resource/v1')
+    api.register_blueprint(api_healthz, url_prefix='/healthz')
+    api.register_blueprint(api_greeting_v1, url_prefix='/api/greeting/v1')
+    api.register_blueprint(api_greeting_v2, url_prefix='/api/greeting/v2')
+    api.register_blueprint(api_greeting_v3, url_prefix='/api/greeting/v3')
+    api.register_blueprint(api_resource_v1, url_prefix='/api/resource/v1')
 
     #
     # Postprocess the request
diff --git a/mrmat_python_api_flask/apis/greeting/v1/api.py b/mrmat_python_api_flask/apis/greeting/v1/api.py
index 78441ed..aad319d 100644
--- a/mrmat_python_api_flask/apis/greeting/v1/api.py
+++ b/mrmat_python_api_flask/apis/greeting/v1/api.py
@@ -35,6 +35,8 @@
 
 @bp.route('/', methods=['GET'])
 @bp.response(200, GreetingV1Output)
+@bp.doc(summary='Get an anonymous greeting',
+        description='This version of the greeting API does not have a means to determine who you are')
 def get_greeting():
     """
     Receive a Hello World message
diff --git a/mrmat_python_api_flask/apis/greeting/v2/api.py b/mrmat_python_api_flask/apis/greeting/v2/api.py
index 4b63c5d..d3337ba 100644
--- a/mrmat_python_api_flask/apis/greeting/v2/api.py
+++ b/mrmat_python_api_flask/apis/greeting/v2/api.py
@@ -20,34 +20,32 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
-"""Blueprint for the Greeting API in V2
+"""
+Blueprint for the Greeting API in V2
 """
 
-from flask.views import MethodView
 from flask_smorest import Blueprint
 from .model import greeting_v2_output, GreetingV2Output, GreetingV2Input
 
-bp = Blueprint('greeting_v2',
-               __name__,
-               description='Greeting V2 API')
+bp = Blueprint('greeting_v2', __name__, description='Greeting V2 API')
 
 
-@bp.route('/')
-class GreetingV2(MethodView):
-    """GreetingV2 API Implementation
+@bp.route('/', methods=['GET'])
+@bp.arguments(GreetingV2Input,
+              description='The name to greet',
+              location='query',
+              required=False)
+@bp.response(200, GreetingV2Output)
+@bp.doc(summary='Get a greeting for a given name',
+        description='This version of the greeting API allows you to specify who to greet')
+def get(greeting_input):
     """
-
-    @bp.arguments(GreetingV2Input,
-                  description='The name to greet',
-                  location='query',
-                  required=False,
-                  as_kwargs=True)
-    @bp.response(200, GreetingV2Output)
-    def get(self, **kwargs):
-        """Get a named greeting
-        ---
-        It is possible to place logic here like we do for safe_name, but if we parse
-        the GreetingV2Input via MarshMallow then we can also set a 'default' or 'missing' there.
-        """
-        safe_name: str = kwargs['name'] or 'World'
-        return greeting_v2_output.dump({'message': f'Hello {safe_name}'}), 200
+    Get a named greeting
+    Returns:
+        A named greeting in JSON
+    ---
+    It is possible to place logic here like we do for safe_name, but if we parse
+    the GreetingV2Input via MarshMallow then we can also set a 'default' or 'missing' there.
+    """
+    safe_name: str = greeting_input['name'] or 'World'
+    return greeting_v2_output.dump({'message': f'Hello {safe_name}'}), 200
diff --git a/mrmat_python_api_flask/apis/greeting/v3/api.py b/mrmat_python_api_flask/apis/greeting/v3/api.py
index 913372d..2821ed8 100644
--- a/mrmat_python_api_flask/apis/greeting/v3/api.py
+++ b/mrmat_python_api_flask/apis/greeting/v3/api.py
@@ -20,17 +20,29 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
-"""Blueprint for the Greeting API in V3
+"""
+Blueprint for the Greeting API in V3
 """
 
-from flask import Blueprint, g
+from flask import g
+from flask_smorest import Blueprint
 
 from mrmat_python_api_flask import oidc
+from .model import greeting_v3_output, GreetingV3Output
 
-bp = Blueprint('greeting_v3', __name__)
+bp = Blueprint('greeting_v3', __name__, description='Greeting V3 API')
 
 
 @bp.route('/', methods=['GET'])
+@bp.response(200, schema=GreetingV3Output)
+@bp.doc(summary='Get a greeting for the authenticated name',
+        description='This version of the greeting API knows who you are',
+        security=[{'openId': ['profile']}])
 @oidc.accept_token(require_token=True)
 def get():
-    return {'message': f'Hello {g.oidc_token_info["username"]}'}, 200
+    """
+    Get a named greeting for the authenticated user
+    Returns:
+        A named greeting in JSON
+    """
+    return greeting_v3_output.dump(dict(message=f'Hello {g.oidc_token_info["username"]}')), 200
diff --git a/mrmat_python_api_flask/apis/greeting/v3/model.py b/mrmat_python_api_flask/apis/greeting/v3/model.py
index 6a1f372..a543ea7 100644
--- a/mrmat_python_api_flask/apis/greeting/v3/model.py
+++ b/mrmat_python_api_flask/apis/greeting/v3/model.py
@@ -27,20 +27,6 @@
 from mrmat_python_api_flask import ma
 
 
-class GreetingV3Input(ma.Schema):
-    class Meta:
-        fields: ('name',)
-
-    name = fields.Str(
-        required=False,
-        load_only=True,
-        missing='Stranger',
-        metadata={
-            'description': 'The name to greet'
-        }
-    )
-
-
 class GreetingV3Output(ma.Schema):
     class Meta:
         fields = ('message',)
diff --git a/mrmat_python_api_flask/apis/healthz/api.py b/mrmat_python_api_flask/apis/healthz/api.py
index 57ac363..30e86b9 100644
--- a/mrmat_python_api_flask/apis/healthz/api.py
+++ b/mrmat_python_api_flask/apis/healthz/api.py
@@ -25,15 +25,20 @@
 """
 
 from flask_smorest import Blueprint
-# from flask import Blueprint
 
 from mrmat_python_api_flask.apis import status_output, StatusOutputSchema
 
 bp = Blueprint('healthz', __name__, description='Health API')
-# bp = Blueprint('healthz', __name__)
 
