refractor(aa): ensure methods order in rules definitions.

2024-11-14 23:43:56 +01:00 · 2024-06-25 19:56:36 +01:00 · 2024-06-25 19:56:36 +01:00 · 880f0ef37e
commit 880f0ef37e
parent 272072d2a5
19 changed files with 310 additions and 310 deletions
--- a/pkg/aa/all.go
+++ b/pkg/aa/all.go
@ -16,6 +16,18 @@ func newAll(q Qualifier, rule rule) (Rule, error) {
 	return &All{Base: newBase(rule)}, nil
 }

+func (r *All) Kind() Kind {
+	return ALL
+}
+
+func (r *All) Constraint() constraint {
+	return blockKind
+}
+
+func (r *All) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *All) Validate() error {
 	return nil
 }
@ -29,15 +41,3 @@ func (r *All) Merge(other Rule) bool {
 	b := &r.Base
 	return b.merge(o.Base)
 }
-
-func (r *All) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *All) Constraint() constraint {
-	return blockKind
-}
-
-func (r *All) Kind() Kind {
-	return ALL
-}
--- a/pkg/aa/blocks.go
+++ b/pkg/aa/blocks.go
@ -15,6 +15,18 @@ type Hat struct {
 	Rules Rules
 }

+func (p *Hat) Kind() Kind {
+	return HAT
+}
+
+func (p *Hat) Constraint() constraint {
+	return blockKind
+}
+
+func (p *Hat) String() string {
+	return renderTemplate(p.Kind(), p)
+}
+
 func (r *Hat) Validate() error {
 	return nil
 }
@ -23,15 +35,3 @@ func (r *Hat) Compare(other Rule) int {
 	o, _ := other.(*Hat)
 	return compare(r.Name, o.Name)
 }
-
-func (p *Hat) String() string {
-	return renderTemplate(p.Kind(), p)
-}
-
-func (p *Hat) Constraint() constraint {
-	return blockKind
-}
-
-func (p *Hat) Kind() Kind {
-	return HAT
-}
--- a/pkg/aa/capability.go
+++ b/pkg/aa/capability.go
@ -51,6 +51,18 @@ func newCapabilityFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Capability) Kind() Kind {
+	return CAPABILITY
+}
+
+func (r *Capability) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Capability) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Capability) Validate() error {
 	if err := validateValues(r.Kind(), "name", r.Names); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -65,15 +77,3 @@ func (r *Capability) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *Capability) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Capability) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Capability) Kind() Kind {
-	return CAPABILITY
-}
--- a/pkg/aa/change_profile.go
+++ b/pkg/aa/change_profile.go
@ -67,6 +67,18 @@ func newChangeProfileFromLog(log map[string]string) Rule {
 	}
 }

+func (r *ChangeProfile) Kind() Kind {
+	return CHANGEPROFILE
+}
+
+func (r *ChangeProfile) Constraint() constraint {
+	return blockKind
+}
+
+func (r *ChangeProfile) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *ChangeProfile) Validate() error {
 	if err := validateValues(r.Kind(), "mode", []string{r.ExecMode}); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -87,15 +99,3 @@ func (r *ChangeProfile) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *ChangeProfile) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *ChangeProfile) Constraint() constraint {
-	return blockKind
-}
-
-func (r *ChangeProfile) Kind() Kind {
-	return CHANGEPROFILE
-}
--- a/pkg/aa/dbus.go
+++ b/pkg/aa/dbus.go
@ -74,6 +74,18 @@ func newDbusFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Dbus) Kind() Kind {
+	return DBUS
+}
+
+func (r *Dbus) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Dbus) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Dbus) Validate() error {
 	if err := validateValues(r.Kind(), "access", r.Access); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -125,15 +137,3 @@ func (r *Dbus) Merge(other Rule) bool {
 	}
 	return false
 }
-
-func (r *Dbus) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Dbus) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Dbus) Kind() Kind {
-	return DBUS
-}
--- a/pkg/aa/file.go
+++ b/pkg/aa/file.go
@ -103,6 +103,18 @@ func newFileFromLog(log map[string]string) Rule {
 	}
 }

+func (r *File) Kind() Kind {
+	return FILE
+}
+
+func (r *File) Constraint() constraint {
+	return blockKind
+}
+
+func (r *File) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *File) Validate() error {
 	return nil
 }
@ -144,18 +156,6 @@ func (r *File) Merge(other Rule) bool {
 	return false
 }

