Make example work correctly

Signed-off-by: Nic Cope <[email protected]>

Author: negz

example/operation/README.md

@@ -0,0 +1,63 @@
+# Operations Example
+
+This example demonstrates using function-python with Crossplane Operations to
+check SSL certificate expiry for websites referenced in Kubernetes Ingress
+resources.
+
+## Files
+
+- `operation.yaml` - The Operation that checks certificate expiry
+- `functions.yaml` - Function definition for local development
+- `ingress.yaml` - Sample Ingress resource to check
+- `rbac.yaml` - RBAC permissions for Operations to access Ingress resources
+- `README.md` - This file
+
+## Testing
+
+Since Operations are runtime-only (they can't be statically rendered), you can
+test this example locally using the new `crossplane alpha render op` command.
+
+### Prerequisites
+
+1. Run the function in development mode:
+   ```bash
+   hatch run development
+   ```
+
+2. In another terminal, render the operation:
+   ```bash
+   crossplane alpha render op operation.yaml functions.yaml --required-resources . -r
+   ```
+
+The `-r` flag includes function results in the output, and
+`--required-resources .` tells the command to use the ingress.yaml file in this
+directory as the required resource.
+
+## What it does
+
+The Operation:
+
+1. **Reads the Ingress** resource specified in `requirements.requiredResources`
+2. **Extracts the hostname** from the Ingress rules (`google.com` in this
+   example)
+3. **Fetches the SSL certificate** for that hostname
+4. **Calculates expiry information** (days until expiration)
+5. **Annotates the Ingress** with certificate monitoring annotations
+6. **Returns status information** in the Operation's output field
+
+This pattern is useful for:
+- Certificate monitoring and alerting
+- Compliance checking
+- Automated certificate renewal workflows
+- Integration with monitoring tools that read annotations
+
+## Function Details
+
+The operation function (`operate()`) demonstrates key Operations patterns:
+
+- **Required Resources**: Accessing pre-populated resources via
+  `request.get_required_resources(req, "ingress")`
+- **Resource Updates**: Using `rsp.desired.resources` to update existing
+  resources
+- **Operation Output**: Using `rsp.output.update()` for monitoring data
+- **Server-side Apply**: Crossplane applies the changes with force ownership

example/operation/operation.yaml

@@ -23,9 +23,14 @@ spec:
         import socket
         from datetime import datetime
         
+        from crossplane.function import request, response
+
         def operate(req, rsp):
             # Get the Ingress resource
-            ingress = req.required_resources["ingress"].resource
+            ingress = request.get_required_resource(req, "ingress")
+            if not ingress:
+                response.set_output(rsp, {"error": "No ingress resource found"})
+                return
             
             # Extract hostname from Ingress rules
             hostname = ingress["spec"]["rules"][0]["host"]
@@ -41,6 +46,10 @@ spec:
             expiry_date = datetime.strptime(cert['notAfter'], '%b %d %H:%M:%S %Y %Z')
             days_until_expiry = (expiry_date - datetime.now()).days
             
+            # Add warning if certificate expires soon
+            if days_until_expiry < 30:
+                response.warning(rsp, f"Certificate for {hostname} expires in {days_until_expiry} days")
+            
             # Annotate the Ingress with certificate expiry info
             rsp.desired.resources["ingress"].resource.update({
                 "apiVersion": "networking.k8s.io/v1",
@@ -57,7 +66,7 @@ spec:
             })
             
             # Return results in operation output for monitoring
-            rsp.output.update({
+            response.set_output(rsp, {
                 "hostname": hostname,
                 "certificateExpires": cert['notAfter'],
                 "daysUntilExpiry": days_until_expiry,