Move endpoint validation to Validate(), fix smart quote corruption

The gci linter was replacing ASCII quotes with Unicode smart quotes
(U+201C/U+201D) in kubebuilder annotations, breaking controller-gen
CRD generation. Additionally, the CEL rule for endpoint validation
generated double-quoted YAML that the Helm wrapper mishandled.

Move the endpoint-requires-signals validation from a CEL rule to the
programmatic Validate() method, which avoids both issues and provides
clearer error messages. Add test case for this validation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ChrisJBurns

cmd/thv-operator/api/v1alpha1/mcptelemetryconfig_types.go

@@ -31,7 +31,6 @@ type SensitiveHeader struct {
 //   - Adds ResourceAttributes for shared OTel resource attributes
 //
 // +kubebuilder:validation:XValidation:rule="!has(self.headers) || !has(self.sensitiveHeaders) || self.sensitiveHeaders.all(sh, !(sh.name in self.headers))",message="a header name cannot appear in both headers and sensitiveHeaders"
-// +kubebuilder:validation:XValidation:rule=”!has(self.endpoint) || size(self.endpoint) == 0 || (has(self.tracing) && self.tracing.enabled) || (has(self.metrics) && self.metrics.enabled)”,message=”endpoint requires at least one of tracing or metrics to be enabled”
 //
 //nolint:lll // CEL validation rules exceed line length limit
 type MCPTelemetryOTelConfig struct {
@@ -179,9 +178,30 @@ type MCPTelemetryConfigReference struct {
 // CEL catches issues at API admission time, but this method also validates
 // stored objects to catch any that bypassed CEL or were stored before CEL rules were added.
 func (r *MCPTelemetryConfig) Validate() error {
+	if err := r.validateEndpointRequiresSignals(); err != nil {
+		return err
+	}
 	return r.validateSensitiveHeaders()
 }
 
+// validateEndpointRequiresSignals rejects an endpoint when neither tracing nor metrics is enabled.
+// Without this check the config would pass CRD validation but fail at runtime in telemetry.NewProvider.
+func (r *MCPTelemetryConfig) validateEndpointRequiresSignals() error {
+	if r.Spec.OpenTelemetry == nil {
+		return nil
+	}
+	otel := r.Spec.OpenTelemetry
+	if otel.Endpoint == "" {
+		return nil
+	}
+	tracingEnabled := otel.Tracing != nil && otel.Tracing.Enabled
+	metricsEnabled := otel.Metrics != nil && otel.Metrics.Enabled
+	if !tracingEnabled && !metricsEnabled {
+		return fmt.Errorf("endpoint requires at least one of tracing or metrics to be enabled")
+	}
+	return nil
+}
+
 // validateSensitiveHeaders validates sensitive header entries and checks for overlap with plaintext headers.
 func (r *MCPTelemetryConfig) validateSensitiveHeaders() error {
 	if r.Spec.OpenTelemetry == nil {

cmd/thv-operator/controllers/mcptelemetryconfig_controller_test.go

@@ -498,6 +498,19 @@ func TestMCPTelemetryConfig_Validate(t *testing.T) {
 			},
 			expectError: true,
 		},
+		{
+			name: "invalid endpoint without tracing or metrics",
+			config: &mcpv1alpha1.MCPTelemetryConfig{
+				Spec: mcpv1alpha1.MCPTelemetryConfigSpec{
+					OpenTelemetry: &mcpv1alpha1.MCPTelemetryOTelConfig{
+						Enabled:  true,
+						Endpoint: "otel-collector:4317",
+						// No Tracing or Metrics configured
+					},
+				},
+			},
+			expectError: true,
+		},
 		{
 			name: "invalid empty secret ref name",
 			config: &mcpv1alpha1.MCPTelemetryConfig{

deploy/charts/operator-crds/files/crds/toolhive.stacklok.dev_mcptelemetryconfigs.yaml

@@ -22,6 +22,9 @@ spec:
     - jsonPath: .spec.openTelemetry.endpoint
       name: Endpoint
       type: string
+    - jsonPath: .status.conditions[?(@.type=='Valid')].status
+      name: Ready
+      type: string
     - jsonPath: .spec.openTelemetry.tracing.enabled
       name: Tracing
       type: boolean
@@ -163,9 +166,6 @@ spec:
                 - message: a header name cannot appear in both headers and sensitiveHeaders
                   rule: '!has(self.headers) || !has(self.sensitiveHeaders) || self.sensitiveHeaders.all(sh,
                     !(sh.name in self.headers))'
-                - message: endpoint requires at least one of tracing or metrics to be enabled
-                  rule: '!has(self.endpoint) || size(self.endpoint) == 0 || (has(self.tracing)
-                    && self.tracing.enabled) || (has(self.metrics) && self.metrics.enabled)'
               prometheus:
                 description: Prometheus defines Prometheus-specific configuration
                 properties:

deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcptelemetryconfigs.yaml

@@ -25,6 +25,9 @@ spec:
     - jsonPath: .spec.openTelemetry.endpoint
       name: Endpoint
       type: string
+    - jsonPath: .status.conditions[?(@.type=='Valid')].status
+      name: Ready
+      type: string
     - jsonPath: .spec.openTelemetry.tracing.enabled
       name: Tracing
       type: boolean
@@ -166,9 +169,6 @@ spec:
                 - message: a header name cannot appear in both headers and sensitiveHeaders
                   rule: '!has(self.headers) || !has(self.sensitiveHeaders) || self.sensitiveHeaders.all(sh,
                     !(sh.name in self.headers))'
-                - message: endpoint requires at least one of tracing or metrics to be enabled
-                  rule: '!has(self.endpoint) || size(self.endpoint) == 0 || (has(self.tracing)
-                    && self.tracing.enabled) || (has(self.metrics) && self.metrics.enabled)'
               prometheus:
                 description: Prometheus defines Prometheus-specific configuration
                 properties: