fix up go vet warnings

client/driver/docker_test.go

@@ -1790,7 +1790,7 @@ func TestDockerDriver_OOMKilled(t *testing.T) {
 	select {
 	case res := <-handle.WaitCh():
 		if res.Successful() {
-			t.Fatalf("expected error, but container exited successfull")
+			t.Fatalf("expected error, but container exited successful")
 		}
 
 		if res.Err.Error() != "OOM Killed" {

command/agent/agent.go

@@ -733,7 +733,7 @@ func (a *Agent) Reload(newConfig *Config) error {
 
 	if newConfig.TLSConfig != nil {
 		if !a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() {
-			a.logger.Println("[INFO] Updating agent's existing TLS configuration \n\n")
+			a.logger.Println("[INFO] Updating agent's existing TLS configuration")
 			// Handle errors in loading the new certificate files.
 			// This is just a TLS configuration reload, we don't need to refresh
 			// existing network connections
@@ -745,9 +745,9 @@ func (a *Agent) Reload(newConfig *Config) error {
 		a.config.TLSConfig = newConfig.TLSConfig
 
 		if a.config.TLSConfig.IsEmpty() && !newConfig.TLSConfig.IsEmpty() {
-			a.logger.Println("[INFO] Upgrading from plaintext configuration to TLS \n\n")
+			a.logger.Println("[INFO] Upgrading from plaintext configuration to TLS")
 		} else if !a.config.TLSConfig.IsEmpty() && newConfig.TLSConfig.IsEmpty() {
-			a.logger.Println("[WARN] Downgrading agent's existing TLS configuration to plaintext \n\n")
+			a.logger.Println("[WARN] Downgrading agent's existing TLS configuration to plaintext")
 		}
 
 		// Reload the TLS configuration for the client or server, depending on how

command/agent/http_test.go

@@ -560,7 +560,7 @@ func TestHTTP_VerifyHTTPSClient_AfterConfigReload(t *testing.T) {
 	// First test with a plaintext request
 	transport := &http.Transport{}
 	client := &http.Client{Transport: transport}
-	req, err := http.NewRequest("GET", reqURL, nil)
+	_, err := http.NewRequest("GET", reqURL, nil)
 	assert.Nil(err)
 
 	// Next, reload the TLS configuration
@@ -590,7 +590,7 @@ func TestHTTP_VerifyHTTPSClient_AfterConfigReload(t *testing.T) {
 
 	transport = &http.Transport{TLSClientConfig: tlsConf}
 	client = &http.Client{Transport: transport}
-	req, err = http.NewRequest("GET", httpsReqURL, nil)
+	req, err := http.NewRequest("GET", httpsReqURL, nil)
 	assert.Nil(err)
 
 	resp, err := client.Do(req)

nomad/server_test.go

@@ -281,7 +281,7 @@ func TestServer_Reload_Vault(t *testing.T) {
 }
 
 // Tests that the server will successfully reload its network connections,
-// upgrading from plaintext to TLS if the server's TLS configuratoin changes.
+// upgrading from plaintext to TLS if the server's TLS configuration changes.
 func TestServer_Reload_TLSConnections(t *testing.T) {
 	t.Parallel()
 	assert := assert.New(t)

nomad/structs/config/tls.go

@@ -79,18 +79,35 @@ func (k *KeyLoader) GetOutgoingCertificate(*tls.ClientHelloInfo) (*tls.Certifica
 }
 
 func (t *TLSConfig) GetKeyLoader() *KeyLoader {
+	t.configLock.Lock()
+	defer t.configLock.Unlock()
+
 	// If the keyloader has not yet been initialized, do it here
 	if t.KeyLoader == nil {
-		t.configLock.Lock()
 		t.KeyLoader = &KeyLoader{}
-		t.configLock.Unlock()
 	}
 	return t.KeyLoader
 }
 
+// Copy copies the fields of TLSConfig to another TLSConfig object. Required as
+// to not copy mutexes between objects.
+func (t *TLSConfig) Copy() *TLSConfig {
+	new := &TLSConfig{}
+	new.EnableHTTP = t.EnableHTTP
+	new.EnableRPC = t.EnableRPC
+	new.VerifyServerHostname = t.VerifyServerHostname
+	new.CAFile = t.CAFile
+	new.CertFile = t.CertFile
+	new.KeyLoader = t.KeyLoader
+	new.KeyFile = t.KeyFile
+	new.RPCUpgradeMode = t.RPCUpgradeMode
+	new.VerifyHTTPSClient = t.VerifyHTTPSClient
+	return new
+}
+
 // Merge is used to merge two TLS configs together
 func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig {
-	result := *t
+	result := t.Copy()
 
 	if b.EnableHTTP {
 		result.EnableHTTP = true
@@ -113,7 +130,7 @@ func (t *TLSConfig) Merge(b *TLSConfig) *TLSConfig {
 	if b.VerifyHTTPSClient {
 		result.VerifyHTTPSClient = true
 	}
-	return &result
+	return result
 }
 
 // IsEmpty checks to see if every (non-boolean) field in the struct is nil