integer-underflow
diff --git a/‎cli/organization_test.go
Lines changed: 4 additions & 2 deletions b/‎cli/organization_test.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 25 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 25 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 23 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 23 additions & 0 deletions
diff --git a/‎coderd/audit.go
Lines changed: 16 additions & 7 deletions b/‎coderd/audit.go
Lines changed: 16 additions & 7 deletions
diff --git a/‎coderd/audit_test.go
Lines changed: 88 additions & 3 deletions b/‎coderd/audit_test.go
Lines changed: 88 additions & 3 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 43 additions & 33 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 43 additions & 33 deletions
@@ -32,8 +32,10 @@ func TestCurrentOrganization(t *testing.T) {
 		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			json.NewEncoder(w).Encode([]codersdk.Organization{
 				{
-					ID:        orgID,
-					Name:      "not-default",
+					MinimalOrganization: codersdk.MinimalOrganization{
+						ID:   orgID,
+						Name: "not-default",
+					},
 					CreatedAt: time.Now(),
 					UpdatedAt: time.Now(),
 					IsDefault: false,
 
@@ -145,9 +145,6 @@ func (api *API) generateFakeAuditLog(rw http.ResponseWriter, r *http.Request) {
 	if len(params.AdditionalFields) == 0 {
 		params.AdditionalFields = json.RawMessage("{}")
 	}
-	if params.OrganizationID == uuid.Nil {
-		params.OrganizationID = uuid.New()
-	}
 
 	_, err = api.Database.InsertAuditLog(ctx, database.InsertAuditLogParams{
 		ID:               uuid.New(),
@@ -241,10 +238,11 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs
 		resourceLink = api.auditLogResourceLink(ctx, dblog, additionalFields)
 	}
 
-	return codersdk.AuditLog{
-		ID:               dblog.ID,
-		RequestID:        dblog.RequestID,
-		Time:             dblog.Time,
+	alog := codersdk.AuditLog{
+		ID:        dblog.ID,
+		RequestID: dblog.RequestID,
+		Time:      dblog.Time,
+		// OrganizationID is deprecated.
 		OrganizationID:   dblog.OrganizationID,
 		IP:               ip,
 		UserAgent:        dblog.UserAgent.String,
@@ -261,6 +259,17 @@ func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogs
 		ResourceLink:     resourceLink,
 		IsDeleted:        isDeleted,
 	}
+
+	if dblog.OrganizationID != uuid.Nil {
+		alog.Organization = &codersdk.MinimalOrganization{
+			ID:          dblog.OrganizationID,
+			Name:        dblog.OrganizationName,
+			DisplayName: dblog.OrganizationDisplayName,
+			Icon:        dblog.OrganizationIcon,
+		}
+	}
+
+	return alog
 }
 
 func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
 
@@ -46,7 +46,7 @@ func TestAuditLogs(t *testing.T) {
 		require.Len(t, alogs.AuditLogs, 1)
 	})
 
-	t.Run("User", func(t *testing.T) {
+	t.Run("IncludeUser", func(t *testing.T) {
 		t.Parallel()
 
 		ctx := context.Background()
@@ -95,6 +95,92 @@ func TestAuditLogs(t *testing.T) {
 		require.Equal(t, foundUser, *alogs.AuditLogs[0].User)
 	})
 
