cloudfoundry · Samze · Jan 8, 2026
diff --git a/app/actions/organization_quota_apply.rb b/app/actions/organization_quota_apply.rb
@@ -1,8 +1,14 @@
+require 'repositories/organization_quota_event_repository'
+
 module VCAP::CloudController
   class OrganizationQuotaApply
     class Error < ::StandardError
     end
 
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
     def apply(org_quota, message)
       orgs = valid_orgs(message.organization_guids)
 
@@ -18,7 +24,10 @@ def apply(org_quota, message)
       end
 
       QuotaDefinition.db.transaction do
-        orgs.each { |org| org_quota.add_organization(org) }
+        orgs.each do |org|
+          org_quota.add_organization(org)
+          Repositories::OrganizationQuotaEventRepository.new.record_organization_quota_apply(org_quota, org, @user_audit_info)
+        end
       end
     rescue Sequel::ValidationFailed => e
       error!(e.message)

diff --git a/app/actions/organization_quota_delete.rb b/app/actions/organization_quota_delete.rb
@@ -1,8 +1,15 @@
+require 'repositories/organization_quota_event_repository'
+
 module VCAP::CloudController
   class OrganizationQuotaDeleteAction
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
     def delete(organization_quotas)
       organization_quotas.each do |org_quota|
         QuotaDefinition.db.transaction do
+          Repositories::OrganizationQuotaEventRepository.new.record_organization_quota_delete(org_quota, @user_audit_info)
           org_quota.destroy
         end
       end

diff --git a/app/actions/organization_quotas_create.rb b/app/actions/organization_quotas_create.rb
@@ -1,8 +1,14 @@
+require 'repositories/organization_quota_event_repository'
+
 module VCAP::CloudController
   class OrganizationQuotasCreate
     class Error < ::StandardError
     end
 
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
     # rubocop:todo Metrics/CyclomaticComplexity
     def create(message)
       org_quota = nil
@@ -33,6 +39,8 @@ def create(message)
 
         orgs = valid_orgs(message.organization_guids)
         orgs.each { |org| org_quota.add_organization(org) }
+
+        Repositories::OrganizationQuotaEventRepository.new.record_organization_quota_create(org_quota, @user_audit_info, message.audit_hash)
       end
       org_quota
     rescue Sequel::ValidationFailed => e

diff --git a/app/actions/organization_quotas_update.rb b/app/actions/organization_quotas_update.rb
@@ -1,3 +1,5 @@
+require 'repositories/organization_quota_event_repository'
+
 module VCAP::CloudController
   class OrganizationQuotasUpdate
     class Error < ::StandardError
@@ -6,7 +8,7 @@ class Error < ::StandardError
     MAX_ORGS_TO_LIST_ON_FAILURE = 2
 
     # rubocop:disable Metrics/CyclomaticComplexity
-    def self.update(quota, message)
+    def self.update(quota, message, user_audit_info)
       if log_rate_limit(message) != QuotaDefinition::UNLIMITED
         orgs = orgs_with_unlimited_processes(quota)
         unlimited_processes_exist_error!(orgs) if orgs.any?
@@ -33,6 +35,8 @@ def self.update(quota, message)
         quota.total_private_domains = total_private_domains(message) if message.domains_limits_message.requested? :total_domains
 
         quota.save
+
+        Repositories::OrganizationQuotaEventRepository.new.record_organization_quota_update(quota, user_audit_info, message.audit_hash)
       end
       # rubocop:enable Metrics/CyclomaticComplexity
 

diff --git a/app/actions/space_quota_apply.rb b/app/actions/space_quota_apply.rb
@@ -1,8 +1,14 @@
+require 'repositories/space_quota_event_repository'
+
 module VCAP::CloudController
   class SpaceQuotaApply
     class Error < ::StandardError
     end
 
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
     def apply(space_quota, message, visible_space_guids: [], all_spaces_visible: false)
       spaces = valid_spaces(message.space_guids, visible_space_guids, all_spaces_visible, space_quota.organization_id)
 
@@ -17,7 +23,10 @@ def apply(space_quota, message, visible_space_guids: [], all_spaces_visible: fal
       end
 
