diff --git a/cmd/flux/main_test.go b/cmd/flux/main_test.go index b97397ff..2859d963 100644 --- a/cmd/flux/main_test.go +++ b/cmd/flux/main_test.go @@ -182,7 +182,7 @@ func NewTestEnvKubeManager(testClusterMode TestClusterMode) (*testEnvKubeManager } tmpFilename := filepath.Join("/tmp", "kubeconfig-"+time.Nanosecond.String()) - os.WriteFile(tmpFilename, kubeConfig, 0644) + os.WriteFile(tmpFilename, kubeConfig, 0o600) k8sClient, err := client.NewWithWatch(cfg, client.Options{ Scheme: utils.NewScheme(), }) @@ -313,7 +313,7 @@ func assertGoldenTemplateFile(goldenFile string, templateValues map[string]strin if len(templateValues) > 0 { fmt.Println("NOTE: -update flag passed but golden template files can't be updated, please update it manually") } else { - if err := os.WriteFile(goldenFile, []byte(output), 0644); err != nil { + if err := os.WriteFile(goldenFile, []byte(output), 0o600); err != nil { return fmt.Errorf("failed to update golden file '%s': %v", goldenFile, err) } return nil diff --git a/internal/build/diff.go b/internal/build/diff.go index 0dd0d9a4..7714c6bb 100644 --- a/internal/build/diff.go +++ b/internal/build/diff.go @@ -168,13 +168,13 @@ func writeYamls(liveObject, mergedObject *unstructured.Unstructured) (string, st liveYAML, _ := yaml.Marshal(liveObject) liveFile := filepath.Join(tmpDir, "live.yaml") - if err := os.WriteFile(liveFile, liveYAML, 0644); err != nil { + if err := os.WriteFile(liveFile, liveYAML, 0o600); err != nil { return "", "", "", err } mergedYAML, _ := yaml.Marshal(mergedObject) mergedFile := filepath.Join(tmpDir, "merged.yaml") - if err := os.WriteFile(mergedFile, mergedYAML, 0644); err != nil { + if err := os.WriteFile(mergedFile, mergedYAML, 0o600); err != nil { return "", "", "", err } diff --git a/tests/integration/util_test.go b/tests/integration/util_test.go index 674c3b68..2f6b6a66 100644 --- a/tests/integration/util_test.go +++ b/tests/integration/util_test.go @@ -83,7 +83,7 @@ func installFlux(ctx context.Context, tmpDir string, kubeconfigPath string) erro if err != nil { return err } - err = os.WriteFile(f.Name(), []byte(cfg.gitPrivateKey), 0o644) + err = os.WriteFile(f.Name(), []byte(cfg.gitPrivateKey), 0o600) if err != nil { return err }