1 files changed, 92 insertions, 1 deletions

diff --git a/weed/filer/s3iam_conf_test.go b/weed/filer/s3iam_conf_test.go
index da7d9c9f1..bd9eb85ae 100644
--- a/weed/filer/s3iam_conf_test.go
+++ b/weed/filer/s3iam_conf_test.go
@@ -2,9 +2,10 @@ package filer
 
 import (
 	"bytes"
-	. "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
 	"testing"
 
+	. "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
+
 	"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
 
 	"github.com/stretchr/testify/assert"
@@ -55,3 +56,93 @@ func TestS3Conf(t *testing.T) {
 	assert.Equal(t, "some_access_key1", s3ConfSaved.Identities[0].Credentials[0].AccessKey)
 	assert.Equal(t, "some_secret_key2", s3ConfSaved.Identities[1].Credentials[0].SecretKey)
 }
+
+func TestCheckDuplicateAccessKey(t *testing.T) {
+	var tests = []struct {
+		s3cfg *iam_pb.S3ApiConfiguration
+		err   string
+	}{
+		{
+			&iam_pb.S3ApiConfiguration{
+				Identities: []*iam_pb.Identity{
+					{
+						Name: "some_name",
+						Credentials: []*iam_pb.Credential{
+							{
+								AccessKey: "some_access_key1",
+								SecretKey: "some_secret_key1",
+							},
+						},
+						Actions: []string{
+							ACTION_ADMIN,
+							ACTION_READ,
+							ACTION_WRITE,
+						},
+					},
+					{
+						Name: "some_read_only_user",
+						Credentials: []*iam_pb.Credential{
+							{
+								AccessKey: "some_access_key2",
+								SecretKey: "some_secret_key2",
+							},
+						},
+						Actions: []string{
+							ACTION_READ,
+							ACTION_TAGGING,
+							ACTION_LIST,
+						},
+					},
+				},
+			},
+			"",
+		},
+		{
+			&iam_pb.S3ApiConfiguration{
+				Identities: []*iam_pb.Identity{
+					{
+						Name: "some_name",
+						Credentials: []*iam_pb.Credential{
+							{
+								AccessKey: "some_access_key1",
+								SecretKey: "some_secret_key1",
+							},
+						},
+						Actions: []string{
+							ACTION_ADMIN,
+							ACTION_READ,
+							ACTION_WRITE,
+						},
+					},
+					{
+						Name: "some_read_only_user",
+						Credentials: []*iam_pb.Credential{
+							{
+								AccessKey: "some_access_key1",
+								SecretKey: "some_secret_key1",
+							},
+						},
+						Actions: []string{
+							ACTION_READ,
+							ACTION_TAGGING,
+							ACTION_LIST,
+						},
+					},
+				},
+			},
+			"duplicate accessKey[some_access_key1], already configured in user[some_name]",
+		},
+	}
+	for i, test := range tests {
+		err := CheckDuplicateAccessKey(test.s3cfg)
+		var errString string
+		if err == nil {
+			errString = ""
+		} else {
+			errString = err.Error()
+		}
+		if errString != test.err {
+			t.Errorf("[%d]: got: %s expected: %s", i, errString, test.err)
+		}
+	}
+}