address review comments

Author: SriramGuduri

examples/src/main/java/com/salesforce/multicloudj/iam/Main.java

@@ -37,7 +37,7 @@ public class Main {
   private static final String REGION = "us-central-1";
   private static final String TENANT_ID = "projects/substrate-sdk-gcp-poc1";
   private static final String SERVICE_ACCOUNT =
-      "serviceAccount:chameleon@substrate-sdk-gcp-poc1.iam.gserviceaccount.com";
+      "serviceAccount:multicloudjexample@substrate-sdk-gcp-poc1.iam.gserviceaccount.com";
 
   // Demo settings
   private static final BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

iam/iam-aws/src/main/java/com/salesforce/multicloudj/iam/aws/AwsIam.java

@@ -1,5 +1,7 @@
 package com.salesforce.multicloudj.iam.aws;
 
+import static com.salesforce.multicloudj.iam.aws.AwsIamPolicyTranslator.translateToAwsPolicy;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -355,7 +357,7 @@ protected void doAttachInlinePolicy(AttachInlinePolicyRequest request) {
     }
 
     String roleName = request.getIdentityName();
-    String policyDocumentJson = buildInlinePolicyDocumentJson(request.getPolicyDocument());
+    String policyDocumentJson = translateToAwsPolicy(request.getPolicyDocument());
 
     PutRolePolicyRequest awsRequest =
         PutRolePolicyRequest.builder()
@@ -367,47 +369,6 @@ protected void doAttachInlinePolicy(AttachInlinePolicyRequest request) {
     this.iamClient.putRolePolicy(awsRequest);
   }
 
-  private static String buildInlinePolicyDocumentJson(PolicyDocument policyDocument) {
-    String version = policyDocument.getVersion();
-    if (StringUtils.isBlank(version)) {
-      version = POLICY_VERSION;
-    }
-    Map<String, Object> doc = new LinkedHashMap<>();
-    doc.put("Version", version);
-
-    List<Map<String, Object>> awsStatements = new ArrayList<>();
-    for (Statement stmt : policyDocument.getStatements()) {
-      Map<String, Object> awsStmt = new LinkedHashMap<>();
-      awsStmt.put("Effect", stmt.getEffect());
-
-      List<String> actions = stmt.getActionsAsStrings();
-      if (actions != null && !actions.isEmpty()) {
-        awsStmt.put("Action", actions);
-      }
-      if (StringUtils.isNotBlank(stmt.getSid())) {
-        awsStmt.put("Sid", stmt.getSid());
-      }
-      if (stmt.getResources() != null && !stmt.getResources().isEmpty()) {
-        awsStmt.put("Resource", stmt.getResources());
-      }
-      if (stmt.getConditions() != null && !stmt.getConditions().isEmpty()) {
-        awsStmt.put("Condition", stmt.getConditions());
-      }
-      if (stmt.getPrincipals() != null && !stmt.getPrincipals().isEmpty()) {
-        awsStmt.put("Principal", stmt.getPrincipals());
-      }
-
-      awsStatements.add(awsStmt);
-    }
-    doc.put("Statement", awsStatements);
-
-    try {
-      return OBJECT_MAPPER.writeValueAsString(doc);
-    } catch (JsonProcessingException e) {
-      throw new InvalidArgumentException("Failed to serialize inline policy document", e);
-    }
-  }
-
   /**
    * Get inline policy document attached to an IAM role.
    *

iam/iam-aws/src/main/java/com/salesforce/multicloudj/iam/aws/AwsIamPolicyTranslator.java

@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.salesforce.multicloudj.common.exceptions.InvalidArgumentException;
 import com.salesforce.multicloudj.common.exceptions.SubstrateSdkException;
 import com.salesforce.multicloudj.iam.model.Action;
 import com.salesforce.multicloudj.iam.model.ComputeActions;
@@ -15,6 +16,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * Translates substrate-neutral PolicyDocument to AWS IAM policy format.
@@ -89,6 +91,7 @@ public class AwsIamPolicyTranslator {
           Map.entry(ConditionOperator.BOOL, "Bool"),
           Map.entry(ConditionOperator.IP_ADDRESS, "IpAddress"),
           Map.entry(ConditionOperator.NOT_IP_ADDRESS, "NotIpAddress"));
+  public static final String DEFAULT_VERSION = "2012-10-17";
 