       SpaceQuotaDefinition.db.transaction do
-        spaces.each { |space| space_quota.add_space(space) }
+        spaces.each do |space|
+          space_quota.add_space(space)
+          Repositories::SpaceQuotaEventRepository.new.record_space_quota_apply(space_quota, space, @user_audit_info)
+        end
       end
     rescue Sequel::ValidationFailed => e
       error!(e.message)

diff --git a/app/actions/space_quota_delete.rb b/app/actions/space_quota_delete.rb
@@ -1,8 +1,15 @@
+require 'repositories/space_quota_event_repository'
+
 module VCAP::CloudController
   class SpaceQuotaDeleteAction
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
     def delete(space_quotas)
       space_quotas.each do |space_quota|
         SpaceQuotaDefinition.db.transaction do
+          Repositories::SpaceQuotaEventRepository.new.record_space_quota_delete(space_quota, @user_audit_info)
           space_quota.destroy
         end
       end

diff --git a/app/actions/space_quota_unapply.rb b/app/actions/space_quota_unapply.rb
@@ -1,11 +1,18 @@
+require 'repositories/space_quota_event_repository'
+
 module VCAP::CloudController
   class SpaceQuotaUnapply
     class Error < ::StandardError
     end
 
-    def self.unapply(space_quota, space)
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
+    def unapply(space_quota, space)
       SpaceQuotaDefinition.db.transaction do
         space_quota.remove_space(space)
+        Repositories::SpaceQuotaEventRepository.new.record_space_quota_remove(space_quota, space, @user_audit_info)
       end
     rescue Sequel::ValidationFailed => e
       raise Error.new(e.message)

diff --git a/app/actions/space_quota_update.rb b/app/actions/space_quota_update.rb
@@ -1,3 +1,5 @@
+require 'repositories/space_quota_event_repository'
+
 module VCAP::CloudController
   class SpaceQuotaUpdate
     class Error < ::StandardError
@@ -6,7 +8,7 @@ class Error < ::StandardError
     MAX_SPACES_TO_LIST_ON_FAILURE = 2
 
     # rubocop:disable Metrics/CyclomaticComplexity
-    def self.update(quota, message)
+    def self.update(quota, message, user_audit_info)
       if log_rate_limit(message) != QuotaDefinition::UNLIMITED
         spaces = spaces_with_unlimited_processes(quota)
         unlimited_processes_exist_error!(spaces) if spaces.any?
@@ -31,6 +33,8 @@ def self.update(quota, message)
         quota.total_routes = total_routes(message) if message.routes_limits_message.requested? :total_routes
 
         quota.save
+
+        Repositories::SpaceQuotaEventRepository.new.record_space_quota_update(quota, user_audit_info, message.audit_hash)
       end
 
       quota

diff --git a/app/actions/space_quotas_create.rb b/app/actions/space_quotas_create.rb
@@ -1,8 +1,14 @@
+require 'repositories/space_quota_event_repository'
+
 module VCAP::CloudController
   class SpaceQuotasCreate
     class Error < ::StandardError
     end
 
+    def initialize(user_audit_info)
+      @user_audit_info = user_audit_info
+    end
+
     # rubocop:todo Metrics/CyclomaticComplexity
     def create(message, organization:)
       space_quota = nil
@@ -31,6 +37,8 @@ def create(message, organization:)
 
         spaces = valid_spaces(message.space_guids, organization)
         spaces.each { |space| space_quota.add_space(space) }
+
+        Repositories::SpaceQuotaEventRepository.new.record_space_quota_create(space_quota, @user_audit_info, message.audit_hash)
       end
 
       space_quota

diff --git a/app/controllers/v3/organization_quotas_controller.rb b/app/controllers/v3/organization_quotas_controller.rb
@@ -44,7 +44,7 @@ def create
     message = VCAP::CloudController::OrganizationQuotasCreateMessage.new(hashed_params[:body])
     unprocessable!(message.errors.full_messages) unless message.valid?
 
