Updates from review comments:

Update api_key relationship.
Check that id in dict exists before deleting it

app/dao/api_key_dao.py

@@ -7,7 +7,8 @@ from app.models import ApiKey
 
 def save_model_api_key(api_key, update_dict={}):
     if update_dict:
-        del update_dict['id']
+        if update_dict['id']:
+            del update_dict['id']
         db.session.query(ApiKey).filter_by(id=api_key.id).update(update_dict)
     else:
         api_key.secret = _generate_secret()

app/models.py

@@ -92,7 +92,7 @@ class ApiKey(db.Model):
     name = db.Column(db.String(255), nullable=False)
     secret = db.Column(db.String(255), unique=True, nullable=False)
     service_id = db.Column(db.Integer, db.ForeignKey('services.id'), index=True, nullable=False)
-    service = db.relationship('Service', backref=db.backref('api_key', lazy='dynamic'))
+    service = db.relationship('Service', backref=db.backref('api_keys', lazy='dynamic'))
     expiry_date = db.Column(db.DateTime)
 
 

app/schemas.py

@@ -18,7 +18,7 @@ class UserSchema(ma.ModelSchema):
 class ServiceSchema(ma.ModelSchema):
     class Meta:
         model = models.Service
-        exclude = ("updated_at", "created_at", "api_key", "templates", "jobs")
+        exclude = ("updated_at", "created_at", "api_keys", "templates", "jobs")
 
 
 class TemplateSchema(ma.ModelSchema):
@@ -30,7 +30,7 @@ class TemplateSchema(ma.ModelSchema):
 class ApiKeySchema(ma.ModelSchema):
     class Meta:
         model = models.ApiKey
-        exclude = ["service"]
+        exclude = ("service", "secret", "expiry_date")
 
 
 class JobSchema(ma.ModelSchema):

app/service/rest.py

@@ -78,7 +78,7 @@ def get_service(service_id=None):
 @service.route('/<int:service_id>/api-key/renew', methods=['POST'])
 def renew_api_key(service_id=None):
     try:
-        get_model_services(service_id=service_id)
+        service = get_model_services(service_id=service_id)
     except DataError:
         return jsonify(result="error", message="Invalid service id"), 400
     except NoResultFound:
@@ -92,7 +92,7 @@ def renew_api_key(service_id=None):
         # create a new one
         # TODO: what validation should be done here?
         secret_name = request.get_json()['name']
-        save_model_api_key(ApiKey(service_id=service_id, name=secret_name))
+        save_model_api_key(ApiKey(service=service, name=secret_name))
     except DAOException as e:
         return jsonify(result='error', message=str(e)), 400
     unsigned_api_key = get_unsigned_secret(service_id)

tests/app/conftest.py

@@ -105,7 +105,7 @@ def sample_job(notify_db,
 def sample_admin_service_id(notify_db, notify_db_session):
     admin_user = sample_user(notify_db, notify_db_session, email="notify_admin@digital.cabinet-office.gov.uk")
     admin_service = sample_service(notify_db, notify_db_session, service_name="Sample Admin Service", user=admin_user)
-    data = {'service_id': admin_service.id, 'name': 'sample admin key'}
+    data = {'service': admin_service, 'name': 'sample admin key'}
     api_key = ApiKey(**data)
     save_model_api_key(api_key)
     return admin_service.id