Fix code formatting and linting issues in PvCSI validation

anuj087 · anuj087 · commit 9d9dc5b00b49 · 2026-05-27T10:20:53.000+05:30
Address CI/CD pipeline failures by fixing:
- Remove trailing whitespace from lines 257, 261, 270, 310, 449, 461
- Break long lines exceeding 120 character limit:
  * Split long GitHub URL reference across multiple lines
  * Break long log message with colon injection warning
- Maintain code functionality while ensuring compliance with:
  * gofmt formatting standards
  * golangci-lint lll (line length) rules

These changes resolve make fmt and golangci-lint failures in the
fix_pvcsi_service_account_regex_vulnerability branch without
affecting the PvCSI service account validation logic.

Signed-off-by: ab002488 &lt;anuj.bansal@broadcom.com&gt;
diff --git a/pkg/syncer/admissionhandler/validate_cnsfileaccessconfig.go b/pkg/syncer/admissionhandler/validate_cnsfileaccessconfig.go
@@ -254,9 +254,9 @@ func isUserAllowedForDeletion(username string) (bool, error) {
 func validatePvCSIServiceAccount(username string) (bool, error) {
 	ctx := context.TODO()
 	log := logger.GetLogger(ctx)
-	
+
 	log.Infof("Validating PvCSI service account: username=%s", username)
-	
+
 	// Expected format: "system:serviceaccount:namespace:service-account-name"
 	// Parse the username to extract namespace and service account name
 	const prefix = "system:serviceaccount:"
@@ -268,7 +268,7 @@ func validatePvCSIServiceAccount(username string) (bool, error) {
 	remaining := strings.TrimPrefix(username, prefix)
 	parts := strings.Split(remaining, ":")
 	log.Infof("Parsed service account parts: %v (count: %d)", parts, len(parts))
-	
+
 	if len(parts) != 2 {
 		log.Infof("Invalid service account format - expected 2 parts, got %d, returning false", len(parts))
 		return false, nil
@@ -306,9 +306,9 @@ func validatePvCSIServiceAccount(username string) (bool, error) {
 func isExplicitPvCSIServiceAccount(namespace, serviceAccountName string) bool {
 	ctx := context.TODO()
 	log := logger.GetLogger(ctx)
-	
+
 	log.Infof("Checking explicit PvCSI service account: namespace=%s, serviceAccount=%s", namespace, serviceAccountName)
-	
+
 	switch namespace {
 	case "vmware-system-csi":
 		isExplicit := serviceAccountName == "vsphere-csi-controller" || serviceAccountName == "vsphere-csi-node"
@@ -336,7 +336,8 @@ func isExplicitPvCSIServiceAccount(namespace, serviceAccountName string) bool {
 //	    },
 //	}
 //
-// https://github-vcf.devops.broadcom.net/vcf/kubernetes-service/blob/0319c5f7c9a4300b0a97296e2b3ad6283fc6bae0/addons/controllers/csi/vspherecsiconfig_controller.go#L322-L331
+// Reference: https://github-vcf.devops.broadcom.net/vcf/kubernetes-service/blob/
+// 0319c5f7c9a4300b0a97296e2b3ad6283fc6bae0/addons/controllers/csi/vspherecsiconfig_controller.go#L322-L331
 func validateProviderServiceAccount(serviceAccountName string) (bool, error) {
 	ctx := context.TODO()
 
@@ -446,25 +447,26 @@ func validateGuestClusterPvCSIServiceAccount(namespace, serviceAccountName strin
 	// Extract cluster name from service account name
 	// Expected format: {cluster-name}-pvcsi
 	clusterNameFromSA := strings.TrimSuffix(serviceAccountName, "-pvcsi")
-	
+
 	// Validate cluster name doesn't contain colon (prevents colon injection)
 	if strings.Contains(clusterNameFromSA, ":") {
-		log.Warnf("Security: Rejected service account %s with colon injection attempt in namespace %s", serviceAccountName, namespace)
+		log.Warnf("Security: Rejected service account %s with colon injection attempt in namespace %s",
+			serviceAccountName, namespace)
 		return false, nil
 	}
 
 	// For guest cluster service accounts, we validate by checking if the service account
 	// follows the expected naming pattern and the namespace seems legitimate
 	// This is a more permissive validation than supervisor cluster validation
-	
+
 	// Basic validation: cluster name should be reasonable length and not empty
 	if len(clusterNameFromSA) == 0 || len(clusterNameFromSA) > 253 {
 		log.Debugf("Guest cluster service account has invalid cluster name length: %s", clusterNameFromSA)
 		return false, nil
 	}
 
 	// Log for audit purposes
-	log.Infof("Validated guest cluster PvCSI service account: %s in namespace %s (cluster: %s)", 
+	log.Infof("Validated guest cluster PvCSI service account: %s in namespace %s (cluster: %s)",
 		serviceAccountName, namespace, clusterNameFromSA)
 
 	return true, nil