   /**
    * Translates a substrate-neutral PolicyDocument to AWS IAM policy JSON string.
@@ -99,7 +102,12 @@ public class AwsIamPolicyTranslator {
    */
   public static String translateToAwsPolicy(PolicyDocument policyDocument) {
     Map<String, Object> awsPolicy = new LinkedHashMap<>();
-    awsPolicy.put("Version", policyDocument.getVersion());
+    // Default to AWS IAM policy version if not provided
+    String version =
+        StringUtils.isNotBlank(policyDocument.getVersion())
+            ? policyDocument.getVersion()
+            : DEFAULT_VERSION;
+    awsPolicy.put("Version", version);
 
     List<Map<String, Object>> awsStatements = new ArrayList<>();
     for (Statement statement : policyDocument.getStatements()) {
@@ -122,19 +130,25 @@ public static String translateToAwsPolicy(PolicyDocument policyDocument) {
    * @throws SubstrateSdkException if translation fails
    */
   private static Map<String, Object> translateStatement(Statement statement) {
+    if (statement.getEffect() == null) {
+      throw new InvalidArgumentException("Effect is required for AWS IAM policy statement");
+    }
+
     Map<String, Object> awsStatement = new LinkedHashMap<>();
 
     // Add Sid if present
-    if (statement.getSid() != null && !statement.getSid().isEmpty()) {
-      awsStatement.put("Sid", statement.getSid());
+    String sid = statement.getSid();
+    if (StringUtils.isNotBlank(sid)) {
+      awsStatement.put("Sid", sid);
     }
 
     // Add Effect
     awsStatement.put("Effect", statement.getEffect().getValue());
 
     // Translate and add Principals if present
-    if (statement.getPrincipals() != null && !statement.getPrincipals().isEmpty()) {
-      awsStatement.put("Principal", translatePrincipals(statement.getPrincipals()));
+    List<String> principals = statement.getPrincipals();
+    if (principals != null && !principals.isEmpty()) {
+      awsStatement.put("Principal", translatePrincipals(principals));
     }
 
     // Translate and add Actions
@@ -191,7 +205,7 @@ private static String translateAction(Action action) {
         case "iam":
           return "iam:*";
         default:
-          throw new SubstrateSdkException(
+          throw new InvalidArgumentException(
               "Unknown substrate-neutral service for wildcard action: "
                   + action.toActionString()
                   + ". "
@@ -202,7 +216,7 @@ private static String translateAction(Action action) {
     // Handle specific actions
     String awsAction = ACTION_MAPPINGS.get(action);
     if (awsAction == null) {
-      throw new SubstrateSdkException(
+      throw new InvalidArgumentException(
           "Unknown substrate-neutral action: "
               + action.toActionString()
               + ". "
@@ -239,7 +253,7 @@ private static String translateResource(String resource) {
       return resource;
     }
 
-    throw new SubstrateSdkException(
+    throw new InvalidArgumentException(
         "Unknown resource format: "
             + resource
             + ". "
@@ -292,7 +306,7 @@ private static Map<String, Map<String, Object>> translateConditions(
       String awsOperator = CONDITION_MAPPINGS.get(operator);
 
       if (awsOperator == null) {
-        throw new SubstrateSdkException(
+        throw new InvalidArgumentException(
             "Unsupported condition operator: "
                 + operator.getValue()
                 + ". "

iam/iam-aws/src/test/java/com/salesforce/multicloudj/iam/aws/AwsIamPolicyTranslatorTest.java

@@ -6,9 +6,12 @@
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.salesforce.multicloudj.common.exceptions.InvalidArgumentException;
 import com.salesforce.multicloudj.common.exceptions.SubstrateSdkException;
 import com.salesforce.multicloudj.iam.model.Action;
 import com.salesforce.multicloudj.iam.model.ComputeActions;
@@ -317,9 +320,9 @@ void testTranslateUnknownActionThrowsException() {
                     .build())
             .build();
 
