From 3af0bfb4232d4b621a8a707445f609c66e932319 Mon Sep 17 00:00:00 2001
From: Frank Natividad <franknatividad@google.com>
Date: Mon, 13 Dec 2021 16:35:58 -0800
Subject: [PATCH 1/2] fix: do not cause a failure when encountering no bindings

---
 .../java/com/google/cloud/storage/PolicyHelper.java    |  6 ++----
 .../main/java/com/google/cloud/storage/Storage.java    |  7 +++++++
 .../com/google/cloud/storage/PolicyHelperTest.java     | 10 +++++++---
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java
index e198d853b..ca3e8bc31 100644
--- a/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java
+++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/PolicyHelper.java
@@ -34,8 +34,8 @@ class PolicyHelper {
   static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy apiPolicy) {
     Policy.Builder policyBuilder = Policy.newBuilder();
     List<Bindings> bindings = apiPolicy.getBindings();
+    ImmutableList.Builder<Binding> coreBindings = ImmutableList.builder();
     if (null != bindings && !bindings.isEmpty()) {
-      ImmutableList.Builder<Binding> coreBindings = ImmutableList.builder();
       for (Bindings binding : bindings) {
         Binding.Builder bindingBuilder = Binding.newBuilder();
         bindingBuilder.setRole(binding.getRole());
@@ -49,10 +49,8 @@ static Policy convertFromApiPolicy(com.google.api.services.storage.model.Policy
         }
         coreBindings.add(bindingBuilder.build());
       }
-      policyBuilder.setBindings(coreBindings.build());
-    } else {
-      throw new IllegalStateException("Missing required bindings.");
     }
+    policyBuilder.setBindings(coreBindings.build());
     return policyBuilder.setEtag(apiPolicy.getEtag()).setVersion(apiPolicy.getVersion()).build();
   }
 
diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
index 02bdb8dda..c347e72ac 100644
--- a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
+++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
@@ -3540,6 +3540,10 @@ HmacKeyMetadata updateHmacKeyState(
   /**
    * Gets the IAM policy for the provided bucket.
    *
+   * <p>It's possible for bindings to be empty and instead have permissions inherited through
+   * Project or Organization IAM Policies. To prevent corrupting policies when performing a {@code
+   * Storage.setIamPolicy}, the ETAG value is used to perform optimistic concurrency.
+   *
    * <p>Example of getting the IAM policy for a bucket.
    *
    * <pre>{@code
@@ -3556,6 +3560,9 @@ HmacKeyMetadata updateHmacKeyState(
   /**
    * Updates the IAM policy on the specified bucket.
    *
+   * <p>To prevent corrupting policies when performing a {@code Storage.setIamPolicy}, the ETAG
+   * value is used to perform optimistic concurrency.
+   *
    * <p>Example of updating the IAM policy on a bucket.
    *
    * <pre>{@code
diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java
index dd5c0f78a..a34538c11 100644
--- a/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java
+++ b/google-cloud-storage/src/test/java/com/google/cloud/storage/PolicyHelperTest.java
@@ -65,11 +65,15 @@ public void testEquivalence() {
     assertTrue(new ApiPolicyMatcher(apiPolicy).matches(actualApiPolicy));
   }
 
-  @Test(expected = IllegalStateException.class)
+  @Test
   public void testApiPolicyWithoutBinding() {
     List<Bindings> bindings = null;
     com.google.api.services.storage.model.Policy apiPolicy =
-        new com.google.api.services.storage.model.Policy().setBindings(bindings).setEtag(ETAG);
-    PolicyHelper.convertFromApiPolicy(apiPolicy);
+        new com.google.api.services.storage.model.Policy()
+            .setBindings(bindings)
+            .setEtag(ETAG)
+            .setVersion(1);
+    Policy policy = PolicyHelper.convertFromApiPolicy(apiPolicy);
+    assertEquals(policy.getBindings().size(), 0);
   }
 }

From 433bf22900ac300a90ab4effac9cead85d2f52c4 Mon Sep 17 00:00:00 2001
From: Frank Natividad <franknatividad@google.com>
Date: Tue, 14 Dec 2021 12:37:47 -0800
Subject: [PATCH 2/2] address javadoc feedback

---
 .../src/main/java/com/google/cloud/storage/Storage.java  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
index c347e72ac..211859945 100644
--- a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
+++ b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
@@ -3541,8 +3541,9 @@ HmacKeyMetadata updateHmacKeyState(
    * Gets the IAM policy for the provided bucket.
    *
    * <p>It's possible for bindings to be empty and instead have permissions inherited through
-   * Project or Organization IAM Policies. To prevent corrupting policies when performing a {@code
-   * Storage.setIamPolicy}, the ETAG value is used to perform optimistic concurrency.
+   * Project or Organization IAM Policies. To prevent corrupting policies when you update an IAM
+   * policy with {@code Storage.setIamPolicy}, the ETAG value is used to perform optimistic
+   * concurrency.
    *
    * <p>Example of getting the IAM policy for a bucket.
    *
@@ -3560,8 +3561,8 @@ HmacKeyMetadata updateHmacKeyState(
   /**
    * Updates the IAM policy on the specified bucket.
    *
-   * <p>To prevent corrupting policies when performing a {@code Storage.setIamPolicy}, the ETAG
-   * value is used to perform optimistic concurrency.
+   * <p>To prevent corrupting policies when you update an IAM policy with {@code
+   * Storage.setIamPolicy}, the ETAG value is used to perform optimistic concurrency.
    *
    * <p>Example of updating the IAM policy on a bucket.
    *