fix: delete working as expected

auth-agents-common/src/main/java/org/apache/atlas/plugin/model/RangerPolicyDelta.java

@@ -76,6 +76,9 @@ public RangerPolicyDelta(final Long id, final Integer changeType, final Long pol
     @JsonIgnore
     public String getPolicyGuid() { return policy != null ? policy.getGuid() : null; }
 
+    @JsonIgnore
+    public String getPolicyAtlasGuid() { return policy != null ? policy.getAtlasGuid() : null; }
+
     @JsonIgnore
     public String getZoneName() { return policy != null ? policy.getZoneName() : null; }
 

auth-agents-common/src/main/java/org/apache/atlas/plugin/util/ServicePolicies.java

@@ -397,14 +397,25 @@ static public TagPolicies copyHeader(TagPolicies source, String componentService
 		return ret;
 	}
 
+	private static Map<String, RangerPolicyDelta> fetchDeletedDeltaMap(List<RangerPolicyDelta> deltas) {
+		Map<String, RangerPolicyDelta> ret = new HashMap<>();
+		for (RangerPolicyDelta delta : deltas) {
+			if (delta.getChangeType() == RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE || delta.getChangeType() == RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE) {
+				ret.put(delta.getPolicyAtlasGuid(), delta);
+			}
+		}
+		return ret;
+	}
+
 	public static ServicePolicies applyDelta(final ServicePolicies servicePolicies, RangerPolicyEngineImpl policyEngine) {
 		ServicePolicies ret = copyHeader(servicePolicies);
 
 		List<RangerPolicy> oldResourcePolicies = policyEngine.getResourcePolicies();
 		List<RangerPolicy> oldTagPolicies      = policyEngine.getTagPolicies();
+		Map<String, RangerPolicyDelta> deletedDeltaMap = fetchDeletedDeltaMap(servicePolicies.getPolicyDeltas());
 
 		List<RangerPolicy> resourcePoliciesAfterDelete =
-				RangerPolicyDeltaUtil.deletePoliciesByDelta(oldResourcePolicies, servicePolicies.getDeleteDeltas());
+				RangerPolicyDeltaUtil.deletePoliciesByDelta(oldResourcePolicies, deletedDeltaMap);
 		List<RangerPolicy> newResourcePolicies =
 				RangerPolicyDeltaUtil.applyDeltas(resourcePoliciesAfterDelete, servicePolicies.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
 
@@ -416,7 +427,7 @@ public static ServicePolicies applyDelta(final ServicePolicies servicePolicies,
 				LOG.debug("applyingDeltas for tag policies");
 			}
 			List<RangerPolicy> tagPoliciesAfterDelete =
-					RangerPolicyDeltaUtil.deletePoliciesByDelta(oldTagPolicies, servicePolicies.getDeleteDeltas());
+					RangerPolicyDeltaUtil.deletePoliciesByDelta(oldTagPolicies, deletedDeltaMap);
 			newTagPolicies = RangerPolicyDeltaUtil.applyDeltas(tagPoliciesAfterDelete, servicePolicies.getPolicyDeltas(), servicePolicies.getTagPolicies().getServiceDef().getName());
 		} else {
 			if (LOG.isDebugEnabled()) {
@@ -433,6 +444,38 @@ public static ServicePolicies applyDelta(final ServicePolicies servicePolicies,
 			ret.getTagPolicies().setPolicies(newTagPolicies);
 		}
 
+		if (MapUtils.isNotEmpty(servicePolicies.getSecurityZones())) {
+			Map<String, SecurityZoneInfo> newSecurityZones = new HashMap<>();
+
+			for (Map.Entry<String, SecurityZoneInfo> entry : servicePolicies.getSecurityZones().entrySet()) {
+				String 			 zoneName = entry.getKey();
+				SecurityZoneInfo zoneInfo = entry.getValue();
+
+				List<RangerPolicy> zoneResourcePolicies = policyEngine.getResourcePolicies(zoneName);
+				// There are no separate tag-policy-repositories for each zone
+
+				if (LOG.isDebugEnabled()) {
+					LOG.debug("Applying deltas for security-zone:[" + zoneName + "]");
+				}
+
+				final List<RangerPolicy> newZonePolicies = RangerPolicyDeltaUtil.applyDeltas(zoneResourcePolicies, zoneInfo.getPolicyDeltas(), servicePolicies.getServiceDef().getName());
+
+				if (LOG.isDebugEnabled()) {
+					LOG.debug("New resource policies for security-zone:[" + zoneName + "], zoneResourcePolicies:[" + Arrays.toString(newZonePolicies.toArray())+ "]");
+				}
+
+				SecurityZoneInfo newZoneInfo = new SecurityZoneInfo();
+
+				newZoneInfo.setZoneName(zoneName);
+				newZoneInfo.setResources(zoneInfo.getResources());
+				newZoneInfo.setPolicies(newZonePolicies);
+
+				newSecurityZones.put(zoneName, newZoneInfo);
+			}
+
+			ret.setSecurityZones(newSecurityZones);
+		}
+
 		return ret;
 	}
 }

auth-agents-common/src/main/java/org/apache/atlas/policytransformer/CachePolicyTransformerImpl.java

@@ -143,7 +143,7 @@ public CachePolicyTransformerImpl(AtlasTypeRegistry typeRegistry) throws AtlasBa
 
         this.auditEventToDeltaChangeType = new HashMap<>();
         this.auditEventToDeltaChangeType.put(EntityAuditActionV2.ENTITY_CREATE, RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE);
-        this.auditEventToDeltaChangeType.put(EntityAuditActionV2.ENTITY_UPDATE, RangerPolicyDelta.CHANGE_TYPE_POLICY_CREATE);
+        this.auditEventToDeltaChangeType.put(EntityAuditActionV2.ENTITY_UPDATE, RangerPolicyDelta.CHANGE_TYPE_POLICY_UPDATE);
         this.auditEventToDeltaChangeType.put(EntityAuditActionV2.ENTITY_DELETE, RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE);
         this.auditEventToDeltaChangeType.put(EntityAuditActionV2.ENTITY_PURGE, RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE);
     }
@@ -177,8 +177,6 @@ public ServicePolicies getPoliciesDelta(String serviceName, Map<String, EntityAu
 
