Add audit log write

https://blog.sandipb.net/2018/05/03/using-zap-creating-custom-loggers/

go.mod

@@ -244,6 +244,7 @@ require (
 	gopkg.in/DataDog/dd-trace-go.v1 v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	gorm.io/driver/mysql v1.1.2 // indirect

go.sum

@@ -2981,6 +2981,7 @@ gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mail.v2 v2.0.0-20180731213649-a0242b2233b4/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
 gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.1.9/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=

main.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/RafayLabs/rcloud-base/internal/fixtures"
 	providers "github.com/RafayLabs/rcloud-base/internal/provider/kratos"
+	"github.com/RafayLabs/rcloud-base/pkg/audit"
 	authv3 "github.com/RafayLabs/rcloud-base/pkg/auth/v3"
 	"github.com/RafayLabs/rcloud-base/pkg/common"
 	"github.com/RafayLabs/rcloud-base/pkg/enforcer"
@@ -70,6 +71,7 @@ const (
 	relayImageEnv             = "RELAY_IMAGE"
 
 	// audit
+	auditFileEnv               = "AUDIT_LOG_FILE"
 	esEndPointEnv              = "ES_END_POINT"
 	esIndexPrefixEnv           = "ES_INDEX_PREFIX"
 	relayAuditESIndexPrefixEnv = "RELAY_AUDITS_ES_INDEX_PREFIX"
@@ -110,6 +112,7 @@ var (
 	relayImage             string
 
 	// audit
+	auditFile                  string
 	elasticSearchUrl           string
 	esIndexPrefix              string
 	relayAuditsESIndexPrefix   string
@@ -186,6 +189,7 @@ func setup() {
 	viper.SetDefault(esIndexPrefixEnv, "events-core")
 	viper.SetDefault(relayAuditESIndexPrefixEnv, "relay-audits")
 	viper.SetDefault(relayCommandESIndexPrefix, "relay-commands")
+	viper.SetDefault(auditFileEnv, "audit.log")
 
 	// cd relay
 	viper.SetDefault(coreCDRelayUserHostEnv, "*.user.cdrelay.rafay.local:10012")
@@ -217,6 +221,7 @@ func setup() {
 	viper.BindEnv(relayImageEnv)
 	viper.BindEnv(schedulerNamespaceEnv)
 
+	viper.BindEnv(auditFileEnv)
 	viper.BindEnv(esEndPointEnv)
 	viper.BindEnv(esIndexPrefixEnv)
 	viper.BindEnv(relayAuditESIndexPrefixEnv)
@@ -244,6 +249,7 @@ func setup() {
 	relayImage = viper.GetString(relayImageEnv)
 	schedulerNamespace = viper.GetString(schedulerNamespaceEnv)
 
+	auditFile = viper.GetString(auditFileEnv)
 	elasticSearchUrl = viper.GetString(esEndPointEnv)
 	esIndexPrefix = viper.GetString(esIndexPrefixEnv)
 	relayAuditsESIndexPrefix = viper.GetString(relayAuditESIndexPrefixEnv)
@@ -274,6 +280,14 @@ func setup() {
 
 	_log.Infow("printing db", "db", db)
 
+	ao := audit.AuditOptions{
+		LogPath:    auditFile,
+		MaxSizeMB:  1,
+		MaxBackups: 10, // Should we let sidecar do rotation?
+		MaxAgeDays: 10, // Make these configurable via env
+	}
+	auditLogger := audit.GetAuditLogger(&ao)
+
 	// authz services
 	gormDb, err := gorm.Open(postgres.New(postgres.Config{
 		Conn: sqldb,
@@ -289,9 +303,9 @@ func setup() {
 
 	schedulerPool = schedulerrpc.NewSchedulerPool(schedulerAddr, 5*goruntime.NumCPU())
 
-	ps = service.NewPartnerService(db)
-	os = service.NewOrganizationService(db)
-	pps = service.NewProjectService(db, as)
+	ps = service.NewPartnerService(db, auditLogger)
+	os = service.NewOrganizationService(db, auditLogger)
+	pps = service.NewProjectService(db, as, auditLogger)
 
 	// users and role management services
 	cc := common.CliConfigDownloadData{
@@ -303,13 +317,13 @@ func setup() {
 	} else {
 		cc.Profile = "production"
 	}
-	ks = service.NewApiKeyService(db)
-	us = service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, ks, cc)
-	gs = service.NewGroupService(db, as)
-	rs = service.NewRoleService(db, as)
+	ks = service.NewApiKeyService(db, auditLogger)
+	us = service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, ks, cc, auditLogger)
+	gs = service.NewGroupService(db, as, auditLogger)
+	rs = service.NewRoleService(db, as, auditLogger)
 	rrs = service.NewRolepermissionService(db)
-	is = service.NewIdpService(db, apiAddr)
-	oidcs = service.NewOIDCProviderService(db, kratosAddr)
+	is = service.NewIdpService(db, apiAddr, auditLogger)
+	oidcs = service.NewOIDCProviderService(db, kratosAddr, auditLogger)
 
 	//sentry related services
 	bs = service.NewBootstrapService(db)
@@ -355,7 +369,7 @@ func setup() {
 		RelayAgentImage: relayImage,
 	}
 
-	cs = service.NewClusterService(db, downloadData, bs)
+	cs = service.NewClusterService(db, downloadData, bs, auditLogger)
 	ms = service.NewMetroService(db)
 
 	notify.Init(cs)

pkg/audit/events.go

@@ -10,6 +10,7 @@ import (
 
 	logv2 "github.com/RafayLabs/rcloud-base/pkg/log"
 	commonv3 "github.com/RafayLabs/rcloud-base/proto/types/commonpb/v3"
+	"go.uber.org/zap"
 	"google.golang.org/grpc/metadata"
 )
 
@@ -328,7 +329,7 @@ func GetEvent(r *http.Request, sd *commonv3.SessionData, detail *EventDetail, ev
 	return event
 }
 
