in services/library/src/main/java/com/google/cloud/pso/bq_pii_classifier/functions/tagger/Tagger.java [188:281]
private TableFieldSchema updateFieldPolicyTags(TableFieldSchema field,
String fieldLkpName,
TableSpec tableSpec,
Map<String, PolicyTagInfo> fieldsToPolicyTagsMap,
Set<String> app_managed_taxonomies,
Boolean isDryRun,
String trackingId,
List<TagHistoryLogEntry> policyUpdateLogs
) {
if (fieldsToPolicyTagsMap.containsKey(fieldLkpName)) {
String newPolicyTagId = fieldsToPolicyTagsMap.get(fieldLkpName).getPolicyTagId().trim();
PolicyTags fieldPolicyTags = field.getPolicyTags();
// if no policy exists on the field, attach one
if (fieldPolicyTags == null) {
// update the field with policy tag
fieldPolicyTags = new PolicyTags().setNames(Arrays.asList(newPolicyTagId));
field.setPolicyTags(fieldPolicyTags);
TagHistoryLogEntry log = new TagHistoryLogEntry(
tableSpec,
fieldLkpName,
"",
newPolicyTagId,
isDryRun ? ColumnTaggingAction.DRY_RUN_CREATE : ColumnTaggingAction.CREATE,
"",
Level.INFO
);
policyUpdateLogs.add(log);
} else {
String existingPolicyTagId = fieldPolicyTags.getNames().get(0).trim();
// overwrite policy tag if it belongs to the same taxonomy only
String existingTaxonomy = Utils.extractTaxonomyIdFromPolicyTagId(existingPolicyTagId);
String newTaxonomy = Utils.extractTaxonomyIdFromPolicyTagId(newPolicyTagId);
// update existing tags only if they belong to the security classifier application.
// Don't overwrite manually created taxonomies
if (app_managed_taxonomies.contains(existingTaxonomy)) {
if (existingPolicyTagId.equals(newPolicyTagId)) {
// policy tag didn't change
TagHistoryLogEntry log = new TagHistoryLogEntry(
tableSpec,
fieldLkpName,
existingPolicyTagId,
newPolicyTagId,
isDryRun ? ColumnTaggingAction.DRY_RUN_NO_CHANGE : ColumnTaggingAction.NO_CHANGE,
"Existing policy tag is the same as newly computed tag.",
Level.INFO
);
policyUpdateLogs.add(log);
} else {
// update the field with a new policy tag
fieldPolicyTags.setNames(Arrays.asList(newPolicyTagId));
TagHistoryLogEntry log = new TagHistoryLogEntry(
tableSpec,
fieldLkpName,
existingPolicyTagId,
newPolicyTagId,
isDryRun ? ColumnTaggingAction.DRY_RUN_OVERWRITE : ColumnTaggingAction.OVERWRITE,
"",
Level.INFO
);
policyUpdateLogs.add(log);
}
} else {
// if new taxonomy doesn't belong to the BQ security classifier app (e.g. manually created)
TagHistoryLogEntry log = new TagHistoryLogEntry(
tableSpec,
fieldLkpName,
existingPolicyTagId,
newPolicyTagId,
isDryRun ? ColumnTaggingAction.DRY_RUN_KEEP_EXISTING : ColumnTaggingAction.KEEP_EXISTING,
"Can't overwrite tags that are not crated/managed by the application. The existing taxonomy is created by another app/user",
Level.WARN
);
policyUpdateLogs.add(log);
}
}
}
return field;
}