crossplane-contrib
diff --git a/‎example/README.md‎ ‎example/composition/README.md‎example/README.md renamed to example/composition/README.md b/‎example/README.md‎ ‎example/composition/README.md‎example/README.md renamed to example/composition/README.md
diff --git a/‎example/composition.yaml‎ ‎example/composition/composition.yaml‎example/composition.yaml renamed to example/composition/composition.yaml b/‎example/composition.yaml‎ ‎example/composition/composition.yaml‎example/composition.yaml renamed to example/composition/composition.yaml
diff --git a/‎example/functions.yaml‎ ‎example/composition/functions.yaml‎example/functions.yaml renamed to example/composition/functions.yaml b/‎example/functions.yaml‎ ‎example/composition/functions.yaml‎example/functions.yaml renamed to example/composition/functions.yaml
diff --git a/‎example/xr.yaml‎ ‎example/composition/xr.yaml‎example/xr.yaml renamed to example/composition/xr.yaml b/‎example/xr.yaml‎ ‎example/composition/xr.yaml‎example/xr.yaml renamed to example/composition/xr.yaml
diff --git a/‎example/operation/functions.yaml‎
Lines changed: 11 additions & 0 deletions b/‎example/operation/functions.yaml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎example/operation/ingress.yaml‎
Lines changed: 17 additions & 0 deletions b/‎example/operation/ingress.yaml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎example/operation/operation.yaml‎
Lines changed: 65 additions & 0 deletions b/‎example/operation/operation.yaml‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎example/operation/rbac.yaml‎
Lines changed: 11 additions & 0 deletions b/‎example/operation/rbac.yaml‎
Lines changed: 11 additions & 0 deletions
@@ -0,0 +1,11 @@
+---
+apiVersion: pkg.crossplane.io/v1beta1
+kind: Function
+metadata:
+  name: function-python
+  annotations:
+    # This tells crossplane beta render to connect to the function locally.
+    render.crossplane.io/runtime: Development
+spec:
+  # This is ignored when using the Development runtime.
+  package: function-python
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: example-ingress
+  namespace: default
+spec:
+  rules:
+  - host: google.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: example-service
+            port:
+              number: 80
@@ -0,0 +1,65 @@
+apiVersion: ops.crossplane.io/v1alpha1
+kind: Operation
+metadata:
+  name: check-cert-expiry
+spec:
+  mode: Pipeline
+  pipeline:
+  - step: check-certificate
+    functionRef:
+      name: function-python
+    requirements:
+      requiredResources:
+      - requirementName: ingress
+        apiVersion: networking.k8s.io/v1
+        kind: Ingress
+        name: example-ingress
+        namespace: default
+    input:
+      apiVersion: python.fn.crossplane.io/v1beta1
+      kind: Script
+      script: |
+        import ssl
+        import socket
+        from datetime import datetime
+        
+        def operate(req, rsp):
+            # Get the Ingress resource
+            ingress = req.required_resources["ingress"].resource
+            
+            # Extract hostname from Ingress rules
+            hostname = ingress["spec"]["rules"][0]["host"]
+            port = 443
+            
+            # Get SSL certificate info
+            context = ssl.create_default_context()
+            with socket.create_connection((hostname, port)) as sock:
+                with context.wrap_socket(sock, server_hostname=hostname) as ssock:
+                    cert = ssock.getpeercert()
+            
+            # Parse expiration date
+            expiry_date = datetime.strptime(cert['notAfter'], '%b %d %H:%M:%S %Y %Z')
+            days_until_expiry = (expiry_date - datetime.now()).days
+            
+            # Annotate the Ingress with certificate expiry info
+            rsp.desired.resources["ingress"].resource.update({
+                "apiVersion": "networking.k8s.io/v1",
+                "kind": "Ingress",
+                "metadata": {
+                    "name": ingress["metadata"]["name"],
+                    "namespace": ingress["metadata"]["namespace"],
+                    "annotations": {
+                        "cert-monitor.crossplane.io/expires": cert['notAfter'],
+                        "cert-monitor.crossplane.io/days-until-expiry": str(days_until_expiry),
+                        "cert-monitor.crossplane.io/status": "warning" if days_until_expiry < 30 else "ok"
+                    }
+                }
+            })
+            
+            # Return results in operation output for monitoring
+            rsp.output.update({
+                "hostname": hostname,
+                "certificateExpires": cert['notAfter'],
+                "daysUntilExpiry": days_until_expiry,
+                "status": "warning" if days_until_expiry < 30 else "ok"
+            })
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: operation-ingress-access
+  labels:
+    rbac.crossplane.io/aggregate-to-crossplane: "true"
+rules:
+# Allow Operations to read and update Ingress resources
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "list", "patch", "update"]