 
 @bp.route('/', methods=['GET'])
 @bp.response(200, StatusOutputSchema)
+@bp.doc(summary='Get an indication of application health',
+        description='Assess application health')
 def get():
+    """
+    Respond with the app health status
+    Returns:
+        A status response
+    """
     return status_output.dump(dict(code=200, message='OK')), 200
diff --git a/mrmat_python_api_flask/apis/resource/v1/api.py b/mrmat_python_api_flask/apis/resource/v1/api.py
index 0413d64..a6fb2e5 100644
--- a/mrmat_python_api_flask/apis/resource/v1/api.py
+++ b/mrmat_python_api_flask/apis/resource/v1/api.py
@@ -26,14 +26,15 @@
 from typing import Tuple
 
 from werkzeug.local import LocalProxy
-from flask import Blueprint, request, g, current_app
+from flask import request, g, current_app
+from flask_smorest import Blueprint
 from marshmallow import ValidationError
 
 from mrmat_python_api_flask import db, oidc
 from mrmat_python_api_flask.apis import status_output
-from .model import Owner, Resource, resource_schema, resources_schema
+from .model import Owner, Resource, ResourceSchema, OwnerSchema, resource_schema, resources_schema
 
-bp = Blueprint('resource_v1', __name__)
+bp = Blueprint('resource_v1', __name__, description='Resource V1 API')
 logger = LocalProxy(lambda: current_app.logger)
 
 
@@ -43,6 +44,10 @@ def _extract_identity() -> Tuple:
 
 
 @bp.route('/', methods=['GET'])
+@bp.doc(summary='Get all known resources',
+        description='Returns all currently known resources and their metadata',
+        security=[{'openId': ['mpaf-read']}])
+@bp.response(200, schema=ResourceSchema(many=True))
 @oidc.accept_token(require_token=True, scopes_required=['mpaf-read'])
 def get_all():
     (client_id, name) = _extract_identity()
@@ -52,6 +57,10 @@ def get_all():
 
 
 @bp.route('/<i>', methods=['GET'])
+@bp.doc(summary='Get a single resource',
+        description='Return a single resource identified by its resource id.',
+        security=[{'openId': ['mpaf-read']}])
+@bp.response(200, schema=ResourceSchema)
 @oidc.accept_token(require_token=True, scopes_required=['mpaf-read'])
 def get_one(i: int):
     (client_id, name) = _extract_identity()
@@ -63,6 +72,14 @@ def get_one(i: int):
 
 
 @bp.route('/', methods=['POST'])
+@bp.doc(summary='Create a resource',
+        description='Create a resource owned by the authenticated user',
+        security=[{'openId':['mpaf-write']}])
+@bp.arguments(ResourceSchema,
+              location='json',
+              required=True,
+              description='The resource to create')
+@bp.response(200, schema=ResourceSchema)
 @oidc.accept_token(require_token=True, scopes_required=['mpaf-write'])
 def create():
     (client_id, name) = _extract_identity()
diff --git a/pytest.ini b/pytest.ini
index f589022..5be3de4 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -4,7 +4,7 @@
 
 [pytest]
 testpaths = tests
-addopts = --cov=mrmat_python_api_flask --cov-report=term --cov-report=xml:build/coverage.xml --junit-xml=build/junit.xml
+#addopts = --cov=mrmat_python_api_flask --cov-report=term --cov-report=xml:build/coverage.xml --junit-xml=build/junit.xml
 junit_family = xunit2
 log_cli = 1
 log_cli_level = INFO
diff --git a/requirements.txt b/requirements.txt
index fb3bc89..f68a4a9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,7 +9,7 @@ rich~=10.14.0                   # MIT
 flask~=2.0.2                    # BSD 3-Clause
 Flask-SQLAlchemy~=2.5.1         # BSD 3-Clause
 Flask-Migrate~=3.1.0            # MIT
-flask-smorest~=0.35.0           # MIT
+flask-smorest~=0.36.0           # MIT
 Flask-Marshmallow~=0.14.0       # MIT
 marshmallow-sqlalchemy~=0.26.0  # MIT
 psycopg2-binary~=2.9.1          # LGPL with exceptions
diff --git a/setup.cfg b/setup.cfg
index f5c0ea6..9444d3d 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -25,7 +25,7 @@ install_requires =
     Flask-OIDC~=1.4.0
     requests_oauthlib~=1.3.0
     rich~=10.14.0
-    flask-smorest~=0.35.0
+    flask-smorest~=0.36.0
 
 [options.entry_points]
 console_scripts =

From 9c8e45f59823962dbbf58fe01b53f91216ea7b0f Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 12:14:44 +0100
Subject: [PATCH 21/39] Fixed some pylint complaints

---
 .idea/pylint.xml                   |  1 +
 mrmat_python_api_flask/__init__.py | 18 +++++++++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/.idea/pylint.xml b/.idea/pylint.xml
index 46ea4e7..161503e 100644
--- a/.idea/pylint.xml
+++ b/.idea/pylint.xml
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="PylintConfigService">
+    <option name="customPylintPath" value="C:\Users\imfeldma\var\venv\mrmat-python-api-flask\Scripts\pylint.exe" />
     <option name="pylintrcPath" value=".pylintrc" />
   </component>
 </project>
\ No newline at end of file
diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index a97a0da..9e3068a 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -46,6 +46,9 @@
 