-    organization_quota = OrganizationQuotasCreate.new.create(message)
+    organization_quota = OrganizationQuotasCreate.new(user_audit_info).create(message)
 
     render json: Presenters::V3::OrganizationQuotaPresenter.new(organization_quota, **presenter_args), status: :created
   rescue OrganizationQuotasCreate::Error => e
@@ -60,7 +60,7 @@ def update
     organization_quota = QuotaDefinition.first(guid: hashed_params[:guid])
     resource_not_found!(:organization_quota) unless organization_quota
 
-    organization_quota = OrganizationQuotasUpdate.update(organization_quota, message)
+    organization_quota = OrganizationQuotasUpdate.update(organization_quota, message, user_audit_info)
 
     render json: Presenters::V3::OrganizationQuotaPresenter.new(organization_quota, **presenter_args), status: :ok
   rescue OrganizationQuotasUpdate::Error => e
@@ -77,7 +77,7 @@ def destroy
       unprocessable!('This quota is applied to one or more organizations. Apply different quotas to those organizations before deleting.')
     end
 
-    delete_action = OrganizationQuotaDeleteAction.new
+    delete_action = OrganizationQuotaDeleteAction.new(user_audit_info)
 
     deletion_job = VCAP::CloudController::Jobs::DeleteActionJob.new(QuotaDefinition, organization_quota.guid, delete_action, 'organization_quota')
     pollable_job = Jobs::Enqueuer.new(queue: Jobs::Queues.generic).enqueue_pollable(deletion_job)
@@ -94,7 +94,7 @@ def apply_to_organizations
     organization_quota = QuotaDefinition.first(guid: hashed_params[:guid])
     resource_not_found!(:organization_quota) unless organization_quota
 
-    OrganizationQuotaApply.new.apply(organization_quota, message)
+    OrganizationQuotaApply.new(user_audit_info).apply(organization_quota, message)
 
     render status: :ok, json: Presenters::V3::ToManyRelationshipPresenter.new(
       "organization_quotas/#{organization_quota.guid}",

diff --git a/app/controllers/v3/space_quotas_controller.rb b/app/controllers/v3/space_quotas_controller.rb
@@ -46,7 +46,7 @@ def create
     unauthorized! unless permission_queryer.can_write_to_active_org?(org.id)
     suspended! unless permission_queryer.is_org_active?(org.id)
 
-    space_quota = SpaceQuotasCreate.new.create(message, organization: org)
+    space_quota = SpaceQuotasCreate.new(user_audit_info).create(message, organization: org)
 
     render status: :created, json: Presenters::V3::SpaceQuotaPresenter.new(
       space_quota,
@@ -69,7 +69,7 @@ def update
     message = VCAP::CloudController::OrganizationQuotasUpdateMessage.new(hashed_params[:body])
     unprocessable!(message.errors.full_messages) unless message.valid?
 
-    space_quota = SpaceQuotaUpdate.update(space_quota, message)
+    space_quota = SpaceQuotaUpdate.update(space_quota, message, user_audit_info)
 
     render status: :ok, json: Presenters::V3::SpaceQuotaPresenter.new(
       space_quota,
@@ -92,7 +92,7 @@ def apply_to_spaces
     message = SpaceQuotaApplyMessage.new(hashed_params[:body])
     unprocessable!(message.errors.full_messages) unless message.valid?
 
-    SpaceQuotaApply.new.apply(space_quota, message, **presenter_args)
+    SpaceQuotaApply.new(user_audit_info).apply(space_quota, message, **presenter_args)
 
     render status: :ok, json: Presenters::V3::ToManyRelationshipPresenter.new(
       "space_quotas/#{space_quota.guid}",
@@ -121,7 +121,7 @@ def remove_from_space
       unprocessable!("Unable to remove quota from space with guid '#{space_guid}'. Ensure the space quota is applied to this space.")
     end
 
-    SpaceQuotaUnapply.unapply(space_quota, space)
+    SpaceQuotaUnapply.new(user_audit_info).unapply(space_quota, space)
   rescue SpaceQuotaUnapply::Error => e
     unprocessable!(e.message)
   end
@@ -138,7 +138,7 @@ def destroy
 
     unprocessable!('This quota is applied to one or more spaces. Remove this quota from all spaces before deleting.') unless space_quota.spaces_dataset.empty?
 
-    delete_action = SpaceQuotaDeleteAction.new
+    delete_action = SpaceQuotaDeleteAction.new(user_audit_info)
 
     deletion_job = VCAP::CloudController::Jobs::DeleteActionJob.new(SpaceQuotaDefinition, space_quota.guid, delete_action, 'space_quota')
     pollable_job = Jobs::Enqueuer.new(queue: Jobs::Queues.generic).enqueue_pollable(deletion_job)

diff --git a/app/repositories/event_types.rb b/app/repositories/event_types.rb
@@ -119,10 +119,21 @@ class EventTypesError < StandardError
         ORGANIZATION_UPDATE = 'audit.organization.update'.freeze,
         ORGANIZATION_DELETE_REQUEST = 'audit.organization.delete-request'.freeze,
 
