feat: add CrossNamespaceObjectReference to GitRepositoryVerification

itzPranshul · itzPranshul · commit 843cdbd8857a · 2025-07-26T09:50:19.000+05:30
Signed-off-by: pranshul gupta &lt;pranshulg01@gmail.com&gt;
diff --git a/api/v1/gitrepository_types.go b/api/v1/gitrepository_types.go
@@ -218,6 +218,23 @@ type GitRepositoryRef struct {
 	Commit string `json:"commit,omitempty"`
 }
 
+// CrossNamespaceObjectReference allows referencing a Secret or ConfigMap
+// in another namespace.
+type CrossNamespaceObjectReference struct {
+    // Name of the Secret or ConfigMap.
+    // +kubebuilder:validation:MinLength=1
+    Name string `json:"name"`
+
+    // Namespace of the Secret or ConfigMap.
+    // +kubebuilder:validation:MinLength=1
+    Namespace string `json:"namespace"`
+
+    // Kind of the object being referenced: Secret or ConfigMap.
+    // +kubebuilder:validation:Enum=Secret;ConfigMap
+    Kind string `json:"kind"`
+}
+
+
 // GitRepositoryVerification specifies the Git commit signature verification
 // strategy.
 type GitRepositoryVerification struct {
@@ -235,6 +252,11 @@ type GitRepositoryVerification struct {
 	// authors.
 	// +required
 	SecretRef meta.LocalObjectReference `json:"secretRef"`
+
+	// PublicKeyRef allows referencing a Secret or ConfigMap in another namespace
+	// that contains the public key(s) for verification.
+	// +optional
+	PublicKeyRef *CrossNamespaceObjectReference `json:"publicKeyRef,omitempty"`
 }
 
 // GitRepositoryStatus records the observed state of a Git repository.
diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml b/config/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml
@@ -217,6 +217,31 @@ spec:
                     - Tag
                     - TagAndHEAD
                     type: string
+                  publicKeyRef:
+                    description: |-
+                      PublicKeyRef allows referencing a Secret or ConfigMap in another namespace
+                      that contains the public key(s) for verification.
+                    properties:
+                      kind:
+                        description: 'Kind of the object being referenced: Secret
+                          or ConfigMap.'
+                        enum:
+                        - Secret
+                        - ConfigMap
+                        type: string
+                      name:
+                        description: Name of the Secret or ConfigMap.
+                        minLength: 1
+                        type: string
+                      namespace:
+                        description: Namespace of the Secret or ConfigMap.
+                        minLength: 1
+                        type: string
+                    required:
+                    - kind
+                    - name
+                    - namespace
+                    type: object
                   secretRef:
                     description: |-
                       SecretRef specifies the Secret containing the public keys of trusted Git