 
 class RequestFormatter(logging.Formatter):
+    """
+    Formatter for requests
+    """
     def format(self, record):
         if has_request_context():
             record.blueprint = request.blueprint
@@ -143,11 +146,11 @@ def create_app(config_override=None, instance_path=None):
     app.config.setdefault('OPENAPI_SWAGGER_UI_URL', 'https://cdn.jsdelivr.net/npm/swagger-ui-dist@4.5.0/')
     app_config_file = os.path.expanduser(os.environ.get('APP_CONFIG', '~/etc/mrmat-python-api-flask.json'))
     if os.path.exists(app_config_file):
-        log.info(f'Applying configuration from {app_config_file}')
+        log.info('Applying configuration from %s', app_config_file)
         app.config.from_json(app_config_file)
     if config_override is not None:
         for override in config_override:
-            log.info(f'Overriding configuration for {override} from the command line')
+            log.info('Overriding configuration for %s from the command line', override)
         app.config.from_mapping(config_override)
     if app.config['SECRET_KEY'] is None:
         log.warning('Generating new secret key')
@@ -158,12 +161,12 @@ def create_app(config_override=None, instance_path=None):
 
     try:
         if not os.path.exists(app.instance_path):
-            log.info(f'Creating new instance path at {app.instance_path}')
+            log.info('Creating new instance path at %s', app.instance_path)
             os.makedirs(app.instance_path)
         else:
-            log.info(f'Using existing instance path at {app.instance_path}')
+            log.info('Using existing instance path at %s', app.instance_path)
     except OSError:
-        log.error(f'Failed to create new instance path at {app.instance_path}')
+        log.error('Failed to create new instance path at %s', app.instance_path)
         sys.exit(1)
 
     # When using Flask-SQLAlchemy, there is no need to explicitly import DAO classes because they themselves
@@ -184,7 +187,8 @@ def create_app(config_override=None, instance_path=None):
     api.spec.components.security_scheme('openId', dict(
                                             type='openIdConnect',
                                             description='MrMat OIDC',
-                                            openIdConnectUrl='http://localhost:8080/auth/realms/master/.well-known/openid-configuration'
+                                            openIdConnectUrl='http://localhost:8080/auth/realms/master'
+                                                             '/.well-known/openid-configuration'
                                         ))
 
     #
@@ -207,7 +211,7 @@ def create_app(config_override=None, instance_path=None):
 
     @app.after_request
     def after_request(response: flask.Response) -> flask.Response:
-        log.info(f'[{response.status_code}]')
+        log.info('[%s]', response.status_code)
         response.headers.add('X-MrMat-Python-API-Flask-Version', __version__)
         return response
 

From 8fc4b0c1428b077c84f6882e2a5ec793c13f238b Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 12:47:50 +0100
Subject: [PATCH 22/39] Fixed pylint complaints

---
 ci/__init__.py                                |  5 ++
 mrmat_python_api_flask/apis/__init__.py       | 25 ++++++++-
 mrmat_python_api_flask/apis/healthz/api.py    |  4 +-
 .../apis/resource/v1/api.py                   | 20 +++----
 .../apis/resource/v1/model.py                 |  1 -
 tests/conftest.py                             | 53 ++++++++++++-------
 tests/resource_api_client.py                  |  7 +++
 tests/test_greeting_v1.py                     |  4 ++
 tests/test_greeting_v2.py                     |  4 ++
 tests/test_greeting_v3.py                     |  7 +++
 tests/test_healthz.py                         |  4 ++
 tests/test_resource_v1.py                     |  7 +++
 12 files changed, 107 insertions(+), 34 deletions(-)

diff --git a/ci/__init__.py b/ci/__init__.py
index 798ea25..28b6707 100644
--- a/ci/__init__.py
+++ b/ci/__init__.py
@@ -21,6 +21,11 @@
 #  SOFTWARE.
 #
 
+"""
+Build-time only module to determine the version of this project from CI and if
+not provided a reasonable development-time default.
+"""
+
 import os
 
 version = os.environ.get('MRMAT_VERSION', '0.0.0.dev0')
diff --git a/mrmat_python_api_flask/apis/__init__.py b/mrmat_python_api_flask/apis/__init__.py
index d9e9c8f..d5a36d1 100644
--- a/mrmat_python_api_flask/apis/__init__.py
+++ b/mrmat_python_api_flask/apis/__init__.py
@@ -24,17 +24,21 @@
 Code that can be re-used by all APIs
 """
 
+from typing import Optional
 from marshmallow import fields
 
 from mrmat_python_api_flask import ma
 
 
 class StatusOutputSchema(ma.Schema):
+    """
+    A schema for a generic status message returned via HTTP
+    """
     class Meta:
         fields = ('code', 'message')
 
     code = fields.Int(
-        default=0,
+        default=200,
         metadata={
             'description': 'An integer status code which will typically match the HTTP status code'
         }
@@ -47,5 +51,24 @@ class Meta:
         }
     )
 
+    def __init__(self, code: Optional[int] = 200, message: Optional[str] = 'OK'):
+        super().__init__()
+        self.code = code
+        self.message = message
+
 
 status_output = StatusOutputSchema()
+
+
+def status(code: Optional[int] = 200, message: Optional[str] = 'OK') -> dict:
+    """
+    A utility to return a standardised HTTP status message
+    Args:
+        code: Status code, typically matches the HTTP status code
+        message: Human-readable message
+
+    Returns:
+        A dict to be rendered into JSON
+    """
+    status_message = StatusOutputSchema(code=code, message=message)
+    return status_output.dump(status_message)
diff --git a/mrmat_python_api_flask/apis/healthz/api.py b/mrmat_python_api_flask/apis/healthz/api.py
index 30e86b9..5390c42 100644
--- a/mrmat_python_api_flask/apis/healthz/api.py
+++ b/mrmat_python_api_flask/apis/healthz/api.py
@@ -26,7 +26,7 @@
 
 from flask_smorest import Blueprint
 
-from mrmat_python_api_flask.apis import status_output, StatusOutputSchema
+from mrmat_python_api_flask.apis import status, StatusOutputSchema
 
 bp = Blueprint('healthz', __name__, description='Health API')
 