-func CreateV1Event(sd *commonv3.SessionData, detail *EventDetail, eventType string, projectID string) error {
+func CreateV1Event(al *zap.Logger, sd *commonv3.SessionData, detail *EventDetail, eventType string, projectID string) error {
 	actor := GetActorFromSessionData(sd)
 	client := GetClientFromSessionData(sd)
 
@@ -358,11 +359,17 @@ func CreateV1Event(sd *commonv3.SessionData, detail *EventDetail, eventType stri
 		t.Hour(), t.Minute(), t.Second(), t.Nanosecond(), dateArray[2])
 	event.Timestamp = timestamp
 
-	payload, err := json.Marshal(event)
-	if err != nil {
-		_log.Infow("unable to marshal audit event", "error", err)
-		return err
-	}
-	fmt.Println("event:", string(payload)) // TODO: Switch to writing to audit file
+	al.Info(
+		"audit",
+		zap.String("version", string(event.Version)),
+		zap.String("category", string(event.Category)),
+		zap.String("origin", string(event.Origin)),
+		zap.Reflect("actor", event.Actor),
+		zap.Reflect("client", event.Client),
+		zap.Reflect("detail", event.Detail),
+		zap.String("type", event.Type),
+		zap.String("portal", event.Portal),
+		zap.String("project_id", event.ProjectID),
+	)
 	return nil
 }

pkg/audit/logger.go

@@ -0,0 +1,31 @@
+package audit
+
+import (
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+	"gopkg.in/natefinch/lumberjack.v2"
+)
+
+// options holds audit options
+type AuditOptions struct {
+	LogPath    string
+	MaxSizeMB  int
+	MaxBackups int
+	MaxAgeDays int
+}
+
+func GetAuditLogger(opts *AuditOptions) *zap.Logger {
+	encoder := zapcore.EncoderConfig{} // such empty
+	logger := zap.New(zapcore.NewCore(
+		zapcore.NewJSONEncoder(encoder),
+		zapcore.AddSync(&lumberjack.Logger{
+			Filename:   opts.LogPath,
+			MaxSize:    opts.MaxSizeMB, // megabytes
+			MaxBackups: opts.MaxBackups,
+			MaxAge:     opts.MaxAgeDays, // days
+		}),
+		zap.InfoLevel,
+	))
+
+	return logger
+}

pkg/auth/v3/auth.go

@@ -10,6 +10,7 @@ import (
 	"github.com/RafayLabs/rcloud-base/pkg/service"
 	kclient "github.com/ory/kratos-client-go"
 	"github.com/uptrace/bun"
+	"go.uber.org/zap"
 
 	"github.com/uptrace/bun/dialect/pgdialect"
 	"github.com/uptrace/bun/driver/pgdriver"
@@ -40,7 +41,7 @@ type authContext struct {
 // SetupAuthContext sets up new authContext along with its
 // dependencies. If the caller already has instances of authContext
 // fields created then use NewAuthContext instead.
-func SetupAuthContext() authContext {
+func SetupAuthContext(auditLogger *zap.Logger) authContext {
 	var (
 		kc           *kclient.APIClient
 		kratosScheme string
@@ -85,7 +86,7 @@ func SetupAuthContext() authContext {
 	}
 	as := service.NewAuthzService(db, enforcer)
 
-	return authContext{kc: kc, as: as, ks: service.NewApiKeyService(db)}
+	return authContext{kc: kc, as: as, ks: service.NewApiKeyService(db, auditLogger)}
 }
 
 func getEnvWithDefault(env, def string) string {

pkg/auth/v3/middleware.go

@@ -12,6 +12,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/uptrace/bun"
 	"github.com/urfave/negroni"
+	"go.uber.org/zap"
 )
 
 type authMiddleware struct {
@@ -20,9 +21,9 @@ type authMiddleware struct {
 	opt Option
 }
 
-func NewAuthMiddleware(opt Option) negroni.Handler {
+func NewAuthMiddleware(al *zap.Logger, opt Option) negroni.Handler {
 	return &authMiddleware{
-		ac:  SetupAuthContext(),
+		ac:  SetupAuthContext(al),
 		opt: opt,
 	}
 }

pkg/auth/v3/service.go

@@ -16,7 +16,7 @@ var (
 	// ErrInvalidAPIKey is returned when api key is invalid
 	ErrInvalidAPIKey = errors.New("invalid api key")
 	// ErrInvalidSignature is returns when signature is invalid
-	ErrInvalidSignature = errors.New("invaid signature")
+	ErrInvalidSignature = errors.New("invalid signature")
 )
 
 func (ac *authContext) IsRequestAllowed(ctx context.Context, httpreq *http.Request, req *commonv3.IsRequestAllowedRequest) (*commonv3.IsRequestAllowedResponse, error) {

pkg/service/apikey.go

@@ -11,6 +11,7 @@ import (
 	rpcv3 "github.com/RafayLabs/rcloud-base/proto/rpc/user"
 	"github.com/google/uuid"
 	"github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -31,11 +32,12 @@ type ApiKeyService interface {
 // apiKeyService implements ApiKeyService
 type apiKeyService struct {
 	db *bun.DB
+	al *zap.Logger
 }
 
 // NewApiKeyService return new api key service
-func NewApiKeyService(db *bun.DB) ApiKeyService {
-	return &apiKeyService{db}
+func NewApiKeyService(db *bun.DB, al *zap.Logger) ApiKeyService {
+	return &apiKeyService{db, al}
 }
 
 func (s *apiKeyService) Create(ctx context.Context, req *rpcv3.ApiKeyRequest) (*models.ApiKey, error) {
@@ -55,7 +57,7 @@ func (s *apiKeyService) Create(ctx context.Context, req *rpcv3.ApiKeyRequest) (*
 	}
 
 	if ak, ok := entity.(*models.Group); ok {
-		CreateApiKeyAuditEvent(ctx, AuditActionCreate, ak.ID.String())
+		CreateApiKeyAuditEvent(ctx, s.al, AuditActionCreate, ak.ID.String())
 	}
 	return apikey, nil
 }
@@ -69,7 +71,7 @@ func (s *apiKeyService) Delete(ctx context.Context, req *rpcv3.ApiKeyRequest) (*
 		return &rpcv3.DeleteUserResponse{}, err
 	}
 
-	CreateApiKeyAuditEvent(ctx, AuditActionDelete, req.Id)
+	CreateApiKeyAuditEvent(ctx, s.al, AuditActionDelete, req.Id)
 	return nil, err
 }
 

pkg/service/audit_utils.go

@@ -11,6 +11,7 @@ import (
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
 	"github.com/google/uuid"
 	"github.com/uptrace/bun"
+	"go.uber.org/zap"
 )
 
 const (
@@ -19,7 +20,7 @@ const (
 	AuditActionUpdate = "update"
 )
 
-func CreateUserAuditEvent(ctx context.Context, db bun.IDB, action string, name string, id uuid.UUID, rolesBefore, rolesAfter, groupsBefore, groupsAfter []uuid.UUID) {
+func CreateUserAuditEvent(ctx context.Context, al *zap.Logger, db bun.IDB, action string, name string, id uuid.UUID, rolesBefore, rolesAfter, groupsBefore, groupsAfter []uuid.UUID) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -33,7 +34,7 @@ func CreateUserAuditEvent(ctx context.Context, db bun.IDB, action string, name s
 			"username":   name,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("user.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("user.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 
@@ -55,7 +56,7 @@ func CreateUserAuditEvent(ctx context.Context, db bun.IDB, action string, name s
 			},
 		}
 		// user.role.created is user.project.created in rcloud
-		if err := audit.CreateV1Event(sd, detail, "user.role.created", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "user.role.created", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -68,7 +69,7 @@ func CreateUserAuditEvent(ctx context.Context, db bun.IDB, action string, name s
 				"role_name": r,
 			},
 		}
-		if err := audit.CreateV1Event(sd, detail, "user.role.deleted", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "user.role.deleted", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -91,7 +92,7 @@ func CreateUserAuditEvent(ctx context.Context, db bun.IDB, action string, name s
 			},
 		}
 		// user.role.created is user.project.created in rcloud
-		if err := audit.CreateV1Event(sd, detail, "user.group.created", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "user.group.created", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -104,13 +105,13 @@ func CreateUserAuditEvent(ctx context.Context, db bun.IDB, action string, name s
 				"group_name": g,
 			},
 		}
-		if err := audit.CreateV1Event(sd, detail, "user.group.deleted", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "user.group.deleted", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
 }
 
-func CreateGroupAuditEvent(ctx context.Context, db bun.IDB, action string, name string, id uuid.UUID, usersBefore, usersAfter, rolesBefore, rolesAfter []uuid.UUID) {
+func CreateGroupAuditEvent(ctx context.Context, al *zap.Logger, db bun.IDB, action string, name string, id uuid.UUID, usersBefore, usersAfter, rolesBefore, rolesAfter []uuid.UUID) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -124,7 +125,7 @@ func CreateGroupAuditEvent(ctx context.Context, db bun.IDB, action string, name
 			"group_name": name,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("group.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("group.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 
@@ -148,7 +149,7 @@ func CreateGroupAuditEvent(ctx context.Context, db bun.IDB, action string, name
 				"username":   u,
 			},
 		}
-		if err := audit.CreateV1Event(sd, detail, "group.user.created", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "group.user.created", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -162,7 +163,7 @@ func CreateGroupAuditEvent(ctx context.Context, db bun.IDB, action string, name
 				"username":   u,
 			},
 		}
-		if err := audit.CreateV1Event(sd, detail, "group.user.deleted", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "group.user.deleted", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -186,7 +187,7 @@ func CreateGroupAuditEvent(ctx context.Context, db bun.IDB, action string, name
 			},
 		}
 		// group.role.created is group.project.created in rcloud
-		if err := audit.CreateV1Event(sd, detail, "group.role.created", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "group.role.created", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -200,14 +201,14 @@ func CreateGroupAuditEvent(ctx context.Context, db bun.IDB, action string, name
 				"role_name":  r,
 			},
 		}
-		if err := audit.CreateV1Event(sd, detail, "group.role.deleted", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "group.role.deleted", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
 
 }
 
-func CreateRoleAuditEvent(ctx context.Context, action string, name string, id uuid.UUID, permissions []string) {
+func CreateRoleAuditEvent(ctx context.Context, al *zap.Logger, action string, name string, id uuid.UUID, permissions []string) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -222,12 +223,12 @@ func CreateRoleAuditEvent(ctx context.Context, action string, name string, id uu
 			"permissions": strings.Join(permissions, ","), // TODO: Should we split it into individual ones?
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("role.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("role.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 }
 
-func CreateProjectAuditEvent(ctx context.Context, action string, name string, id uuid.UUID) {
+func CreateProjectAuditEvent(ctx context.Context, al *zap.Logger, action string, name string, id uuid.UUID) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -241,12 +242,12 @@ func CreateProjectAuditEvent(ctx context.Context, action string, name string, id
 			"project_name": name,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("project.%s.success", action), id.String()); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("project.%s.success", action), id.String()); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 }
 
-func CreateOrganizationAuditEvent(ctx context.Context, action string, name string, id uuid.UUID, settingsBefore, settingsAfter *systemv3.OrganizationSettings) {
+func CreateOrganizationAuditEvent(ctx context.Context, al *zap.Logger, action string, name string, id uuid.UUID, settingsBefore, settingsAfter *systemv3.OrganizationSettings) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -260,7 +261,7 @@ func CreateOrganizationAuditEvent(ctx context.Context, action string, name strin
 			"organization_name": name,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("organization.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("organization.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 
@@ -286,7 +287,7 @@ func CreateOrganizationAuditEvent(ctx context.Context, action string, name strin
 			}
 		}
 
-		if err := audit.CreateV1Event(sd, detail, "organization.idle.timeout.settings.updated", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "organization.idle.timeout.settings.updated", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
@@ -320,13 +321,13 @@ func CreateOrganizationAuditEvent(ctx context.Context, action string, name strin
 			}
 		}
 
-		if err := audit.CreateV1Event(sd, detail, "organization.lockout.settings.updated", ""); err != nil {
+		if err := audit.CreateV1Event(al, sd, detail, "organization.lockout.settings.updated", ""); err != nil {
 			_log.Warn("unable to create audit event", err)
 		}
 	}
 }
 
-func CreateIdpAuditEvent(ctx context.Context, action string, name string, id uuid.UUID) {
+func CreateIdpAuditEvent(ctx context.Context, al *zap.Logger, action string, name string, id uuid.UUID) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -341,12 +342,12 @@ func CreateIdpAuditEvent(ctx context.Context, action string, name string, id uui
 		},
 	}
 	// TODO: it is idp.config.created in rcloud
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("idp.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("idp.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 }
 
-func CreateApiKeyAuditEvent(ctx context.Context, action string, id string) {
+func CreateApiKeyAuditEvent(ctx context.Context, al *zap.Logger, action string, id string) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -359,12 +360,12 @@ func CreateApiKeyAuditEvent(ctx context.Context, action string, id string) {
 			"apikey": id,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("apikey.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("apikey.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 }
 
-func CreateClusterAuditEvent(ctx context.Context, action string, name string, id uuid.UUID) {
+func CreateClusterAuditEvent(ctx context.Context, al *zap.Logger, action string, name string, id uuid.UUID) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -378,13 +379,13 @@ func CreateClusterAuditEvent(ctx context.Context, action string, name string, id
 			"cluster_name": name,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("cluster.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("cluster.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 }
 
 // TODO: figure out how this is to be added
-func CreateLocationAuditEvent(ctx context.Context, action string, name string, id uuid.UUID) {
+func CreateLocationAuditEvent(ctx context.Context, al *zap.Logger, action string, name string, id uuid.UUID) {
 	sd, ok := GetSessionDataFromContext(ctx)
 	if !ok {
 		_log.Warn("unable to create audit event: could not fetch info from context")
@@ -398,7 +399,7 @@ func CreateLocationAuditEvent(ctx context.Context, action string, name string, i
 			"location_name": name,
 		},
 	}
-	if err := audit.CreateV1Event(sd, detail, fmt.Sprintf("location.%s.success", action), ""); err != nil {
+	if err := audit.CreateV1Event(al, sd, detail, fmt.Sprintf("location.%s.success", action), ""); err != nil {
 		_log.Warn("unable to create audit event", err)
 	}
 }

pkg/service/cluster.go

@@ -33,6 +33,7 @@ import (
 	"github.com/spf13/viper"
 	bun "github.com/uptrace/bun"
 	"github.com/uptrace/bun/driver/pgdriver"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -93,14 +94,15 @@ type clusterService struct {
 	downloadData    common.DownloadData
 	clusterHandlers []event.Handler
 	bs              BootstrapService
+	al              *zap.Logger
 }
 
 // NewClusterService return new cluster service
-func NewClusterService(db *bun.DB, data *common.DownloadData, bs BootstrapService) ClusterService {
-	return &clusterService{db: db, downloadData: *data, bs: bs}
+func NewClusterService(db *bun.DB, data *common.DownloadData, bs BootstrapService, al *zap.Logger) ClusterService {
+	return &clusterService{db: db, downloadData: *data, bs: bs, al: al}
 }
 
-func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster) (*infrav3.Cluster, error) {
+func (s *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster) (*infrav3.Cluster, error) {
 	var errormsg string
 	if cluster.Metadata.Project == "" {
 		cluster.Status = &commonv3.Status{
@@ -112,7 +114,7 @@ func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster)
 	}
 
 	var proj models.Project
-	_, err := dao.GetByName(ctx, es.db, cluster.Metadata.Project, &proj)
+	_, err := dao.GetByName(ctx, s.db, cluster.Metadata.Project, &proj)
 	if err != nil {
 		return &infrav3.Cluster{}, err
 	}
@@ -155,7 +157,7 @@ func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster)
 		return cluster, fmt.Errorf(errormsg)
 	}
 
-	clusterPresent, err := dao.GetByNamePartnerOrg(ctx, es.db, cluster.Metadata.Name, uuid.NullUUID{UUID: proj.PartnerId, Valid: true},
+	clusterPresent, err := dao.GetByNamePartnerOrg(ctx, s.db, cluster.Metadata.Name, uuid.NullUUID{UUID: proj.PartnerId, Valid: true},
 		uuid.NullUUID{UUID: proj.OrganizationId, Valid: true}, &models.Cluster{})
 	if err != nil && err.Error() == "sql: no rows in result set" {
 		_log.Infof("Skipping as first time cluster create ")
@@ -166,7 +168,7 @@ func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster)
 
 	metro := &models.Metro{}
 	if cluster.Spec.Metro != nil && cluster.Spec.Metro.Name != "" {
-		if mdb, err := dao.GetByNamePartnerOrg(ctx, es.db, cluster.Spec.Metro.Name, uuid.NullUUID{UUID: proj.PartnerId, Valid: true}, uuid.NullUUID{UUID: uuid.Nil, Valid: false}, metro); err != nil {
+		if mdb, err := dao.GetByNamePartnerOrg(ctx, s.db, cluster.Spec.Metro.Name, uuid.NullUUID{UUID: proj.PartnerId, Valid: true}, uuid.NullUUID{UUID: uuid.Nil, Valid: false}, metro); err != nil {
 			errormsg = "Invalid cluster location, provide a valid metro name"
 			cluster.Status = &commonv3.Status{
 				ConditionType:   "Create",
@@ -235,7 +237,7 @@ func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster)
 
 	cluster.Spec.ClusterData.Health = infrav3.Health_EDGE_IGNORE
 
-	tx, err := es.db.BeginTx(ctx, &sql.TxOptions{})
+	tx, err := s.db.BeginTx(ctx, &sql.TxOptions{})
 	if err != nil {
 		return &infrav3.Cluster{}, err
 	}
@@ -263,10 +265,10 @@ func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster)
 	}
 	_log.Infow("Created the cluster: ", "Cluster", edb)
 