                 List<AtlasEntityHeader> atlasServicePolicies = allAtlasPolicies.stream().filter(x -> serviceName.equals(x.getAttribute(ATTR_POLICY_SERVICE_NAME))).collect(Collectors.toList());
                 List<RangerPolicyDelta> policiesDelta = getRangerPolicyDelta(service, policyChanges, atlasServicePolicies);
-                Map<String, RangerPolicyDelta> deletedPolicyDeltas = getRangerPolicyDeleteDelta(service, policyChanges);
-                servicePolicies.setDeleteDeltas(deletedPolicyDeltas);
 
                 // Process tag based policies
                 String tagServiceName = (String) service.getAttribute(ATTR_SERVICE_TAG_SERVICE);
@@ -296,42 +294,6 @@ private List<RangerPolicy> getServicePolicies(AtlasEntityHeader service, int bat
         return servicePolicies;
     }
 
-    private Map<String, RangerPolicyDelta> getRangerPolicyDeleteDelta(AtlasEntityHeader service, Map<String, EntityAuditActionV2> policyChanges) {
-        String serviceName = (String) service.getAttribute("name");
-        String serviceType = (String) service.getAttribute("authServiceType");
-        Map<String, RangerPolicyDelta> policyDeltas = new HashMap<>();
-        if (policyChanges.isEmpty()) {
-            return policyDeltas;
-        }
-
-        Iterator<Map.Entry<String, EntityAuditActionV2>> iterator = policyChanges.entrySet().iterator();
-        while (iterator.hasNext()) {
-            Map.Entry<String, EntityAuditActionV2> entry = iterator.next();
-            String policyGuid = entry.getKey();
-            EntityAuditActionV2 policyChange = entry.getValue();
-
-            if (policyChange == EntityAuditActionV2.ENTITY_UPDATE || policyChange == EntityAuditActionV2.ENTITY_DELETE
-                    || policyChange == EntityAuditActionV2.ENTITY_PURGE) {
-                RangerPolicy atlasDeletedPolicy = new RangerPolicy();
-                atlasDeletedPolicy.setGuid(policyGuid);
-                atlasDeletedPolicy.setService(serviceName);
-                atlasDeletedPolicy.setServiceType(serviceType);
-
-                policyDeltas.put(policyGuid, new RangerPolicyDelta(atlasDeletedPolicy.getId(),
-                        RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE,
-                        atlasDeletedPolicy.getVersion(),
-                        atlasDeletedPolicy));
-            }
-
-            if (policyChange == EntityAuditActionV2.ENTITY_DELETE || policyChange == EntityAuditActionV2.ENTITY_PURGE) {
-                iterator.remove(); // Remove for ENTITY_DELETE and ENTITY_PURGE
-            }
-        }
-
-        return  policyDeltas;
-    }
-
-
     private List<RangerPolicyDelta> getRangerPolicyDelta(AtlasEntityHeader service, Map<String, EntityAuditActionV2> policyChanges, List<AtlasEntityHeader> atlasPolicies) throws AtlasBaseException, IOException {
         String serviceName = (String) service.getAttribute("name");
         String serviceType = (String) service.getAttribute("authServiceType");
@@ -342,6 +304,8 @@ private List<RangerPolicyDelta> getRangerPolicyDelta(AtlasEntityHeader service,
             return policyDeltas;
         }
 
+        ArrayList<String> policyGuids = new ArrayList<>(policyChanges.keySet());
+
         List<RangerPolicy> rangerPolicies = new ArrayList<>();
         if (CollectionUtils.isNotEmpty(atlasPolicies)) {
             rangerPolicies = transformAtlasPoliciesToRangerPolicies(atlasPolicies, serviceType, serviceName);
@@ -353,6 +317,29 @@ private List<RangerPolicyDelta> getRangerPolicyDelta(AtlasEntityHeader service,
             policyDeltas.add(delta);
         }
 
+        // handle delete changes separately as they won't be present in atlas policies
+        List<RangerPolicyDelta> deletedPolicyDeltas = new ArrayList<>();
+        for (String policyGuid : policyGuids) {
+            int deltaChangeType = auditEventToDeltaChangeType.get(policyChanges.get(policyGuid));
+            if (deltaChangeType == RangerPolicyDelta.CHANGE_TYPE_POLICY_DELETE) {
+                RangerPolicy deletedPolicy = new RangerPolicy();
+                deletedPolicy.setGuid(policyGuid);
+                deletedPolicy.setService(serviceName);
+                deletedPolicy.setServiceType(serviceType);
+                RangerPolicyDelta deletedPolicyDelta = new RangerPolicyDelta(
+                        deletedPolicy.getId(),
+                        deltaChangeType,
+                        deletedPolicy.getVersion(),
+                        deletedPolicy
+                );
+                deletedPolicyDeltas.add(deletedPolicyDelta);
+            }
+        }
+
+        policyDeltas.addAll(deletedPolicyDeltas);
+
+        LOG.info("PolicyDelta: {}: atlas policies found={}, delta created={}, including deleted policies={}",
+                serviceName, atlasPolicies.size(), policyDeltas.size(), deletedPolicyDeltas.size());
         RequestContext.get().endMetricRecord(recorder);
 
         return policyDeltas;