@@ -41,4 +41,4 @@ def get():
     Returns:
         A status response
     """
-    return status_output.dump(dict(code=200, message='OK')), 200
+    return status(code=200, message='OK'), 200
diff --git a/mrmat_python_api_flask/apis/resource/v1/api.py b/mrmat_python_api_flask/apis/resource/v1/api.py
index a6fb2e5..5ef6ef7 100644
--- a/mrmat_python_api_flask/apis/resource/v1/api.py
+++ b/mrmat_python_api_flask/apis/resource/v1/api.py
@@ -31,8 +31,8 @@
 from marshmallow import ValidationError
 
 from mrmat_python_api_flask import db, oidc
-from mrmat_python_api_flask.apis import status_output
-from .model import Owner, Resource, ResourceSchema, OwnerSchema, resource_schema, resources_schema
+from mrmat_python_api_flask.apis import status
+from .model import Owner, Resource, ResourceSchema, resource_schema, resources_schema
 
 bp = Blueprint('resource_v1', __name__, description='Resource V1 API')
 logger = LocalProxy(lambda: current_app.logger)
@@ -67,14 +67,14 @@ def get_one(i: int):
     logger.info(f'Called by {client_id} for {name}')
     resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
-        return status_output.dump(code=404, message='Unable to find a resource with this id'), 404
+        return status(code=404, message='Unable to find a resource with this id'), 404
     return resource_schema.dump(resource), 200
 
 
 @bp.route('/', methods=['POST'])
 @bp.doc(summary='Create a resource',
         description='Create a resource owned by the authenticated user',
-        security=[{'openId':['mpaf-write']}])
+        security=[{'openId': ['mpaf-write']}])
 @bp.arguments(ResourceSchema,
               location='json',
               required=True,
@@ -87,7 +87,7 @@ def create():
     try:
         json_body = request.get_json()
         if not json_body:
-            return status_output.dump(code=400, message='Missing input data'), 400
+            return status(code=400, message='Missing required input data'), 400
         body = resource_schema.load(request.get_json())
     except ValidationError as ve:
         return ve.messages, 422
@@ -100,7 +100,7 @@ def create():
         .one_or_none()
     if resource is not None:
         # TODO: Allow turning this off because it can be used as an enumeration attack
-        return status_output.dump(code=409, message='This resource already exists'), 409
+        return status(code=409, message='This resource already exists'), 409
 
     #
     # Look up the owner and create one if necessary
@@ -125,9 +125,9 @@ def modify(i: int):
 
     resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
-        return status_output.dump(code=404, message='Unable to find a resource with this id'), 404
+        return status(code=404, message='Unable to find a resources with this id'), 404
     if resource.owner.client_id != client_id:
-        return status_output.dump(code=401, message='You are not authorised to modify this resource'), 401
+        return status(code=401, message='You are not authorised to modify this resource'), 401
     resource.name = body['name']
 
     db.session.add(resource)
@@ -144,9 +144,9 @@ def remove(i: int):
     resource = Resource.query.filter(Resource.id == i).one_or_none()
     if resource is None:
         # TODO: Allow turning this off because it can be used as an enumeration attack
-        return status_output.dump(code=410, message='The resource is gone'), 410
+        return status(code=410, message='This resource is gone'), 410
     if resource.owner.client_id != client_id:
-        return status_output.dump(code=401, message='You are not authorised to remove this resource'), 401
+        return status(code=401, message='You are not authorised to remove this resource'), 401
 
     db.session.delete(resource)
     db.session.commit()
diff --git a/mrmat_python_api_flask/apis/resource/v1/model.py b/mrmat_python_api_flask/apis/resource/v1/model.py
index a767473..2dec9e5 100644
--- a/mrmat_python_api_flask/apis/resource/v1/model.py
+++ b/mrmat_python_api_flask/apis/resource/v1/model.py
@@ -25,7 +25,6 @@
 
 from sqlalchemy import ForeignKey, Column, Integer, String, UniqueConstraint, BigInteger
 from sqlalchemy.orm import relationship
-from marshmallow import fields
 
 from mrmat_python_api_flask import db, ma
 
diff --git a/tests/conftest.py b/tests/conftest.py
index de3f8c5..86dd52c 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -20,6 +20,10 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Code available to the entire testsuite
+"""
+
 import os
 import logging
 import json
@@ -45,15 +49,22 @@
 
 
 class TIException(Exception):
+    """
+    An dedicated exception raised when issues occur establishing the test infrastructure
+    """
     skip: bool = False
     msg: str = 'An unexpected exception occurred'
 
     def __init__(self, msg: str, skip: Optional[bool] = False):
+        super().__init__()
         self.skip = skip
         self.msg = msg
 
 
 class AbstractTestInfrastructure(abc.ABC):
+    """
+    An abstract class dedicated to any local test infrastructure implementation
+    """
 
     _app = None
 
@@ -67,6 +78,10 @@ def app_client(self):
 
 
 class NoTestInfrastructure(AbstractTestInfrastructure):
+    """
+    An implementation of test infrastructure that does not rely on anything (e.g. there is nothing
+    available except what we have right here)
+    """
 
     @contextlib.contextmanager
     def app(self):
@@ -87,7 +102,7 @@ def app_client(self):
 
 class LocalTestInfrastructure(object):
     """
-    A class for administration of the available test infrastructure
+    A class for administration of the available local test infrastructure
     """
 
     _ti_config_path: pathlib.Path = None
@@ -111,10 +126,10 @@ def __init__(self, ti_config_path: pathlib.Path):
                                                  username=self._ti_config['keycloak'].get('admin_user'),
                                                  password=self._ti_config['keycloak'].get('admin_password'),
                                                  realm_name='master')
-        except psycopg2.OperationalError:
-            raise TIException(skip=True, msg='Failed to obtain an administrative connection to PG')
-        except KeycloakOperationError:
-            raise TIException(skip=True, msg='Failed to obtain an administrative connection to KeyCloak')
+        except psycopg2.OperationalError as oe:
+            raise TIException(skip=True, msg='Failed to obtain an administrative connection to PG') from oe
+        except KeycloakOperationError as koe:
+            raise TIException(skip=True, msg='Failed to obtain an administrative connection to KeyCloak') from koe
 
