Merge pull request #1179 from JackDanger/jack/supporting-signed-urls-for-private-keys

supporting signed urls for private keys

moto/s3/responses.py

@@ -547,8 +547,14 @@ class ResponseObject(_TemplateEnvironmentMixin):
         # ACL and checking for the mere presence of an Authorization
         # header.
         if 'Authorization' not in request.headers:
+            if hasattr(request, 'url'):
+                signed_url = 'Signature=' in request.url
+            elif hasattr(request, 'requestline'):
+                signed_url = 'Signature=' in request.path
             key = self.backend.get_key(bucket_name, key_name)
-            if key and not key.acl.public_read:
+
+            if key:
+                if not key.acl.public_read and not signed_url:
                     return 403, {}, ""
 
         if hasattr(request, 'body'):

tests/test_s3/test_s3.py

@@ -884,6 +884,10 @@ def test_s3_object_in_public_bucket():
         s3_anonymous.Object(key='file.txt', bucket_name='test-bucket').get()
     exc.exception.response['Error']['Code'].should.equal('403')
 
+    params = {'Bucket': 'test-bucket','Key': 'file.txt'}
+    presigned_url = boto3.client('s3').generate_presigned_url('get_object', params, ExpiresIn=900)
+    response = requests.get(presigned_url)
+    assert response.status_code == 200
 
 @mock_s3
 def test_s3_object_in_private_bucket():