fix(clickhouseexporter): respect TLS configuration when cert_file/key_file are missing and add test case (#43911)

[harshit-jindal02]

Summary

This PR fixes a bug in the ClickHouse exporter where the TLS configuration was ignored
if neither cert_file nor key_file were set — even when a valid ca_file was provided.
As a result, server-side TLS verification setups (CA-only) failed unexpectedly.

---

Root Cause

In the previous logic inside buildClickHouseOptions(), TLS initialization was conditioned
on both cert_file and key_file being provided.
However, for many ClickHouse deployments, only a ca_file is necessary to validate
the server certificate without using client-side authentication.

This caused the exporter to skip TLS setup entirely when only ca_file was specified.

---

Fix Implemented

• Updated buildClickHouseOptions() to initialize TLS even when only a ca_file is set.

• Ensured server-side TLS verification is correctly configured.

• Added a new regression test to prevent future regressions:

  TestBuildClickHouseOptions_WithCAFileOnly

This test verifies:

• TLS initialization occurs when only a ca_file is present.
• The function handles invalid CA files gracefully without panic.
• Exporter logic remains stable under all TLS configurations.

---

Test Plan

Run locally:

cd exporter/clickhouseexporter
go test -v ./...

Expected output:

=== RUN   TestBuildClickHouseOptions_WithCAFileOnly
--- PASS: TestBuildClickHouseOptions_WithCAFileOnly (0.00s)
PASS
ok  	github.com/open-telemetry/opentelemetry-collector-contrib/exporter/clickhouseexporter	0.8s

---

Behavior Before

• TLS configuration was ignored when cert_file and key_file were not provided.
• Exporter silently defaulted to a non-TLS connection even if a ca_file existed.

---

Behavior After

• TLS setup is respected when only a ca_file is configured.
• Server certificate validation now works as expected.
• Added unit test ensures this behavior remains protected against regressions.

---

Affected Files

• exporter/clickhouseexporter/config.go
• exporter/clickhouseexporter/config_test.go

---

Related Issue

Fixes: #43911

---

Additional Notes

This improvement ensures the ClickHouse exporter correctly handles standard TLS verification
scenarios where a root CA file is provided but no client certificates are required.

It brings the exporter in line with expected ClickHouse server security behavior and adds
a regression test to safeguard future changes.

[github-actions]

Welcome, contributor! Thank you for your contribution to opentelemetry-collector-contrib.

Important reminders:

• Please review our Contributing Guidelines.
• Don't forget to sign the Contributor License Agreement (CLA) if you haven't already.

A maintainer will review your pull request soon. Thank you for helping make OpenTelemetry better!

[SpencerTorres]

As long as this doesn't break default configs, should be good. Also add changelog. Thanks!

[harshit-jindal02]

As long as this doesn't break default configs, should be good. Also add changelog. Thanks!

Added changelog entry as requested.

[pjanotti]

Thanks for the PR @harshit-jindal02 - don't edit the changelog directly, add the change using chloggen, follow the instructions at https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/a1bbdc152908d8822a0989a5bde4e44a798bd11d/CONTRIBUTING.md#changelog

[pjanotti]

The tests are going to fail due to the changelog, but I'm approving the workflows to run so we get a run of the new test.

[harshit-jindal02]

Thanks for the PR @harshit-jindal02 - don't edit the changelog directly, add the change using chloggen, follow the instructions at https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/a1bbdc152908d8822a0989a5bde4e44a798bd11d/CONTRIBUTING.md#changelog

Thanks @pjanotti, I’ve updated and validated the changelog entry as suggested.