+	t.Run("IncludeOrganization", func(t *testing.T) {
+		t.Parallel()
+
+		ctx := context.Background()
+		client := coderdtest.New(t, nil)
+		user := coderdtest.CreateFirstUser(t, client)
+
+		o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
+			Name:        "new-org",
+			DisplayName: "New organization",
+			Description: "A new organization to love and cherish until the test is over.",
+			Icon:        "/emojis/1f48f-1f3ff.png",
+		})
+		require.NoError(t, err)
+
+		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
+			OrganizationID: o.ID,
+			ResourceID:     user.UserID,
+		})
+		require.NoError(t, err)
+
+		alogs, err := client.AuditLogs(ctx, codersdk.AuditLogsRequest{
+			Pagination: codersdk.Pagination{
+				Limit: 1,
+			},
+		})
+		require.NoError(t, err)
+		require.Equal(t, int64(1), alogs.Count)
+		require.Len(t, alogs.AuditLogs, 1)
+
+		// Make sure the organization is fully populated.
+		require.Equal(t, &codersdk.MinimalOrganization{
+			ID:          o.ID,
+			Name:        o.Name,
+			DisplayName: o.DisplayName,
+			Icon:        o.Icon,
+		}, alogs.AuditLogs[0].Organization)
+
+		// OrganizationID is deprecated, but make sure it is set.
+		require.Equal(t, o.ID, alogs.AuditLogs[0].OrganizationID)
+
+		// Delete the org and try again, should be mostly empty.
+		err = client.DeleteOrganization(ctx, o.ID.String())
+		require.NoError(t, err)
+
+		alogs, err = client.AuditLogs(ctx, codersdk.AuditLogsRequest{
+			Pagination: codersdk.Pagination{
+				Limit: 1,
+			},
+		})
+		require.NoError(t, err)
+		require.Equal(t, int64(1), alogs.Count)
+		require.Len(t, alogs.AuditLogs, 1)
+
+		require.Equal(t, &codersdk.MinimalOrganization{
+			ID: o.ID,
+		}, alogs.AuditLogs[0].Organization)
+
+		// OrganizationID is deprecated, but make sure it is set.
+		require.Equal(t, o.ID, alogs.AuditLogs[0].OrganizationID)
+
+		// Some audit entries do not have an organization at all, in which case the
+		// response omits the organization.
+		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
+			ResourceType: codersdk.ResourceTypeAPIKey,
+			ResourceID:   user.UserID,
+		})
+		require.NoError(t, err)
+
+		alogs, err = client.AuditLogs(ctx, codersdk.AuditLogsRequest{
+			SearchQuery: "resource_type:api_key",
+			Pagination: codersdk.Pagination{
+				Limit: 1,
+			},
+		})
+		require.NoError(t, err)
+		require.Equal(t, int64(1), alogs.Count)
+		require.Len(t, alogs.AuditLogs, 1)
+
+		// The other will have no organization.
+		require.Equal(t, (*codersdk.MinimalOrganization)(nil), alogs.AuditLogs[0].Organization)
+
+		// OrganizationID is deprecated, but make sure it is empty.
+		require.Equal(t, uuid.Nil, alogs.AuditLogs[0].OrganizationID)
+	})
+
 	t.Run("WorkspaceBuildAuditLink", func(t *testing.T) {
 		t.Parallel()
 
@@ -159,8 +245,7 @@ func TestAuditLogs(t *testing.T) {
 
 		// Add an extra audit log in another organization
 		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
-			ResourceID:     owner.UserID,
-			OrganizationID: uuid.New(),
+			ResourceID: owner.UserID,
 		})
 		require.NoError(t, err)
 
 
@@ -928,6 +928,16 @@ func (q *FakeQuerier) getLatestWorkspaceAppByTemplateIDUserIDSlugNoLock(ctx cont
 	return database.WorkspaceApp{}, sql.ErrNoRows
 }
 
+// getOrganizationByIDNoLock is used by other functions in the database fake.
+func (q *FakeQuerier) getOrganizationByIDNoLock(id uuid.UUID) (database.Organization, error) {
+	for _, organization := range q.organizations {
+		if organization.ID == id {
+			return organization, nil
+		}
+	}
+	return database.Organization{}, sql.ErrNoRows
+}
+
 func (*FakeQuerier) AcquireLock(_ context.Context, _ int64) error {
 	return xerrors.New("AcquireLock must only be called within a transaction")
 }
@@ -2146,34 +2156,39 @@ func (q *FakeQuerier) GetAuditLogsOffset(_ context.Context, arg database.GetAudi
 		user, err := q.getUserByIDNoLock(alog.UserID)
 		userValid := err == nil
 
