From 7d406a10edd8a7c7a600bf8a72659f8f31878883 Mon Sep 17 00:00:00 2001
From: Matt Pryor <matt@stackhpc.com>
Date: Wed, 1 Feb 2023 12:44:31 +0000
Subject: [PATCH] Move code behind a resource-specific annotation

Signed-off-by: Matt Pryor <matt@stackhpc.com>
---
 pkg/cache/references.go  | 16 ++++++++++------
 pkg/sync/common/types.go |  2 ++
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/pkg/cache/references.go b/pkg/cache/references.go
index 90412bf8d..da47467e9 100644
--- a/pkg/cache/references.go
+++ b/pkg/cache/references.go
@@ -10,6 +10,8 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/types"
 
+	synccommon "github.com/argoproj/gitops-engine/pkg/sync/common"
+	syncresource "github.com/argoproj/gitops-engine/pkg/sync/resource"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 )
 
@@ -20,15 +22,17 @@ func mightHaveInferredOwner(r *Resource) bool {
 
 func (c *clusterCache) resolveResourceReferences(un *unstructured.Unstructured) ([]metav1.OwnerReference, func(kube.ResourceKey) bool) {
 	var isInferredParentOf func(_ kube.ResourceKey) bool
-	allOwnerRefs := un.GetOwnerReferences()
+	ownerRefs := un.GetOwnerReferences()
 	gvk := un.GroupVersionKind()
 
-	// TODO: Put this behind a gate
-	ownerRefs := []metav1.OwnerReference{}
-	for _, ownerRef := range allOwnerRefs {
-		if ownerRef.Controller != nil && *ownerRef.Controller {
-			ownerRefs = append(ownerRefs, ownerRef)
+	if syncresource.HasAnnotationOption(un, synccommon.AnnotationSyncOptions, synccommon.SyncOptionControllerReferencesOnly) {
+		controllerOwnerRefs := []metav1.OwnerReference{}
+		for _, ownerRef := range un.GetOwnerReferences() {
+			if ownerRef.Controller != nil && *ownerRef.Controller {
+				controllerOwnerRefs = append(controllerOwnerRefs, ownerRef)
+			}
 		}
+		return controllerOwnerRefs, isInferredParentOf
 	}
 
 	switch {
diff --git a/pkg/sync/common/types.go b/pkg/sync/common/types.go
index bcff45b7a..5fa9c68d5 100644
--- a/pkg/sync/common/types.go
+++ b/pkg/sync/common/types.go
@@ -29,6 +29,8 @@ const (
 	SyncOptionReplace = "Replace=true"
 	// Sync option that enables use of --server-side flag instead of client-side
 	SyncOptionServerSideApply = "ServerSideApply=true"
+	// Sync option that means only controller owner references are respected
+	SyncOptionControllerReferencesOnly = "ControllerReferencesOnly=true"
 )
 
 type PermissionValidator func(un *unstructured.Unstructured, res *metav1.APIResource) error