     @contextlib.contextmanager
     def app_dsn(self,
@@ -124,7 +139,7 @@ def app_dsn(self,
                 drop_finally: bool = False):
         try:
             cur = self._pg_admin.cursor()
-            cur.execute("SELECT COUNT(rolname) FROM pg_roles WHERE rolname = %(role_name)s;", {'role_name': role})
+            cur.execute('SELECT COUNT(rolname) FROM pg_roles WHERE rolname = %(role_name)s;', {'role_name': role})
             role_count = cur.fetchone()
             if role_count[0] == 0:
                 cur.execute(
@@ -145,11 +160,11 @@ def app_dsn(self,
             app_dsn = f"postgresql://{role}:{password}@{dsn_info['host']}:{dsn_info['port']}/{dsn_info['dbname']}"
             yield app_dsn
 
-        except psycopg2.Error:
-            raise TIException(msg=f'Failed to create role {role} on schema {schema}')
+        except psycopg2.Error as e:
+            raise TIException(msg=f'Failed to create role {role} on schema {schema}') from e
         finally:
             if drop_finally:
-                LOGGER.info(f'Dropping schema {schema} and associated role {role}')
+                LOGGER.info('Dropping schema %s and associated role %s', schema, role)
                 cur = self._pg_admin.cursor()
                 cur.execute(
                     psycopg2.sql.SQL('DROP SCHEMA {} CASCADE').format(psycopg2.sql.Identifier(schema)))
@@ -164,18 +179,17 @@ def app_auth(self,
                  client_id: str = 'test-client',
                  ti_id: str = 'ti-client',
                  scopes: List[str] = None,
-                 scope: str = 'test-scope',
                  redirect_uris: List = None,
                  drop_finally: bool = False):
         try:
             if scopes is None:
                 scopes = []
-            for scope in scopes:
-                if not self._keycloak_admin.get_client_scope(scope):
+            for s in scopes:
+                if not self._keycloak_admin.get_client_scope(s):
                     self._keycloak_admin.create_client_scope({
-                        'id': scope,
-                        'name': scope,
-                        'description': f'Test {scope}',
+                        'id': s,
+                        'name': s,
+                        'description': f'Test {s}',
                         'protocol': 'openid-connect'
                     })
             if not self._keycloak_admin.get_client_id(client_id):
@@ -203,7 +217,7 @@ def app_auth(self,
                                       realm_name='master',
                                       verify=True)
             discovery = keycloak.well_know()
-            with open(f'{tmpdir}/client_secrets.json', 'w') as cs:
+            with open(f'{tmpdir}/client_secrets.json', 'w', encoding='UTF-8') as cs:
                 json.dump({
                     'web': {
                         'client_id': client_id,
@@ -229,11 +243,10 @@ def app_auth(self,
             LOGGER.exception(koe)
         finally:
             if drop_finally:
-                LOGGER.info(f'Deleting client_id {client_id}')
+                LOGGER.info('Deleting client_id %s', client_id)
                 self._keycloak_admin.delete_client(client_id)
-                LOGGER.info(f'Deleting client_id {ti_id}')
+                LOGGER.info('Deleting client_id %s', ti_id)
                 self._keycloak_admin.delete_client(ti_id)
-                LOGGER.info(f'Deleting scope {scope}')
 
     @contextlib.contextmanager
     def app(self,
@@ -289,7 +302,7 @@ def user_token(self,
             yield token
         finally:
             if drop_finally:
-                LOGGER.info(f'Deleting user {user_id}')
+                LOGGER.info('Deleting user %s', user_id)
                 self._keycloak_admin.delete_user(user_id)
 
 
diff --git a/tests/resource_api_client.py b/tests/resource_api_client.py
index bca0e9f..12c99cf 100644
--- a/tests/resource_api_client.py
+++ b/tests/resource_api_client.py
@@ -20,12 +20,19 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Resource API test utilities
+"""
+
 from flask import Response
 from flask.testing import FlaskClient
 from typing import Tuple, Dict, Optional
 
 
 class ResourceAPIClient:
+    """
+    A client class for the resource API
+    """
     client: FlaskClient
     token: Dict
 
diff --git a/tests/test_greeting_v1.py b/tests/test_greeting_v1.py
index 0116642..b4fbecb 100644
--- a/tests/test_greeting_v1.py
+++ b/tests/test_greeting_v1.py
@@ -20,6 +20,10 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Tests for the greeting v1 API
+"""
+
 import pytest
 
 from flask import Response
diff --git a/tests/test_greeting_v2.py b/tests/test_greeting_v2.py
index 2d3dc90..2b46f43 100644
--- a/tests/test_greeting_v2.py
+++ b/tests/test_greeting_v2.py
@@ -20,6 +20,10 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Tests for the Greeting V2 API
+"""
+
 import pytest
 
 from flask import Response
diff --git a/tests/test_greeting_v3.py b/tests/test_greeting_v3.py
index 5ee1936..5695cad 100644
--- a/tests/test_greeting_v3.py
+++ b/tests/test_greeting_v3.py
@@ -20,12 +20,19 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Tests for the Greeting V3 API
+"""
+
 import pytest
 from flask import Response
 
 
 @pytest.mark.usefixtures('local_test_infrastructure')
 class TestWithLocalInfrastructure:
+    """
+    Tests for the Greeting V3 API using locally available infrastructure
+    """
 
     def test_greeting_v3(self, tmpdir, local_test_infrastructure):
         with local_test_infrastructure.app_client(tmpdir) as client:
diff --git a/tests/test_healthz.py b/tests/test_healthz.py
index 53f7ec9..1fc3cb6 100644
--- a/tests/test_healthz.py
+++ b/tests/test_healthz.py
@@ -20,6 +20,10 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Tests for the Healthz API
+"""
+
 import pytest
 
 from flask import Response
diff --git a/tests/test_resource_v1.py b/tests/test_resource_v1.py
index f99ebe4..9c8254a 100644
--- a/tests/test_resource_v1.py
+++ b/tests/test_resource_v1.py
@@ -20,6 +20,10 @@
 #  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #  SOFTWARE.
 
