From 21753013be2e29cf58f90113293d35b70a45d938 Mon Sep 17 00:00:00 2001
From: Michael Schurter <mschurter@hashicorp.com>
Date: Tue, 6 Aug 2019 11:17:10 -0700
Subject: [PATCH] vault: ensure SetConfig calls are serialized

This is a defensive measure as SetConfig should only be called serially.
---
 nomad/vault.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nomad/vault.go b/nomad/vault.go
index 209d0176a29..186524065cc 100644
--- a/nomad/vault.go
+++ b/nomad/vault.go
@@ -233,6 +233,9 @@ type vaultClient struct {
 	// l is used to lock the configuration aspects of the client such that
 	// multiple callers can't cause conflicting config updates
 	l sync.Mutex
+
+	// setConfigLock serializes access to the SetConfig method
+	setConfigLock sync.Mutex
 }
 
 // NewVaultClient returns a Vault client from the given config. If the client
@@ -330,6 +333,8 @@ func (v *vaultClient) SetConfig(config *config.VaultConfig) error {
 	if config == nil {
 		return fmt.Errorf("must pass valid VaultConfig")
 	}
+	v.setConfigLock.Lock()
+	defer v.setConfigLock.Unlock()
 
 	v.l.Lock()
 	defer v.l.Unlock()