From b5f1fd4675d6f487d8c552619aa6efe071a429fa Mon Sep 17 00:00:00 2001
From: Martin Weindel <martin.weindel@sap.com>
Date: Fri, 13 Dec 2024 07:52:18 +0100
Subject: [PATCH] introduce `dns.gardener.cloud/target-hard-ignore` annotation
 (#404)

* introduce `dns.gardener.cloud/target-hard-ignore` annotation

* remove finalizer on deletion for hard ignored entry
---
 pkg/dns/const.go                |  4 ++++
 pkg/dns/provider/state_entry.go | 31 +++++++++++++++++++++++--------
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/pkg/dns/const.go b/pkg/dns/const.go
index 1549fa38..ef1d4e01 100644
--- a/pkg/dns/const.go
+++ b/pkg/dns/const.go
@@ -32,4 +32,8 @@ const (
 
 	// AnnotationIgnore is an optional annotation for DNSEntries and source resources to ignore them on reconciliation.
 	AnnotationIgnore = ANNOTATION_GROUP + "/ignore"
+	// AnnotationHardIgnore is an optional annotation for a generated target DNSEntry to ignore it on reconciliation.
+	// This annotation is not propagated from source objects to the target DNSEntry.
+	// IMPORTANT NOTE: The entry is even ignored on deletion, so use with caution to avoid orphaned entries.
+	AnnotationHardIgnore = ANNOTATION_GROUP + "/target-hard-ignore"
 )
diff --git a/pkg/dns/provider/state_entry.go b/pkg/dns/provider/state_entry.go
index f998ed56..85c110ea 100644
--- a/pkg/dns/provider/state_entry.go
+++ b/pkg/dns/provider/state_entry.go
@@ -250,14 +250,19 @@ func (this *state) HandleUpdateEntry(logger logger.LogContext, op string, object
 		defer old.lock.Unlock()
 	}
 
-	if !object.IsDeleting() && object.GetAnnotations()[dns.AnnotationIgnore] == "true" {
-		_, err := object.ModifyStatus(func(data resources.ObjectData) (bool, error) {
-			status := &data.(*api.DNSEntry).Status
-			mod := utils.ModificationState{}
-			mod.AssureStringValue(&status.State, api.STATE_IGNORED)
-			mod.AssureStringPtrPtr(&status.Message, ptr.To("entry is ignored as annotated with "+dns.AnnotationIgnore))
-			return mod.IsModified(), nil
-		})
+	if ignored, annotation := ignoredByAnnotation(object); ignored {
+		var err error
+		if !object.IsDeleting() {
+			_, err = object.ModifyStatus(func(data resources.ObjectData) (bool, error) {
+				status := &data.(*api.DNSEntry).Status
+				mod := utils.ModificationState{}
+				mod.AssureStringValue(&status.State, api.STATE_IGNORED)
+				mod.AssureStringPtrPtr(&status.Message, ptr.To(fmt.Sprintf("entry is ignored as annotated with %s", annotation)))
+				return mod.IsModified(), nil
+			})
+		} else {
+			err = this.RemoveFinalizer(object)
+		}
 		if err != nil {
 			return reconcile.Delay(logger, err)
 		}
@@ -370,3 +375,13 @@ func (this *state) DeleteLookupJob(entryName resources.ObjectName) {
 func (this *state) UpsertLookupJob(entryName resources.ObjectName, results lookupAllResults, interval time.Duration) {
 	this.lookupProcessor.Upsert(entryName, results, interval)
 }
+
+func ignoredByAnnotation(object *dnsutils.DNSEntryObject) (bool, string) {
+	if !object.IsDeleting() && object.GetAnnotations()[dns.AnnotationIgnore] == "true" {
+		return true, dns.AnnotationIgnore
+	}
+	if object.GetAnnotations()[dns.AnnotationHardIgnore] == "true" {
+		return true, dns.AnnotationHardIgnore
+	}
+	return false, ""
+}