From 6986b0bbf35946c9bb8854517bc0b73e48e4cde6 Mon Sep 17 00:00:00 2001
From: liuwei <liuweixa@redhat.com>
Date: Tue, 6 Oct 2020 14:16:02 +0800
Subject: [PATCH] add write access for hub kubeconfig file

---
 pkg/spoke/hubclientcert/secret_controller.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/spoke/hubclientcert/secret_controller.go b/pkg/spoke/hubclientcert/secret_controller.go
index 4a6bf3b18..f5673dd8a 100644
--- a/pkg/spoke/hubclientcert/secret_controller.go
+++ b/pkg/spoke/hubclientcert/secret_controller.go
@@ -100,7 +100,7 @@ func (s *hubKubeconfigSecretController) sync(ctx context.Context, syncCtx factor
 func writeConfigFile(filename string, data []byte, recorder events.Recorder) error {
 	lastData, err := ioutil.ReadFile(path.Clean(filename))
 	if os.IsNotExist(err) {
-		if err := ioutil.WriteFile(path.Clean(filename), data, 0400); err != nil {
+		if err := ioutil.WriteFile(path.Clean(filename), data, 0600); err != nil {
 			return err
 		}
 		recorder.Event("HubKubeConfigFileCreated", fmt.Sprintf("Hub config file %q is created from hub kubeconfig secret", filename))
@@ -114,7 +114,7 @@ func writeConfigFile(filename string, data []byte, recorder events.Recorder) err
 		return nil
 	}
 
-	if err := ioutil.WriteFile(path.Clean(filename), data, 0400); err != nil {
+	if err := ioutil.WriteFile(path.Clean(filename), data, 0600); err != nil {
 		return err
 	}