From 28533d7614944214cfcee19b4dd0420cfdefe592 Mon Sep 17 00:00:00 2001
From: Lucas Bajolet <lucas.bajolet@hashicorp.com>
Date: Fri, 12 Aug 2022 10:13:49 -0400
Subject: [PATCH] ssh: make ssh bastion error message more precise

When running a config that specifies a SSH communicator with a bastion
without any authentication option, the proposed resolution would only
include password or private key, and left agent authentication out of
the error message.

This commit adds it to the list of options to resolve it.
---
 communicator/config.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/communicator/config.go b/communicator/config.go
index ea4927eaf..92b20318c 100644
--- a/communicator/config.go
+++ b/communicator/config.go
@@ -547,10 +547,10 @@ func (c *Config) prepareSSH(ctx *interpolate.Context) []error {
 		}
 	}
 
-	if c.SSHBastionHost != "" && !c.SSHBastionAgentAuth {
-		if c.SSHBastionPassword == "" && c.SSHBastionPrivateKeyFile == "" {
+	if c.SSHBastionHost != "" {
+		if c.SSHBastionPassword == "" && c.SSHBastionPrivateKeyFile == "" && !c.SSHBastionAgentAuth {
 			errs = append(errs, errors.New(
-				"ssh_bastion_password or ssh_bastion_private_key_file must be specified"))
+				"ssh_bastion_password, ssh_bastion_private_key_file or ssh_bastion_agent_auth must be specified"))
 		} else if c.SSHBastionPrivateKeyFile != "" {
 			path, err := pathing.ExpandUser(c.SSHBastionPrivateKeyFile)
 			if err != nil {