more audit logs

styx-scheduler-service/src/main/java/com/spotify/styx/docker/KubernetesDockerRunner.java

@@ -156,11 +156,10 @@ public String start(WorkflowInstance workflowInstance, RunSpec runSpec) throws I
 
   private void ensureSecrets(WorkflowInstance workflowInstance, RunSpec runSpec) {
     if (runSpec.serviceAccount().isPresent()) {
-      final String secretName = buildSecretName(runSpec.serviceAccount().get());
+      final String serviceAccount = runSpec.serviceAccount().get();
+      final String secretName = buildSecretName(serviceAccount);
       final Secret secret = client.secrets().withName(secretName).get();
       if (secret == null) {
-        final String serviceAccount = runSpec.serviceAccount().get();
-
         final ServiceAccountKey jsonKey;
         final ServiceAccountKey p12Key;
         try {
@@ -189,7 +188,11 @@ private void ensureSecrets(WorkflowInstance workflowInstance, RunSpec runSpec) {
                                     .endMetadata()
                                     .withData(keys)
                                     .build());
-        LOG.info("[AUDIT] Secret {} created for service account {}", secretName, serviceAccount);
+        LOG.info("[AUDIT] Secret {} created for {} referred to by workflow {}", secretName,
+                 serviceAccount, workflowInstance.workflowId());
+      } else {
+        LOG.info("[AUDIT] Workflow {} refers to secret {} of {}", workflowInstance.workflowId(),
+                 secretName, serviceAccount);
       }
     }