Naas 1315 certificate receiver

[vivki]

Proposed changes

What

Adds a certificate OTel receiver that emits nginx.certificate.time_to_expiration — a gauge (seconds) until each TLS cert in the NGINX config expires. Negative values = already expired.

Attributes: file_path, public_key_algorithm, serial_number, subject.common_name, resource.instance.id

Why

NGINXaaS customers have no visibility into TLS cert expiry today, so certs can expire silently with no GCM alerting signal.

How

Cert file paths are extracted from the already-parsed NginxConfigContext. Files and stored in the receiver config. The scraper reads and parses each file with crypto/x509 on every 15s scrape; renewals are reflected immediately without a collector restart.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING document
• I have run make install-tools and have attached any dependency changes to this pull request
• If applicable, I have added tests that prove my fix is effective or that my feature works
• If applicable, I have checked that any relevant tests pass after adding my changes
• If applicable, I have updated any relevant documentation (README.md)
• If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

[codecov]

Codecov Report

❌ Patch coverage is 73.26007% with 73 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.70%. Comparing base (9403c5f) to head (e563b15).

Files with missing lines	Patch %	Lines
internal/collector/otel_collector_plugin.go	4.87%	39 Missing ⚠️
...atereceiver/internal/metadata/generated_metrics.go	82.85%	17 Missing and 1 partial ⚠️
...catereceiver/internal/metadata/generated_config.go	73.33%	4 Missing and 4 partials ⚠️
internal/collector/certificatereceiver/factory.go	84.00%	2 Missing and 2 partials ⚠️
internal/collector/certificatereceiver/scraper.go	91.83%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1731      +/-   ##
==========================================
- Coverage   84.97%   84.70%   -0.27%     
==========================================
  Files         105      111       +6     
  Lines       13601    13866     +265     
==========================================
+ Hits        11557    11745     +188     
- Misses       1527     1595      +68     
- Partials      517      526       +9     

Files with missing lines	Coverage Δ
internal/collector/certificatereceiver/config.go	100.00% <100.00%> (ø)
...tereceiver/internal/metadata/generated_resource.go	100.00% <100.00%> (ø)
...r/cpuscraper/internal/metadata/generated_config.go	75.75% <100.00%> (ø)
...emoryscraper/internal/metadata/generated_config.go	73.33% <100.00%> (ø)
internal/collector/factories.go	100.00% <100.00%> (ø)
internal/config/types.go	86.66% <100.00%> (-0.44%)	⬇️
internal/collector/certificatereceiver/factory.go	84.00% <84.00%> (ø)
internal/collector/certificatereceiver/scraper.go	91.83% <91.83%> (ø)
...catereceiver/internal/metadata/generated_config.go	73.33% <73.33%> (ø)
...atereceiver/internal/metadata/generated_metrics.go	82.85% <82.85%> (ø)
... and 1 more

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9403c5f...e563b15. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.