+        ORGANIZATION_QUOTA_CREATE = 'audit.organization_quota.create'.freeze,
+        ORGANIZATION_QUOTA_UPDATE = 'audit.organization_quota.update'.freeze,
+        ORGANIZATION_QUOTA_DELETE = 'audit.organization_quota.delete'.freeze,
+        ORGANIZATION_QUOTA_APPLY = 'audit.organization_quota.apply'.freeze,
+
         SPACE_CREATE = 'audit.space.create'.freeze,
         SPACE_UPDATE = 'audit.space.update'.freeze,
         SPACE_DELETE_REQUEST = 'audit.space.delete-request'.freeze,
 
+        SPACE_QUOTA_CREATE = 'audit.space_quota.create'.freeze,
+        SPACE_QUOTA_UPDATE = 'audit.space_quota.update'.freeze,
+        SPACE_QUOTA_DELETE = 'audit.space_quota.delete'.freeze,
+        SPACE_QUOTA_APPLY = 'audit.space_quota.apply'.freeze,
+        SPACE_QUOTA_REMOVE = 'audit.space_quota.remove'.freeze,
+
         STACK_CREATE = 'audit.stack.create'.freeze,
         STACK_UPDATE = 'audit.stack.update'.freeze,
         STACK_DELETE = 'audit.stack.delete'.freeze,

diff --git a/app/repositories/organization_quota_event_repository.rb b/app/repositories/organization_quota_event_repository.rb
@@ -0,0 +1,82 @@
+require 'repositories/event_types'
+
+module VCAP::CloudController
+  module Repositories
+    class OrganizationQuotaEventRepository
+      def record_organization_quota_create(quota, user_audit_info, request_attrs)
+        Event.create(
+          type: EventTypes::ORGANIZATION_QUOTA_CREATE,
+          actee: quota.guid,
+          actee_type: 'organization_quota',
+          actee_name: quota.name,
+          actor: user_audit_info.user_guid,
+          actor_type: 'user',
+          actor_name: user_audit_info.user_email,
+          actor_username: user_audit_info.user_name,
+          timestamp: Sequel::CURRENT_TIMESTAMP,
+          space_guid: '',
+          organization_guid: '',
+          metadata: {
+            request: request_attrs
+          }
+        )
+      end
+
+      def record_organization_quota_update(quota, user_audit_info, request_attrs)
+        Event.create(
+          type: EventTypes::ORGANIZATION_QUOTA_UPDATE,
+          actee: quota.guid,
+          actee_type: 'organization_quota',
+          actee_name: quota.name,
+          actor: user_audit_info.user_guid,
+          actor_type: 'user',
+          actor_name: user_audit_info.user_email,
+          actor_username: user_audit_info.user_name,
+          timestamp: Sequel::CURRENT_TIMESTAMP,
+          space_guid: '',
+          organization_guid: '',
+          metadata: {
+            request: request_attrs
+          }
+        )
+      end
+
+      def record_organization_quota_delete(quota, user_audit_info)
+        Event.create(
+          type: EventTypes::ORGANIZATION_QUOTA_DELETE,
+          actee: quota.guid,
+          actee_type: 'organization_quota',
+          actee_name: quota.name,
+          actor: user_audit_info.user_guid,
+          actor_type: 'user',
+          actor_name: user_audit_info.user_email,
+          actor_username: user_audit_info.user_name,
+          timestamp: Sequel::CURRENT_TIMESTAMP,
+          space_guid: '',
+          organization_guid: '',
+          metadata: {}
+        )
+      end
+
+      def record_organization_quota_apply(quota, organization, user_audit_info)
+        Event.create(
+          type: EventTypes::ORGANIZATION_QUOTA_APPLY,
+          actee: quota.guid,
+          actee_type: 'organization_quota',
+          actee_name: quota.name,
+          actor: user_audit_info.user_guid,
+          actor_type: 'user',
+          actor_name: user_audit_info.user_email,
+          actor_username: user_audit_info.user_name,
+          timestamp: Sequel::CURRENT_TIMESTAMP,
+          space_guid: '',
+          organization_guid: organization.guid,
+          metadata: {
+            organization_guid: organization.guid,
+            organization_name: organization.name
+          }
+        )
+      end
+    end
+  end
+end