Fix Nomad client TLS defaults

pkg/provider/nomad/nomad.go

@@ -79,13 +79,17 @@ func (p *Provider) SetDefaults() {
 		Address: defConfig.Address,
 		Region:  defConfig.Region,
 		Token:   defConfig.SecretID,
-		TLS: &types.ClientTLS{
+	}
+
+	if defConfig.TLSConfig != nil && (defConfig.TLSConfig.Insecure || defConfig.TLSConfig.CACert != "" || defConfig.TLSConfig.ClientCert != "" || defConfig.TLSConfig.ClientKey != "") {
+		p.Endpoint.TLS = &types.ClientTLS{
 			CA:                 defConfig.TLSConfig.CACert,
 			Cert:               defConfig.TLSConfig.ClientCert,
 			Key:                defConfig.TLSConfig.ClientKey,
 			InsecureSkipVerify: defConfig.TLSConfig.Insecure,
-		},
+		}
 	}
+
 	p.Prefix = defaultPrefix
 	p.ExposedByDefault = true
 	p.RefreshInterval = ptypes.Duration(15 * time.Second)
@@ -173,19 +177,24 @@ func (p *Provider) loadConfiguration(ctx context.Context, configurationC chan<-
 }
 
 func createClient(namespace string, endpoint *EndpointConfig) (*api.Client, error) {
-	return api.NewClient(&api.Config{
+	config := api.Config{
 		Address:   endpoint.Address,
 		Namespace: namespace,
 		Region:    endpoint.Region,
 		SecretID:  endpoint.Token,
 		WaitTime:  time.Duration(endpoint.EndpointWaitTime),
-		TLSConfig: &api.TLSConfig{
+	}
+
+	if endpoint.TLS != nil {
+		config.TLSConfig = &api.TLSConfig{
 			CACert:     endpoint.TLS.CA,
 			ClientCert: endpoint.TLS.Cert,
 			ClientKey:  endpoint.TLS.Key,
 			Insecure:   endpoint.TLS.InsecureSkipVerify,
-		},
-	})
+		}
+	}
+
+	return api.NewClient(&config)
 }
 
 // configuration contains information from the service's tags that are globals

pkg/provider/nomad/nomad_test.go

@@ -84,7 +84,6 @@ func TestProvider_SetDefaults_Endpoint(t *testing.T) {
 			envs: map[string]string{},
 			expected: &EndpointConfig{
 				Address: "http://127.0.0.1:4646",
-				TLS:     &types.ClientTLS{},
 			},
 		},
 		{