-func (r *File) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *File) Constraint() constraint {
-	return blockKind
-}
-
-func (r *File) Kind() Kind {
-	return FILE
-}
-
 type Link struct {
 	Base
 	Qualifier
@ -209,6 +209,18 @@ func newLinkFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Link) Kind() Kind {
+	return LINK
+}
+
+func (r *Link) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Link) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Link) Validate() error {
 	return nil
 }
@ -230,15 +242,3 @@ func (r *Link) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *Link) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Link) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Link) Kind() Kind {
-	return LINK
-}
--- a/pkg/aa/io_uring.go
+++ b/pkg/aa/io_uring.go
@ -45,6 +45,18 @@ func newIOUringFromLog(log map[string]string) Rule {
 	}
 }

+func (r *IOUring) Kind() Kind {
+	return IOURING
+}
+
+func (r *IOUring) Constraint() constraint {
+	return blockKind
+}
+
+func (r *IOUring) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *IOUring) Validate() error {
 	if err := validateValues(r.Kind(), "access", r.Access); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -76,15 +88,3 @@ func (r *IOUring) Merge(other Rule) bool {
 	}
 	return false
 }
-
-func (r *IOUring) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *IOUring) Constraint() constraint {
-	return blockKind
-}
-
-func (r *IOUring) Kind() Kind {
-	return IOURING
-}
--- a/pkg/aa/mount.go
+++ b/pkg/aa/mount.go
@ -120,6 +120,18 @@ func newMountFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Mount) Kind() Kind {
+	return MOUNT
+}
+
+func (r *Mount) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Mount) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Mount) Validate() error {
 	if err := r.MountConditions.Validate(); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -156,18 +168,6 @@ func (r *Mount) Merge(other Rule) bool {
 	return false
 }

-func (r *Mount) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Mount) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Mount) Kind() Kind {
-	return MOUNT
-}
-
 type Umount struct {
 	Base
 	Qualifier
@ -202,6 +202,18 @@ func newUmountFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Umount) Kind() Kind {
+	return UMOUNT
+}
+
+func (r *Umount) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Umount) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Umount) Validate() error {
 	if err := r.MountConditions.Validate(); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -234,18 +246,6 @@ func (r *Umount) Merge(other Rule) bool {
 	return false
 }

-func (r *Umount) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Umount) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Umount) Kind() Kind {
-	return UMOUNT
-}
-
 type Remount struct {
 	Base
 	Qualifier
@ -281,6 +281,18 @@ func newRemountFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Remount) Kind() Kind {
+	return REMOUNT
+}
+
+func (r *Remount) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Remount) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Remount) Validate() error {
 	if err := r.MountConditions.Validate(); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -312,15 +324,3 @@ func (r *Remount) Merge(other Rule) bool {
 	}
 	return false
 }
-
-func (r *Remount) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Remount) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Remount) Kind() Kind {
-	return REMOUNT
-}
--- a/pkg/aa/mqueue.go
+++ b/pkg/aa/mqueue.go
@ -73,6 +73,18 @@ func newMqueueFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Mqueue) Kind() Kind {
+	return MQUEUE
+}
+
+func (r *Mqueue) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Mqueue) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Mqueue) Validate() error {
 	if err := validateValues(r.Kind(), "access", r.Access); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -110,15 +122,3 @@ func (r *Mqueue) Merge(other Rule) bool {
 	}
 	return false
 }
-
-func (r *Mqueue) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Mqueue) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Mqueue) Kind() Kind {
-	return MQUEUE
-}
--- a/pkg/aa/network.go
+++ b/pkg/aa/network.go
@ -99,6 +99,18 @@ func newNetworkFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Network) Kind() Kind {
+	return NETWORK
+}
+
+func (r *Network) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Network) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Network) Validate() error {
 	if err := validateValues(r.Kind(), "domains", []string{r.Domain}); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -128,15 +140,3 @@ func (r *Network) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *Network) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Network) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Network) Kind() Kind {
-	return NETWORK
-}
--- a/pkg/aa/pivot_root.go
+++ b/pkg/aa/pivot_root.go
@ -50,6 +50,18 @@ func newPivotRootFromLog(log map[string]string) Rule {
 	}
 }

+func (r *PivotRoot) Kind() Kind {
+	return PIVOTROOT
+}
+
+func (r *PivotRoot) Constraint() constraint {
+	return blockKind
+}
+
+func (r *PivotRoot) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *PivotRoot) Validate() error {
 	return nil
 }
@ -67,15 +79,3 @@ func (r *PivotRoot) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *PivotRoot) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *PivotRoot) Constraint() constraint {
-	return blockKind
-}
-
-func (r *PivotRoot) Kind() Kind {
-	return PIVOTROOT
-}
--- a/pkg/aa/preamble.go
+++ b/pkg/aa/preamble.go
@ -29,24 +29,24 @@ func newComment(rule rule) (Rule, error) {
 	return &Comment{Base: base}, nil
 }

