a3s-box-core 2.4.0

Core types, config, and error handling for A3S Box MicroVM runtime
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

//! Audit sink abstraction.
//!
//! Decouples audit event recording from the file-based JSON-lines
//! implementation in `a3s-box-runtime`. Implementations can write to
//! any backend: files, databases, SIEM systems, cloud logging, etc.

use crate::audit::AuditEvent;
use crate::error::Result;

/// Abstraction over audit event recording.
///
/// The runtime calls `record` whenever a security-relevant action occurs
/// (box creation, exec commands, image pulls, etc.). Implementations
/// decide how and where to persist these events.
///
/// # Thread Safety
///
/// Implementations must be `Send + Sync`. Concurrent `record` calls
/// must be safe.
pub trait AuditSink: Send + Sync {
    /// Record an audit event.
    ///
    /// Implementations should be best-effort — a failure to record
    /// an audit event should not prevent the audited operation from
    /// proceeding. Callers may log the error but will not propagate it.
    fn record(&self, event: &AuditEvent) -> Result<()>;

    /// Flush any buffered events to the underlying storage.
    ///
    /// Called during graceful shutdown. Default implementation is a no-op.
    fn flush(&self) -> Result<()> {
        Ok(())
    }
}