-    SubstrateSdkException exception =
+    InvalidArgumentException exception =
         assertThrows(
-            SubstrateSdkException.class,
+            InvalidArgumentException.class,
             () -> {
               AwsIamPolicyTranslator.translateToAwsPolicy(policy);
             });
@@ -340,9 +343,9 @@ void testTranslateInvalidResourceFormatThrowsException() {
                     .build())
             .build();
 
-    SubstrateSdkException exception =
+    InvalidArgumentException exception =
         assertThrows(
-            SubstrateSdkException.class,
+            InvalidArgumentException.class,
             () -> {
               AwsIamPolicyTranslator.translateToAwsPolicy(policy);
             });
@@ -534,9 +537,9 @@ void testTranslateUnknownWildcardServiceThrowsException() {
                     .build())
             .build();
 
-    SubstrateSdkException exception =
+    InvalidArgumentException exception =
         assertThrows(
-            SubstrateSdkException.class,
+            InvalidArgumentException.class,
             () -> {
               AwsIamPolicyTranslator.translateToAwsPolicy(policy);
             });
@@ -575,4 +578,70 @@ void testTranslateMultipleWildcardActions() throws Exception {
     assertEquals("ec2:*", actions.get(1).asText());
     assertEquals("iam:*", actions.get(2).asText());
   }
+
+  @Test
+  void testTranslateWithNullVersionDefaultsToAwsVersion() throws Exception {
+    PolicyDocument policy =
+        PolicyDocument.builder()
+            .statement(
+                Statement.builder().effect(Effect.ALLOW).action(StorageActions.GET_OBJECT).build())
+            .build();
+
+    String awsPolicy = AwsIamPolicyTranslator.translateToAwsPolicy(policy);
+    JsonNode policyJson = OBJECT_MAPPER.readTree(awsPolicy);
+
+    assertEquals("2012-10-17", policyJson.get("Version").asText());
+  }
+
+  @Test
+  void testTranslateWithBlankVersionDefaultsToAwsVersion() throws Exception {
+    PolicyDocument policy =
+        PolicyDocument.builder()
+            .version("")
+            .statement(
+                Statement.builder().effect(Effect.ALLOW).action(StorageActions.GET_OBJECT).build())
+            .build();
+
+    String awsPolicy = AwsIamPolicyTranslator.translateToAwsPolicy(policy);
+    JsonNode policyJson = OBJECT_MAPPER.readTree(awsPolicy);
+
+    assertEquals("2012-10-17", policyJson.get("Version").asText());
+  }
+
+  @Test
+  void testTranslateWithCustomVersionPreservesIt() throws Exception {
+    PolicyDocument policy =
+        PolicyDocument.builder()
+            .version("2008-10-17")
+            .statement(
+                Statement.builder().effect(Effect.ALLOW).action(StorageActions.GET_OBJECT).build())
+            .build();
+
+    String awsPolicy = AwsIamPolicyTranslator.translateToAwsPolicy(policy);
+    JsonNode policyJson = OBJECT_MAPPER.readTree(awsPolicy);
+
+    assertEquals("2008-10-17", policyJson.get("Version").asText());
+  }
+
+  @Test
+  void testTranslateNullEffectThrowsException() {
+    Statement mockStatement = mock(Statement.class);
+    when(mockStatement.getEffect()).thenReturn(null);
+    when(mockStatement.getActions())
+        .thenReturn(java.util.Collections.singletonList(StorageActions.GET_OBJECT));
+    
+    PolicyDocument policy =
+        PolicyDocument.builder()
+            .statement(mockStatement)
+            .build();
+
+    InvalidArgumentException exception =
+        assertThrows(
+            InvalidArgumentException.class,
+            () -> {
+              AwsIamPolicyTranslator.translateToAwsPolicy(policy);
+            });
+
+    assertEquals("Effect is required for AWS IAM policy statement", exception.getMessage());
+  }
 }