-	clusterResp := es.prepareClusterResponse(ctx, cluster, edb, metro, pcList, true)
+	clusterResp := s.prepareClusterResponse(ctx, cluster, edb, metro, pcList, true)
 
 	if clusterGeneration == constants.Cluster_V2 && edb.PartnerId != uuid.Nil && edb.OrganizationId != uuid.Nil {
-		operatorSpecStr, err := clstrutil.GetClusterOperatorYaml(ctx, &es.downloadData, clusterResp)
+		operatorSpecStr, err := clstrutil.GetClusterOperatorYaml(ctx, &s.downloadData, clusterResp)
 		if err != nil {
 			_log.Errorw("Error downloading v2 cluster operator yaml", "Error", err)
 			return &infrav3.Cluster{}, err
@@ -305,11 +307,11 @@ func (es *clusterService) Create(ctx context.Context, cluster *infrav3.Cluster)
 		ID:             edb.ID.String(),
 	}
 
-	for _, h := range es.clusterHandlers {
+	for _, h := range s.clusterHandlers {
 		h.OnChange(ev)
 	}
 
-	CreateClusterAuditEvent(ctx, AuditActionCreate, clusterResp.GetMetadata().GetName(), edb.ID)
+	CreateClusterAuditEvent(ctx, s.al, AuditActionCreate, clusterResp.GetMetadata().GetName(), edb.ID)
 	return clusterResp, nil
 }
 
@@ -473,7 +475,7 @@ func (s *clusterService) prepareClusterResponse(ctx context.Context, clstr *infr
 	return clstr
 }
 
-func (cs *clusterService) Update(ctx context.Context, cluster *infrav3.Cluster) (*infrav3.Cluster, error) {
+func (s *clusterService) Update(ctx context.Context, cluster *infrav3.Cluster) (*infrav3.Cluster, error) {
 
 	var errormsg string
 
@@ -486,7 +488,7 @@ func (cs *clusterService) Update(ctx context.Context, cluster *infrav3.Cluster)
 		return cluster, fmt.Errorf("invalid cluster data, name is missing")
 	}
 
-	edb, err := dao.GetByName(ctx, cs.db, cluster.Metadata.Name, &models.Cluster{})
+	edb, err := dao.GetByName(ctx, s.db, cluster.Metadata.Name, &models.Cluster{})
 	if err != nil {
 		return &infrav3.Cluster{}, fmt.Errorf(errormsg)
 	}
@@ -533,7 +535,7 @@ func (cs *clusterService) Update(ctx context.Context, cluster *infrav3.Cluster)
 	if cluster.Spec.Metro != nil && cdb.MetroId.String() != cluster.Spec.Metro.Id {
 		metro := &models.Metro{}
 		if cluster.Spec.Metro.Name != "" {
-			if mdb, err := dao.GetByNamePartnerOrg(ctx, cs.db, cluster.Spec.Metro.Name, uuid.NullUUID{UUID: pid, Valid: true}, uuid.NullUUID{UUID: uuid.Nil, Valid: false}, metro); err != nil {
+			if mdb, err := dao.GetByNamePartnerOrg(ctx, s.db, cluster.Spec.Metro.Name, uuid.NullUUID{UUID: pid, Valid: true}, uuid.NullUUID{UUID: uuid.Nil, Valid: false}, metro); err != nil {
 				errormsg = "Invalid cluster location, provide a valid metro name"
 				cluster.Status = &commonv3.Status{
 					ConditionType:   "Update",
@@ -568,12 +570,12 @@ func (cs *clusterService) Update(ctx context.Context, cluster *infrav3.Cluster)
 		}
 
 	}
-	err = cdao.UpdateCluster(ctx, cs.db, cdb)
+	err = cdao.UpdateCluster(ctx, s.db, cdb)
 	if err != nil {
 		return &infrav3.Cluster{}, err
 	}
 
-	cs.notifyCluster(ctx, cluster)
+	s.notifyCluster(ctx, cluster)
 
 	ev := event.Resource{
 		PartnerID:      cluster.Metadata.Partner,
@@ -584,21 +586,21 @@ func (cs *clusterService) Update(ctx context.Context, cluster *infrav3.Cluster)
 		ID:             cluster.Metadata.Id,
 	}
 
-	for _, h := range cs.clusterHandlers {
+	for _, h := range s.clusterHandlers {
 		h.OnChange(ev)
 	}
 	/*for _, h := range s.placementHandlers {
 		h.OnChange(ev)
 	}*/
 
-	CreateClusterAuditEvent(ctx, AuditActionUpdate, cluster.GetMetadata().GetName(), cdb.ID)
+	CreateClusterAuditEvent(ctx, s.al, AuditActionUpdate, cluster.GetMetadata().GetName(), cdb.ID)
 
 	return cluster, nil
 }
 
-func (cs *clusterService) Delete(ctx context.Context, cluster *infrav3.Cluster) error {
+func (s *clusterService) Delete(ctx context.Context, cluster *infrav3.Cluster) error {
 
-	cluster, err := cs.Get(ctx, func(qo *commonv3.QueryOptions) {
+	cluster, err := s.Get(ctx, func(qo *commonv3.QueryOptions) {
 		qo.Name = cluster.Metadata.Name
 		qo.Project = cluster.Metadata.Project
 		qo.Extended = true
@@ -609,7 +611,7 @@ func (cs *clusterService) Delete(ctx context.Context, cluster *infrav3.Cluster)
 	clusterId := cluster.Metadata.Id
 	projectId := cluster.Metadata.Project
 