-func (r *Comment) Validate() error {
-	return nil
-}
-
-func (r *Comment) Compare(other Rule) int {
-	return 0 // Comments are always equal to each other as they are not compared
-}
-
-func (r *Comment) String() string {
-	return renderTemplate(r.Kind(), r)
+func (r *Comment) Kind() Kind {
+	return COMMENT
 }

 func (r *Comment) Constraint() constraint {
 	return anyKind
 }

-func (r *Comment) Kind() Kind {
-	return COMMENT
+func (r *Comment) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Comment) Validate() error {
+	return nil
+}
+
+func (r *Comment) Compare(other Rule) int {
+	return 0 // Comments are always equal to each other as they are not compared
 }

 type Abi struct {
@ -77,6 +77,18 @@ func newAbi(q Qualifier, rule rule) (Rule, error) {
 	}, nil
 }

+func (r *Abi) Kind() Kind {
+	return ABI
+}
+
+func (r *Abi) Constraint() constraint {
+	return preambleKind
+}
+
+func (r *Abi) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Abi) Validate() error {
 	return nil
 }
@ -89,18 +101,6 @@ func (r *Abi) Compare(other Rule) int {
 	return compare(r.IsMagic, o.IsMagic)
 }

-func (r *Abi) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Abi) Constraint() constraint {
-	return preambleKind
-}
-
-func (r *Abi) Kind() Kind {
-	return ABI
-}
-
 type Alias struct {
 	Base
 	Path          string
@ -121,6 +121,18 @@ func newAlias(q Qualifier, rule rule) (Rule, error) {
 	}, nil
 }

+func (r *Alias) Kind() Kind {
+	return ALIAS
+}
+
+func (r *Alias) Constraint() constraint {
+	return preambleKind
+}
+
+func (r *Alias) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Alias) Validate() error {
 	return nil
 }
@ -133,18 +145,6 @@ func (r *Alias) Compare(other Rule) int {
 	return compare(r.RewrittenPath, o.RewrittenPath)
 }

-func (r *Alias) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Alias) Constraint() constraint {
-	return preambleKind
-}
-
-func (r *Alias) Kind() Kind {
-	return ALIAS
-}
-
 type Include struct {
 	Base
 	IfExists bool
@ -184,6 +184,18 @@ func newInclude(rule rule) (Rule, error) {
 	}, nil
 }

+func (r *Include) Kind() Kind {
+	return INCLUDE
+}
+
+func (r *Include) Constraint() constraint {
+	return anyKind
+}
+
+func (r *Include) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Include) Validate() error {
 	return nil
 }
@ -206,18 +218,6 @@ func (r *Include) Compare(other Rule) int {
 	return compare(r.IfExists, o.IfExists)
 }

-func (r *Include) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Include) Constraint() constraint {
-	return anyKind
-}
-
-func (r *Include) Kind() Kind {
-	return INCLUDE
-}
-
 type Variable struct {
 	Base
 	Name   string
@ -252,19 +252,20 @@ func newVariable(rule rule) (Rule, error) {
 	}, nil
 }

-func (r *Variable) Validate() error {
-	return nil
+func (r *Variable) Kind() Kind {
+	return VARIABLE
 }

-func (r *Variable) Merge(other Rule) bool {
-	o, _ := other.(*Variable)
+func (r *Variable) Constraint() constraint {
+	return preambleKind
+}

-	if r.Name == o.Name && r.Define == o.Define {
-		r.Values = merge(r.Kind(), "access", r.Values, o.Values)
-		b := &r.Base
-		return b.merge(o.Base)
-	}
-	return false
+func (r *Variable) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
+func (r *Variable) Validate() error {
+	return nil
 }

 func (r *Variable) Compare(other Rule) int {
@ -278,14 +279,13 @@ func (r *Variable) Compare(other Rule) int {
 	return compare(r.Values, o.Values)
 }

-func (r *Variable) String() string {
-	return renderTemplate(r.Kind(), r)
-}
+func (r *Variable) Merge(other Rule) bool {
+	o, _ := other.(*Variable)

-func (r *Variable) Constraint() constraint {
-	return preambleKind
-}
-
-func (r *Variable) Kind() Kind {
-	return VARIABLE
+	if r.Name == o.Name && r.Define == o.Define {
+		r.Values = merge(r.Kind(), "access", r.Values, o.Values)
+		b := &r.Base
+		return b.merge(o.Base)
+	}
+	return false
 }
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@ -69,6 +69,18 @@ func newHeader(rule rule) (Header, error) {
 	}, nil
 }