+		org, _ := q.getOrganizationByIDNoLock(alog.OrganizationID)
+
 		logs = append(logs, database.GetAuditLogsOffsetRow{
-			ID:                     alog.ID,
-			RequestID:              alog.RequestID,
-			OrganizationID:         alog.OrganizationID,
-			Ip:                     alog.Ip,
-			UserAgent:              alog.UserAgent,
-			ResourceType:           alog.ResourceType,
-			ResourceID:             alog.ResourceID,
-			ResourceTarget:         alog.ResourceTarget,
-			ResourceIcon:           alog.ResourceIcon,
-			Action:                 alog.Action,
-			Diff:                   alog.Diff,
-			StatusCode:             alog.StatusCode,
-			AdditionalFields:       alog.AdditionalFields,
-			UserID:                 alog.UserID,
-			UserUsername:           sql.NullString{String: user.Username, Valid: userValid},
-			UserName:               sql.NullString{String: user.Name, Valid: userValid},
-			UserEmail:              sql.NullString{String: user.Email, Valid: userValid},
-			UserCreatedAt:          sql.NullTime{Time: user.CreatedAt, Valid: userValid},
-			UserUpdatedAt:          sql.NullTime{Time: user.UpdatedAt, Valid: userValid},
-			UserLastSeenAt:         sql.NullTime{Time: user.LastSeenAt, Valid: userValid},
-			UserLoginType:          database.NullLoginType{LoginType: user.LoginType, Valid: userValid},
-			UserDeleted:            sql.NullBool{Bool: user.Deleted, Valid: userValid},
-			UserThemePreference:    sql.NullString{String: user.ThemePreference, Valid: userValid},
-			UserQuietHoursSchedule: sql.NullString{String: user.QuietHoursSchedule, Valid: userValid},
-			UserStatus:             database.NullUserStatus{UserStatus: user.Status, Valid: userValid},
-			UserRoles:              user.RBACRoles,
-			Count:                  0,
+			ID:                      alog.ID,
+			RequestID:               alog.RequestID,
+			OrganizationID:          alog.OrganizationID,
+			OrganizationName:        org.Name,
+			OrganizationDisplayName: org.DisplayName,
+			OrganizationIcon:        org.Icon,
+			Ip:                      alog.Ip,
+			UserAgent:               alog.UserAgent,
+			ResourceType:            alog.ResourceType,
+			ResourceID:              alog.ResourceID,
+			ResourceTarget:          alog.ResourceTarget,
+			ResourceIcon:            alog.ResourceIcon,
+			Action:                  alog.Action,
+			Diff:                    alog.Diff,
+			StatusCode:              alog.StatusCode,
+			AdditionalFields:        alog.AdditionalFields,
+			UserID:                  alog.UserID,
+			UserUsername:            sql.NullString{String: user.Username, Valid: userValid},
+			UserName:                sql.NullString{String: user.Name, Valid: userValid},
+			UserEmail:               sql.NullString{String: user.Email, Valid: userValid},
+			UserCreatedAt:           sql.NullTime{Time: user.CreatedAt, Valid: userValid},
+			UserUpdatedAt:           sql.NullTime{Time: user.UpdatedAt, Valid: userValid},
+			UserLastSeenAt:          sql.NullTime{Time: user.LastSeenAt, Valid: userValid},
+			UserLoginType:           database.NullLoginType{LoginType: user.LoginType, Valid: userValid},
+			UserDeleted:             sql.NullBool{Bool: user.Deleted, Valid: userValid},
+			UserThemePreference:     sql.NullString{String: user.ThemePreference, Valid: userValid},
+			UserQuietHoursSchedule:  sql.NullString{String: user.QuietHoursSchedule, Valid: userValid},
+			UserStatus:              database.NullUserStatus{UserStatus: user.Status, Valid: userValid},
+			UserRoles:               user.RBACRoles,
+			Count:                   0,
 		})
 
 		if len(logs) >= int(arg.LimitOpt) {
@@ -2969,12 +2984,7 @@ func (q *FakeQuerier) GetOrganizationByID(_ context.Context, id uuid.UUID) (data
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 
-	for _, organization := range q.organizations {
-		if organization.ID == id {
-			return organization, nil
-		}
-	}
-	return database.Organization{}, sql.ErrNoRows
+	return q.getOrganizationByIDNoLock(id)
 }
 
 func (q *FakeQuerier) GetOrganizationByName(_ context.Context, name string) (database.Organization, error) {