-	err = cs.deleteBootstrapAgentForCluster(ctx, cluster)
+	err = s.deleteBootstrapAgentForCluster(ctx, cluster)
 	if err != nil {
 		return err
 	}
@@ -619,7 +621,7 @@ func (cs *clusterService) Delete(ctx context.Context, cluster *infrav3.Cluster)
 	_log.Debugw("setting cluster condition to pending delete", "name", cluster.Metadata.Name, "conditions", cluster.Spec.ClusterData.ClusterStatus.Conditions)
 	clstrutil.SetClusterCondition(cluster, clstrutil.NewClusterDelete(constants.Pending, "deleted"))
 
-	err = cs.UpdateClusterConditionStatus(ctx, cluster)
+	err = s.UpdateClusterConditionStatus(ctx, cluster)
 	if err != nil {
 		return errors.Wrapf(err, "could not update cluster %s status to pending delete", cluster.Metadata.Name)
 	}
@@ -633,13 +635,13 @@ func (cs *clusterService) Delete(ctx context.Context, cluster *infrav3.Cluster)
 		ID:             clusterId,
 	}
 
-	for _, h := range cs.clusterHandlers {
+	for _, h := range s.clusterHandlers {
 		h.OnChange(ev)
 	}
 
 	id, err := uuid.Parse(clusterId)
 	if err == nil {
-		CreateClusterAuditEvent(ctx, AuditActionDelete, cluster.GetMetadata().GetName(), id)
+		CreateClusterAuditEvent(ctx, s.al, AuditActionDelete, cluster.GetMetadata().GetName(), id)
 	}
 	return nil
 

pkg/service/group.go

@@ -16,6 +16,7 @@ import (
 	userv3 "github.com/RafayLabs/rcloud-base/proto/types/userpb/v3"
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -44,11 +45,12 @@ type GroupService interface {
 type groupService struct {
 	db  *bun.DB
 	azc AuthzService
+	al  *zap.Logger
 }
 
 // NewGroupService return new group service
-func NewGroupService(db *bun.DB, azc AuthzService) GroupService {
-	return &groupService{db: db, azc: azc}
+func NewGroupService(db *bun.DB, azc AuthzService, al *zap.Logger) GroupService {
+	return &groupService{db: db, azc: azc, al: al}
 }
 
 // deleteGroupRoleRelaitons deletes existing group-role relations
@@ -343,7 +345,7 @@ func (s *groupService) Create(ctx context.Context, group *userv3.Group) (*userv3
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateGroupAuditEvent(ctx, s.db, AuditActionCreate, group.GetMetadata().GetName(), grp.ID, []uuid.UUID{}, usersAfter, []uuid.UUID{}, rolesAfter)
+		CreateGroupAuditEvent(ctx, s.al, s.db, AuditActionCreate, group.GetMetadata().GetName(), grp.ID, []uuid.UUID{}, usersAfter, []uuid.UUID{}, rolesAfter)
 		return group, nil
 	}
 	return &userv3.Group{}, fmt.Errorf("unable to create group")
@@ -486,7 +488,7 @@ func (s *groupService) Update(ctx context.Context, group *userv3.Group) (*userv3
 			ProjectNamespaceRoles: group.Spec.ProjectNamespaceRoles,
 		}
 
-		CreateGroupAuditEvent(ctx, s.db, AuditActionUpdate, group.GetMetadata().GetName(), grp.ID, usersBefore, usersAfter, rolesBefore, rolesAfter)
+		CreateGroupAuditEvent(ctx, s.al, s.db, AuditActionUpdate, group.GetMetadata().GetName(), grp.ID, usersBefore, usersAfter, rolesBefore, rolesAfter)
 	}
 
 	return group, nil
@@ -531,7 +533,7 @@ func (s *groupService) Delete(ctx context.Context, group *userv3.Group) (*userv3
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateGroupAuditEvent(ctx, s.db, AuditActionDelete, group.GetMetadata().GetName(), grp.ID, usersBefore, []uuid.UUID{}, rolesBefore, []uuid.UUID{})
+		CreateGroupAuditEvent(ctx, s.al, s.db, AuditActionDelete, group.GetMetadata().GetName(), grp.ID, usersBefore, []uuid.UUID{}, rolesBefore, []uuid.UUID{})
 		return group, nil
 	}
 

pkg/service/idp.go

@@ -20,6 +20,7 @@ import (
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
 	"github.com/google/uuid"
 	"github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -36,10 +37,11 @@ type IdpService interface {
 type idpService struct {
 	db      *bun.DB
 	appHost string
+	al      *zap.Logger
 }
 
-func NewIdpService(db *bun.DB, hostUrl string) IdpService {
-	return &idpService{db: db, appHost: hostUrl}
+func NewIdpService(db *bun.DB, hostUrl string, al *zap.Logger) IdpService {
+	return &idpService{db: db, appHost: hostUrl, al: al}
 }
 
 func generateAcsURL(id string, hostUrl string) string {
@@ -206,7 +208,7 @@ func (s *idpService) Create(ctx context.Context, idp *systemv3.Idp) (*systemv3.I
 		},
 	}
 
-	CreateIdpAuditEvent(ctx, AuditActionCreate, rv.GetMetadata().GetName(), entity.Id)
+	CreateIdpAuditEvent(ctx, s.al, AuditActionCreate, rv.GetMetadata().GetName(), entity.Id)
 
 	return rv, nil
 }
@@ -385,7 +387,7 @@ func (s *idpService) Update(ctx context.Context, idp *systemv3.Idp) (*systemv3.I
 		},
 	}
 
-	CreateIdpAuditEvent(ctx, AuditActionUpdate, rv.GetMetadata().GetName(), entity.Id)
+	CreateIdpAuditEvent(ctx, s.al, AuditActionUpdate, rv.GetMetadata().GetName(), entity.Id)
 	return rv, nil
 }
 