+func (p *Profile) Kind() Kind {
+	return PROFILE
+}
+
+func (p *Profile) Constraint() constraint {
+	return blockKind
+}
+
+func (p *Profile) String() string {
+	return renderTemplate(p.Kind(), p)
+}
+
 func (r *Profile) Validate() error {
 	if err := validateValues(r.Kind(), tokFLAGS, r.Flags); err != nil {
 		return fmt.Errorf("profile %s: %w", r.Name, err)
@ -84,18 +96,6 @@ func (r *Profile) Compare(other Rule) int {
 	return compare(r.Attachments, o.Attachments)
 }

-func (p *Profile) String() string {
-	return renderTemplate(p.Kind(), p)
-}
-
-func (p *Profile) Constraint() constraint {
-	return blockKind
-}
-
-func (p *Profile) Kind() Kind {
-	return PROFILE
-}
-
 func (p *Profile) Merge(other Rule) bool {
 	slices.Sort(p.Flags)
 	p.Flags = slices.Compact(p.Flags)
--- a/pkg/aa/ptrace.go
+++ b/pkg/aa/ptrace.go
@ -47,6 +47,18 @@ func newPtraceFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Ptrace) Kind() Kind {
+	return PTRACE
+}
+
+func (r *Ptrace) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Ptrace) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Ptrace) Validate() error {
 	if err := validateValues(r.Kind(), "access", r.Access); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -78,15 +90,3 @@ func (r *Ptrace) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *Ptrace) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Ptrace) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Ptrace) Kind() Kind {
-	return PTRACE
-}
--- a/pkg/aa/rlimit.go
+++ b/pkg/aa/rlimit.go
@ -51,6 +51,18 @@ func newRlimitFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Rlimit) Kind() Kind {
+	return RLIMIT
+}
+
+func (r *Rlimit) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Rlimit) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Rlimit) Validate() error {
 	if err := validateValues(r.Kind(), "keys", []string{r.Key}); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -68,15 +80,3 @@ func (r *Rlimit) Compare(other Rule) int {
 	}
 	return compare(r.Value, o.Value)
 }
-
-func (r *Rlimit) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Rlimit) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Rlimit) Kind() Kind {
-	return RLIMIT
-}
--- a/pkg/aa/rules.go
+++ b/pkg/aa/rules.go
@ -37,12 +37,12 @@ func (k Kind) Tok() string {

 // Rule generic interface for all AppArmor rules
 type Rule interface {
+	Kind() Kind
+	Constraint() constraint
+	String() string
 	Validate() error
 	Compare(other Rule) int
 	Merge(other Rule) bool
-	String() string
-	Constraint() constraint
-	Kind() Kind
 }

 type Rules []Rule
--- a/pkg/aa/signal.go
+++ b/pkg/aa/signal.go
@ -67,6 +67,18 @@ func newSignalFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Signal) Kind() Kind {
+	return SIGNAL
+}
+
+func (r *Signal) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Signal) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Signal) Validate() error {
 	if err := validateValues(r.Kind(), "access", r.Access); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -109,15 +121,3 @@ func (r *Signal) Compare(other Rule) int {
 	}
 	return r.Qualifier.Compare(o.Qualifier)
 }
-
-func (r *Signal) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Signal) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Signal) Kind() Kind {
-	return SIGNAL
-}
--- a/pkg/aa/unix.go
+++ b/pkg/aa/unix.go
@ -70,6 +70,18 @@ func newUnixFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Unix) Kind() Kind {
+	return UNIX
+}
+
+func (r *Unix) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Unix) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Unix) Validate() error {
 	if err := validateValues(r.Kind(), "access", r.Access); err != nil {
 		return fmt.Errorf("%s: %w", r, err)
@ -124,15 +136,3 @@ func (r *Unix) Merge(other Rule) bool {
 	}
 	return false
 }
-
-func (r *Unix) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Unix) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Unix) Kind() Kind {
-	return UNIX
-}
--- a/pkg/aa/userns.go
+++ b/pkg/aa/userns.go
@ -42,6 +42,18 @@ func newUsernsFromLog(log map[string]string) Rule {
 	}
 }

+func (r *Userns) Kind() Kind {
+	return USERNS
+}
+
+func (r *Userns) Constraint() constraint {
+	return blockKind
+}
+
+func (r *Userns) String() string {
+	return renderTemplate(r.Kind(), r)
+}
+
 func (r *Userns) Validate() error {
 	return nil
 }
@ -59,15 +71,3 @@ func (r *Userns) Merge(other Rule) bool {
 	b := &r.Base
 	return b.merge(o.Base)
 }
-
-func (r *Userns) String() string {
-	return renderTemplate(r.Kind(), r)
-}
-
-func (r *Userns) Constraint() constraint {
-	return blockKind
-}
-
-func (r *Userns) Kind() Kind {
-	return USERNS
-}