+"""
+Tests for the Resource API
+"""
+
 import pytest
 from datetime import datetime
 
@@ -28,6 +32,9 @@
 
 @pytest.mark.usefixtures('local_test_infrastructure')
 class TestWithLocalInfrastructure:
+    """
+    Tests for the Resource API using locally available infrastructure
+    """
 
     def test_resource_lifecycle(self, tmpdir, local_test_infrastructure):
         with local_test_infrastructure.app_client(tmpdir) as client:

From ff488fd1793966fe836db987de80230664beca2b Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 12:50:48 +0100
Subject: [PATCH 23/39] Installing dev requirements first saves some time later

---
 requirements.txt | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index f68a4a9..5acfd23 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,6 +3,16 @@
 #            quickly install both build- and test-requirements from within your development environment. DO MAKE
 #            SURE to update setup.cfg whenever you make changes here.
 
+# Build/Test requirements
+
+build~=0.7.0                    # MIT
+wheel~=0.36.2                   # MIT
+pylint~=2.12.2                  # GPL-2.0-or-later
+pytest~=6.2.5                   # MIT
+pytest-cov~=3.0.0               # MIT
+pyjwt==2.3.0                    # MIT
+python-keycloak~=0.26.1         # MIT
+
 # Runtime requirements
 
 rich~=10.14.0                   # MIT
@@ -15,13 +25,3 @@ marshmallow-sqlalchemy~=0.26.0  # MIT
 psycopg2-binary~=2.9.1          # LGPL with exceptions
 Flask-OIDC~=1.4.0               # MIT
 requests_oauthlib~=1.3.0        # ISC
-
-# Build/Test requirements
-
-build~=0.7.0        # MIT
-wheel~=0.36.2       # MIT
-pylint~=2.12.2      # GPL-2.0-or-later
-pytest~=6.2.5       # MIT
-pytest-cov~=3.0.0   # MIT
-pyjwt==2.3.0        # MIT
-python-keycloak~=0.26.1     # MIT

From a473d3cbbd1689c4dbd800e1c66294c57b630fbc Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 13:14:41 +0100
Subject: [PATCH 24/39] Removed extraneous logging import

---
 mrmat_python_api_flask/__init__.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/mrmat_python_api_flask/__init__.py b/mrmat_python_api_flask/__init__.py
index 9e3068a..863e83c 100644
--- a/mrmat_python_api_flask/__init__.py
+++ b/mrmat_python_api_flask/__init__.py
@@ -25,7 +25,6 @@
 
 import sys
 import os
-import logging
 import logging.config
 import secrets
 import importlib.metadata

From 75b960983cb66f17df9a1c5932c9f2486005ed41 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 13:24:26 +0100
Subject: [PATCH 25/39] Updated dependencies

---
 requirements.txt | 26 +++++++++++++-------------
 setup.cfg        | 12 ++++++------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 5acfd23..bbeed83 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,23 +5,23 @@
 
 # Build/Test requirements
 
-build~=0.7.0                    # MIT
-wheel~=0.36.2                   # MIT
-pylint~=2.12.2                  # GPL-2.0-or-later
-pytest~=6.2.5                   # MIT
-pytest-cov~=3.0.0               # MIT
-pyjwt==2.3.0                    # MIT
-python-keycloak~=0.26.1         # MIT
+build~=0.7.0             # MIT
+wheel~=0.37.1            # MIT
+pylint~=2.12.2           # GPL-2.0-or-later
+pytest~=7.0.1            # MIT
+pytest-cov~=3.0.0        # MIT
+pyjwt~=2.3.0             # MIT
+python-keycloak~=0.27.0  # MIT
 
 # Runtime requirements
 
-rich~=10.14.0                   # MIT
-flask~=2.0.2                    # BSD 3-Clause
+rich~=11.2.0                    # MIT
+Flask~=2.0.3                    # BSD 3-Clause
 Flask-SQLAlchemy~=2.5.1         # BSD 3-Clause
 Flask-Migrate~=3.1.0            # MIT
-flask-smorest~=0.36.0           # MIT
+flask-smorest~=0.37.0           # MIT
 Flask-Marshmallow~=0.14.0       # MIT
-marshmallow-sqlalchemy~=0.26.0  # MIT
-psycopg2-binary~=2.9.1          # LGPL with exceptions
+marshmallow-sqlalchemy~=0.27.0  # MIT
+psycopg2-binary~=2.9.3          # LGPL with exceptions
 Flask-OIDC~=1.4.0               # MIT
-requests_oauthlib~=1.3.0        # ISC
+requests_oauthlib~=1.3.1        # ISC
diff --git a/setup.cfg b/setup.cfg
index 9444d3d..1323b31 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -16,16 +16,16 @@ classifiers =
 [options]
 packages = find:
 install_requires =
-    flask~=2.0.2
+    rich~=11.2.0
+    Flask~=2.0.3
     Flask-SQLAlchemy~=2.5.1
     Flask-Migrate~=3.1.0
+    flask-smorest~=0.37.0
     Flask-Marshmallow~=0.14.0
-    marshmallow-sqlalchemy~=0.26.0
-    psycopg2-binary~=2.9.1
+    marshmallow-sqlalchemy~=0.27.0
+    psycopg2-binary~=2.9.3
     Flask-OIDC~=1.4.0
-    requests_oauthlib~=1.3.0
-    rich~=10.14.0
-    flask-smorest~=0.36.0
+    requests_oauthlib~=1.3.1
 
 [options.entry_points]
 console_scripts =

From 2dddb25fac1458956db5951512d2a2cf12c402d6 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 13:31:46 +0100
Subject: [PATCH 26/39] Temporarily disabling test