@@ -458,6 +460,6 @@ func (s *idpService) Delete(ctx context.Context, idp *systemv3.Idp) error {
 		return err
 	}
 
-	CreateIdpAuditEvent(ctx, AuditActionDelete, name, entity.Id)
+	CreateIdpAuditEvent(ctx, s.al, AuditActionDelete, name, entity.Id)
 	return nil
 }

pkg/service/oidc_provider.go

@@ -14,6 +14,7 @@ import (
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/structpb"
@@ -31,10 +32,11 @@ type OIDCProviderService interface {
 type oidcProvider struct {
 	db        *bun.DB
 	kratosUrl string
+	al        *zap.Logger
 }
 
-func NewOIDCProviderService(db *bun.DB, kratosUrl string) OIDCProviderService {
-	return &oidcProvider{db: db, kratosUrl: kratosUrl}
+func NewOIDCProviderService(db *bun.DB, kratosUrl string, al *zap.Logger) OIDCProviderService {
+	return &oidcProvider{db: db, kratosUrl: kratosUrl, al: al}
 }
 
 func generateCallbackUrl(id string, kUrl string) string {

pkg/service/organization.go

@@ -12,6 +12,7 @@ import (
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -39,11 +40,12 @@ type OrganizationService interface {
 // organizationService implements OrganizationService
 type organizationService struct {
 	db *bun.DB
+	al *zap.Logger
 }
 
 // NewOrganizationService return new organization service
-func NewOrganizationService(db *bun.DB) OrganizationService {
-	return &organizationService{db}
+func NewOrganizationService(db *bun.DB, al *zap.Logger) OrganizationService {
+	return &organizationService{db, al}
 }
 
 func (s *organizationService) Create(ctx context.Context, org *systemv3.Organization) (*systemv3.Organization, error) {
@@ -100,7 +102,7 @@ func (s *organizationService) Create(ctx context.Context, org *systemv3.Organiza
 		//update v3 spec
 		org.Metadata.Id = createdOrg.ID.String()
 
-		CreateOrganizationAuditEvent(ctx, AuditActionCreate, org.GetMetadata().GetName(), createdOrg.ID, nil, org.GetSpec().GetSettings())
+		CreateOrganizationAuditEvent(ctx, s.al, AuditActionCreate, org.GetMetadata().GetName(), createdOrg.ID, nil, org.GetSpec().GetSettings())
 	}
 
 	return org, nil
@@ -232,7 +234,7 @@ func (s *organizationService) Update(ctx context.Context, organization *systemv3
 			return &systemv3.Organization{}, err
 		}
 
-		CreateOrganizationAuditEvent(ctx, AuditActionUpdate, organization.GetMetadata().GetName(), org.ID, &settingsBefore, settingsAfter)
+		CreateOrganizationAuditEvent(ctx, s.al, AuditActionUpdate, organization.GetMetadata().GetName(), org.ID, &settingsBefore, settingsAfter)
 	}
 
 	return organization, nil
@@ -257,7 +259,7 @@ func (s *organizationService) Delete(ctx context.Context, organization *systemv3
 
 		orgSettings := systemv3.OrganizationSettings{}
 		_ = json.Unmarshal(org.Settings, &orgSettings) // ignore any unmarshelling issues
-		CreateOrganizationAuditEvent(ctx, AuditActionDelete, organization.GetMetadata().GetName(), org.ID, &orgSettings, nil)
+		CreateOrganizationAuditEvent(ctx, s.al, AuditActionDelete, organization.GetMetadata().GetName(), org.ID, &orgSettings, nil)
 	}
 	return organization, nil
 

pkg/service/partner.go

@@ -11,6 +11,7 @@ import (
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -33,11 +34,12 @@ type PartnerService interface {
 // partnerService implements PartnerService
 type partnerService struct {
 	db *bun.DB
+	al *zap.Logger
 }
 
 // NewPartnerService return new partner service
-func NewPartnerService(db *bun.DB) PartnerService {
-	return &partnerService{db}
+func NewPartnerService(db *bun.DB, al *zap.Logger) PartnerService {
+	return &partnerService{db, al}
 }
 
 func (s *partnerService) Create(ctx context.Context, partner *systemv3.Partner) (*systemv3.Partner, error) {

pkg/service/project.go

@@ -13,6 +13,7 @@ import (
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -42,11 +43,12 @@ type ProjectService interface {
 type projectService struct {
 	db  *bun.DB
 	azc AuthzService
+	al  *zap.Logger
 }
 
 // NewProjectService return new project service
-func NewProjectService(db *bun.DB, azc AuthzService) ProjectService {
-	return &projectService{db: db, azc: azc}
+func NewProjectService(db *bun.DB, azc AuthzService, al *zap.Logger) ProjectService {
+	return &projectService{db: db, azc: azc, al: al}
 }
 
 func (s *projectService) Create(ctx context.Context, project *systemv3.Project) (*systemv3.Project, error) {
@@ -104,7 +106,7 @@ func (s *projectService) Create(ctx context.Context, project *systemv3.Project)
 			Default: createdProject.Default,
 		}
 
-		CreateProjectAuditEvent(ctx, AuditActionCreate, project.GetMetadata().GetName(), createdProject.ID)
+		CreateProjectAuditEvent(ctx, s.al, AuditActionCreate, project.GetMetadata().GetName(), createdProject.ID)
 	}
 	err = tx.Commit()
 	if err != nil {
@@ -283,7 +285,7 @@ func (s *projectService) Update(ctx context.Context, project *systemv3.Project)
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateProjectAuditEvent(ctx, AuditActionUpdate, project.GetMetadata().GetName(), proj.ID)
+		CreateProjectAuditEvent(ctx, s.al, AuditActionUpdate, project.GetMetadata().GetName(), proj.ID)
 	}
 
 	return project, nil
@@ -329,7 +331,7 @@ func (s *projectService) Delete(ctx context.Context, project *systemv3.Project)
 			return &systemv3.Project{}, err
 		}
 
-		CreateProjectAuditEvent(ctx, AuditActionDelete, project.GetMetadata().GetName(), proj.ID)
+		CreateProjectAuditEvent(ctx, s.al, AuditActionDelete, project.GetMetadata().GetName(), proj.ID)
 	}
 
 	return project, nil

pkg/service/role.go

@@ -14,6 +14,7 @@ import (
 	rolev3 "github.com/RafayLabs/rcloud-base/proto/types/rolepb/v3"
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
@@ -42,11 +43,12 @@ type RoleService interface {
 type roleService struct {
 	db  *bun.DB
 	azc AuthzService
+	al  *zap.Logger
 }
 
 // NewRoleService return new role service
-func NewRoleService(db *bun.DB, azc AuthzService) RoleService {
-	return &roleService{db: db, azc: azc}
+func NewRoleService(db *bun.DB, azc AuthzService, al *zap.Logger) RoleService {
+	return &roleService{db: db, azc: azc, al: al}
 }
 
 func (s *roleService) getPartnerOrganization(ctx context.Context, db bun.IDB, role *rolev3.Role) (uuid.UUID, uuid.UUID, error) {
@@ -173,7 +175,7 @@ func (s *roleService) Create(ctx context.Context, role *rolev3.Role) (*rolev3.Ro
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateRoleAuditEvent(ctx, AuditActionCreate, role.GetMetadata().GetName(), createdRole.ID, role.GetSpec().GetRolepermissions())
+		CreateRoleAuditEvent(ctx, s.al, AuditActionCreate, role.GetMetadata().GetName(), createdRole.ID, role.GetSpec().GetRolepermissions())
 
 		return role, nil
 	}
@@ -283,7 +285,7 @@ func (s *roleService) Update(ctx context.Context, role *rolev3.Role) (*rolev3.Ro
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateRoleAuditEvent(ctx, AuditActionUpdate, role.GetMetadata().GetName(), rle.ID, role.GetSpec().GetRolepermissions())
+		CreateRoleAuditEvent(ctx, s.al, AuditActionUpdate, role.GetMetadata().GetName(), rle.ID, role.GetSpec().GetRolepermissions())
 		return role, nil
 	}
 	return &rolev3.Role{}, fmt.Errorf("unable to update role '%v'", role.GetMetadata().GetName())
@@ -327,7 +329,7 @@ func (s *roleService) Delete(ctx context.Context, role *rolev3.Role) (*rolev3.Ro
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateRoleAuditEvent(ctx, AuditActionDelete, role.GetMetadata().GetName(), rle.ID, []string{})
+		CreateRoleAuditEvent(ctx, s.al, AuditActionDelete, role.GetMetadata().GetName(), rle.ID, []string{})
 		return role, nil
 	}
 

pkg/service/user.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/google/uuid"
 	bun "github.com/uptrace/bun"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/RafayLabs/rcloud-base/internal/dao"
@@ -54,6 +55,7 @@ type userService struct {
 	azc AuthzService
 	ks  ApiKeyService
 	cc  common.CliConfigDownloadData
+	al  *zap.Logger
 }
 
 type userTraits struct {
@@ -70,8 +72,8 @@ type parsedIds struct {
 	Organization uuid.UUID
 }
 
-func NewUserService(ap providers.AuthProvider, db *bun.DB, azc AuthzService, kss ApiKeyService, cfg common.CliConfigDownloadData) UserService {
-	return &userService{ap: ap, db: db, azc: azc, ks: kss, cc: cfg}
+func NewUserService(ap providers.AuthProvider, db *bun.DB, azc AuthzService, kss ApiKeyService, cfg common.CliConfigDownloadData, al *zap.Logger) UserService {
+	return &userService{ap: ap, db: db, azc: azc, ks: kss, cc: cfg, al: al}
 }
 
 func getUserTraits(traits map[string]interface{}) userTraits {
@@ -366,7 +368,7 @@ func (s *userService) Create(ctx context.Context, user *userv3.User) (*userv3.Us
 	}
 	user.Spec.RecoveryUrl = &rl
 
-	CreateUserAuditEvent(ctx, s.db, AuditActionCreate, user.GetMetadata().GetName(), uid, []uuid.UUID{}, rolesAfter, []uuid.UUID{}, groupsAfter)
+	CreateUserAuditEvent(ctx, s.al, s.db, AuditActionCreate, user.GetMetadata().GetName(), uid, []uuid.UUID{}, rolesAfter, []uuid.UUID{}, groupsAfter)
 	return user, nil
 }
 
@@ -618,7 +620,7 @@ func (s *userService) Update(ctx context.Context, user *userv3.User) (*userv3.Us
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateUserAuditEvent(ctx, s.db, AuditActionUpdate, user.GetMetadata().GetName(), usr.ID, rolesBefore, rolesAfter, groupsBefore, groupsAfter)
+		CreateUserAuditEvent(ctx, s.al, s.db, AuditActionUpdate, user.GetMetadata().GetName(), usr.ID, rolesBefore, rolesAfter, groupsBefore, groupsAfter)
 		return user, nil
 
 	} else {
@@ -665,7 +667,7 @@ func (s *userService) Delete(ctx context.Context, user *userv3.User) (*userrpcv3
 			_log.Warn("unable to commit changes", err)
 		}
 
-		CreateUserAuditEvent(ctx, s.db, AuditActionDelete, user.GetMetadata().GetName(), usr.ID, rolesBefore, []uuid.UUID{}, groupsBefore, []uuid.UUID{})
+		CreateUserAuditEvent(ctx, s.al, s.db, AuditActionDelete, user.GetMetadata().GetName(), usr.ID, rolesBefore, []uuid.UUID{}, groupsBefore, []uuid.UUID{})
 		return &userrpcv3.DeleteUserResponse{}, nil
 	}
 	return &userrpcv3.DeleteUserResponse{}, fmt.Errorf("unable to delete user '%v'", user.Metadata.Name)