chore: add audit log action definitions (coder#696)

Katie Horne · web-flow · commit 590a7a9fee59 · 2021-11-01T14:47:10.000-05:00
diff --git a/admin/audit.md b/admin/audit.md
@@ -1,7 +1,6 @@
 ---
 title: "Audit"
-description:
-  Learn how Coder audits user and admin actions for greater traceability.
+description: Learn how Coder audits user and admin actions.
 ---
 
 Coder maintains records of all user actions on system resources for auditing
@@ -24,3 +23,34 @@ You can filter the logs displayed using the search filters available at the top:
 - **Resource Target**: The friendly name for the resource (e.g., the user with
   the email address **dev@coder.com**)
 - **User**: The user who performs the action
+
+## Actions
+
+The audit logs capture information about the following actions (those who
+[export Coder logs](../guides/admin/logging.md) will see this information under
+`message.fields.audit_log.action`):
+
+When reviewing Coder's audit logs, specifically, you will see the following
+actions included:
+
+- `auto_off`: Coder automatically turned off a workspace due to inactivity
+- `auto_start`: Coder automatically turned on a workspace at the time preset by
+  its owner
+- `connect`: a user connected to an existing workspace
+- `cordon`: a workspace provider became unavailable for new workspace creation
+  requests.
+- `create`: the user created a Coder entity (e.g., dev URL, image/image tag,
+  workspace, etc.)
+- `delete`: a user deleted a Coder entity (e.g., workspace or image)
+- `enqueue`: a user added a new job to the queue (e.g., workspace build, user
+  deletion, workspace deletion)
+- `login`: a user logs in via basic authentication or OIDC, with Coder
+  exchanging a token as a result
+- `open`: a user opened a workspace using an IDE through the browser
+- `ssh`: a user opened a web terminal or used SSH to access Coder
+- `stop`: a user manually stopped a workspace
+- `uncordon`: a workspace provider became available for new workspace creation
+  requests.
+- `view`: the Coder CLI used a secret
+- `write`: the user made a change to a Coder entity (e.g., workspace, user,
+  resource pool, etc.)