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3bd5bb7..4579986 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -70,7 +70,7 @@ jobs:
         export PYTHONUSERBASE=${HOME}/.local
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
-        PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
+        #PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
 
     - name: Upload test results

From ec056906ad4609a32e2e4b95d7d260230adec63d Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 13:37:22 +0100
Subject: [PATCH 27/39] Pipeline debugging

---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4579986..7ded0ac 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -69,6 +69,7 @@ jobs:
       run: |
         export PYTHONUSERBASE=${HOME}/.local
         pip install --user -r requirements.txt
+        find ~/.local
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         #PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n

From b189a36c38f53cb9cac54dff1d99dbc97ec30cac Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 14:04:28 +0100
Subject: [PATCH 28/39] Re-enabled testing

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7ded0ac..5c4946e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -71,7 +71,7 @@ jobs:
         pip install --user -r requirements.txt
         find ~/.local
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
-        #PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
+        PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
 
     - name: Upload test results

From cc05651404cd17318f3d63b8708d9b0a23182e90 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 14:07:38 +0100
Subject: [PATCH 29/39] Perhaps without PYTHONPATH?

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5c4946e..183c3af 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -71,7 +71,7 @@ jobs:
         pip install --user -r requirements.txt
         find ~/.local
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
-        PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
+        python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
 
     - name: Upload test results

From 971875d0ae810f9327db4ba240e6d082947fcfe3 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 17:52:20 +0100
Subject: [PATCH 30/39] Fixed the testsuite

---
 .../tests__local_infrastructure_.xml          |  2 +-
 pytest.ini                                    |  2 +-
 tests/conftest.py                             | 22 ++++++++++---------
 tests/test_resource_v1.py                     |  2 +-
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/.idea/runConfigurations/tests__local_infrastructure_.xml b/.idea/runConfigurations/tests__local_infrastructure_.xml
index 5e0afc9..e149f59 100644
--- a/.idea/runConfigurations/tests__local_infrastructure_.xml
+++ b/.idea/runConfigurations/tests__local_infrastructure_.xml
@@ -6,7 +6,7 @@
     <envs>
       <env name="APP_CONFIG" value="$USER_HOME$/etc/mrmat-python-api-flask/mrmat-python-api-flask.json" />
       <env name="HTTPLIB2_CA_CERTS" value="$USER_HOME$/var/ca/mrmat-ca/ca.crt" />
-      <env name="TI_CONFIG" value="$USER_HOME$/etc/ted.json" />
+      <env name="TI_CONFIG" value="$USER_HOME$/etc/ti-local.json" />
     </envs>
     <option name="SDK_HOME" value="" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
diff --git a/pytest.ini b/pytest.ini
index 5be3de4..f589022 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -4,7 +4,7 @@
 
 [pytest]
 testpaths = tests
-#addopts = --cov=mrmat_python_api_flask --cov-report=term --cov-report=xml:build/coverage.xml --junit-xml=build/junit.xml
+addopts = --cov=mrmat_python_api_flask --cov-report=term --cov-report=xml:build/coverage.xml --junit-xml=build/junit.xml
 junit_family = xunit2
 log_cli = 1
 log_cli_level = INFO
diff --git a/tests/conftest.py b/tests/conftest.py
index 86dd52c..b4f2874 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -109,7 +109,7 @@ class LocalTestInfrastructure(object):
     _ti_config: Dict = {}
 
     _pg_admin = None
-    _keycloak_admin: KeycloakAdmin
+    _keycloak_admin: KeycloakAdmin = None
     _auth_info: Dict = {}
     _app = None
 
@@ -125,11 +125,13 @@ def __init__(self, ti_config_path: pathlib.Path):
             self._keycloak_admin = KeycloakAdmin(server_url=self._ti_config['keycloak'].get('admin_url'),
                                                  username=self._ti_config['keycloak'].get('admin_user'),
                                                  password=self._ti_config['keycloak'].get('admin_password'),
-                                                 realm_name='master')
+                                                 realm_name=self._ti_config['keycloak'].get('admin_realm'))
         except psycopg2.OperationalError as oe:
             raise TIException(skip=True, msg='Failed to obtain an administrative connection to PG') from oe
         except KeycloakOperationError as koe:
             raise TIException(skip=True, msg='Failed to obtain an administrative connection to KeyCloak') from koe
+        except Exception as e:
+            raise TIException(skip=True, msg='Unknown exception') from e
 
     @contextlib.contextmanager
     def app_dsn(self,
@@ -184,14 +186,14 @@ def app_auth(self,
         try:
             if scopes is None:
                 scopes = []
-            for s in scopes:
-                if not self._keycloak_admin.get_client_scope(s):
-                    self._keycloak_admin.create_client_scope({
-                        'id': s,
-                        'name': s,
-                        'description': f'Test {s}',
-                        'protocol': 'openid-connect'
-                    })
+            # existing_scopes = self._keycloak_admin.get_client_scopes()
+            # existing_scopes = [e.name for e in existing_scopes]
+            for desired_scope in scopes:
+                self._keycloak_admin.create_client_scope(skip_exists=True, payload={
+                    'id': desired_scope,
+                    'name': desired_scope,
+                    'description': f'Test {desired_scope}',
+                    'protocol': 'openid-connect'})
             if not self._keycloak_admin.get_client_id(client_id):
                 self._keycloak_admin.create_client({
                     'id': client_id,
diff --git a/tests/test_resource_v1.py b/tests/test_resource_v1.py
index 9c8254a..b8e3d53 100644
--- a/tests/test_resource_v1.py
+++ b/tests/test_resource_v1.py
@@ -80,7 +80,7 @@ def test_insufficient_scope(self, tmpdir, local_test_infrastructure):
 
                 (resp, resp_body) = rac.create(name='Unauthorised')
                 assert resp.status_code == 401
-                assert resp_body is None
+                assert resp_body == {}
 
                 (resp, resp_body) = rac.modify(1, name='Unauthorised')
                 assert resp.status_code == 401

From c9052715a3c9b0c14768e9e9b2d577000115246b Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 17:53:13 +0100
Subject: [PATCH 31/39] Re-enabled testing

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 183c3af..ab3950e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -68,8 +68,8 @@ jobs:
     - name: Build
       run: |
         export PYTHONUSERBASE=${HOME}/.local
+        pip install --user wheel
         pip install --user -r requirements.txt
-        find ~/.local
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n

From 26cd2e4e9a304c1e8ee77529fdd5831530786821 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 17:56:49 +0100
Subject: [PATCH 32/39] Caching pip cache too

---
 .github/workflows/build.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ab3950e..872cb9b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -62,7 +62,9 @@ jobs:
     - name: Establish a cache for dependencies
       uses: actions/cache@v2
       with:
-        path: ${HOME}/.local
+        path: |
+          ${HOME}/.local
+          ${HOME}/.cache/pip
         key: ${{ runner.os }}
 
     - name: Build
@@ -71,8 +73,9 @@ jobs:
         pip install --user wheel
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
-        python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
+        python -m pytest --cov=mrmat_python_api_flask
+
 
     - name: Upload test results
       uses: actions/upload-artifact@v2

From 5ef7893844004610c10c56d205f70fea061441e6 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 17:59:40 +0100
Subject: [PATCH 33/39] Temporarily disabling test

---
 .github/workflows/build.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 872cb9b..02f0124 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -74,8 +74,7 @@ jobs:
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
-        python -m pytest --cov=mrmat_python_api_flask
-
+        #python -m pytest --cov=mrmat_python_api_flask
 
     - name: Upload test results
       uses: actions/upload-artifact@v2

From ba86f71ca1c794697cd294c4b227d0cd00c47c5e Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 18:03:02 +0100
Subject: [PATCH 34/39] Should be tilde rather than ${HOME}

---
 .github/workflows/build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 02f0124..4c10c3c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -63,8 +63,8 @@ jobs:
       uses: actions/cache@v2
       with:
         path: |
-          ${HOME}/.local
-          ${HOME}/.cache/pip
+          ~/.local
+          ~/.cache/pip
         key: ${{ runner.os }}
 
     - name: Build

From 53ab469f12d85814099aa9e9bc9f1a9742b7b160 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 18:05:03 +0100
Subject: [PATCH 35/39] Just trying with pytest

---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4c10c3c..50fa330 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -75,6 +75,7 @@ jobs:
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
         #python -m pytest --cov=mrmat_python_api_flask
+        pytest 
 
     - name: Upload test results
       uses: actions/upload-artifact@v2

From bdcdf84c040bc266109804e7a173ce5b8309fc15 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 18:08:02 +0100
Subject: [PATCH 36/39] Need to point to local

---
 .github/workflows/build.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 50fa330..f379d08 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -74,8 +74,7 @@ jobs:
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
-        #python -m pytest --cov=mrmat_python_api_flask
-        pytest 
+        PYTHONPATH=${GITHUB_WORKSPACE} pytest --cov=mrmat_python_api_flask
 
     - name: Upload test results
       uses: actions/upload-artifact@v2

From ecc0fa7075cabcf99b88b7733e64ff969aaa50d9 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 18:09:42 +0100
Subject: [PATCH 37/39] Pipeline debugging

---
 .github/workflows/build.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f379d08..eaf4a21 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -74,6 +74,7 @@ jobs:
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
+        pip install dist/*.whl
         PYTHONPATH=${GITHUB_WORKSPACE} pytest --cov=mrmat_python_api_flask
 
     - name: Upload test results

From 4200bc6eb2fe2be61b748894f018eb5183719772 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 18:14:57 +0100
Subject: [PATCH 38/39] Must affix itsdangerous to 2.0.1

They dropped the JWS support
---
 .github/workflows/build.yml | 2 +-
 requirements.txt            | 1 +
 setup.cfg                   | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index eaf4a21..2684fd8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -74,7 +74,7 @@ jobs:
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
-        pip install dist/*.whl
+        pip install --user dist/*.whl
         PYTHONPATH=${GITHUB_WORKSPACE} pytest --cov=mrmat_python_api_flask
 
     - name: Upload test results
diff --git a/requirements.txt b/requirements.txt
index bbeed83..d37b27b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,3 +25,4 @@ marshmallow-sqlalchemy~=0.27.0  # MIT
 psycopg2-binary~=2.9.3          # LGPL with exceptions
 Flask-OIDC~=1.4.0               # MIT
 requests_oauthlib~=1.3.1        # ISC
+itsdangerous<=2.0.1             # BSD 3-Clause      Must affix so JSONWebSignatureSerializer is known
diff --git a/setup.cfg b/setup.cfg
index 1323b31..7185e4a 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -26,6 +26,7 @@ install_requires =
     psycopg2-binary~=2.9.3
     Flask-OIDC~=1.4.0
     requests_oauthlib~=1.3.1
+    itsdangerous<=2.0.1
 
 [options.entry_points]
 console_scripts =

From 3e1274888ad9035ac7cacf37286745b72badf2e6 Mon Sep 17 00:00:00 2001
From: Mathieu Imfeld <imfeldma@gmail.com>
Date: Mon, 21 Feb 2022 18:16:49 +0100
Subject: [PATCH 39/39] Resanitized the pipeline

---
 .github/workflows/build.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2684fd8..070bcec 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -73,9 +73,8 @@ jobs:
         pip install --user wheel
         pip install --user -r requirements.txt
         ${PYTHONUSERBASE}/bin/pylint ${GITHUB_WORKSPACE}/mrmat_python_api_flask
+        PYTHONPATH=${GITHUB_WORKSPACE} python -m pytest --cov=mrmat_python_api_flask
         PYTHONPATH=${GITHUB_WORKSPACE} python -m build --wheel -n
-        pip install --user dist/*.whl
-        PYTHONPATH=${GITHUB_WORKSPACE} pytest --cov=mrmat_python_api_flask
 
     - name: Upload test results
       uses: actions/upload-artifact@v2