Support hashed user passwords

[hoxu]

This partially reverts commit 004a620, that added MD5 hashing of all passwords on the provider side.
Now the passwords are again passed to Redshift as-is.
This allows Redshift to figure out whether the password is already hashed or needs to be hashed.
As a result, user passwords can be passed as hashed in the Terraform sources.

Unfortunately I could not run the acceptance tests against a Redshift cluster. Could someone help with the testing?

Fixes #97. Closes #90 and #96.

[hoxu]

@sworisbreathing you authored the commit 004a620. It seemed to contain multiple changes, so can you review that this PR reverts only the relevant part?

@mtesch-um as author of #97, could you also review this?

[sworisbreathing]

@sworisbreathing you authored the commit 004a620. It seemed to contain multiple changes, so can you review that this PR reverts only the relevant part?

@hoxu confirmed, this only reverts the md5 hashing of the username

[mtesch-um]

@hoxu thanks for pulling this together!

To prevent any regression here, I'd suggest adding tests to redshift/resource_redshift_user_test.go that exercise setting and altering the password using an "md5..." string in addition to a plaintext password.

[hoxu]

I still can't run the tests, but commit 3bfdd33 is a blind-coded attempt at adding a test for creation of a user with MD5-hashed password.

@mtesch-um can you check how it looks like?

[mtesch-um]

lgtm.

[mtesch-um]

Also suggest the following addition to the documentation (docs/resources/user.md):

- **password** (String, Sensitive) Sets the user's password. Users can change their own passwords, unless the password is disabled. To disable password, omit this parameter or set it to `null`.  This can also be a md5-hashed password rather than the actual password.  Please refer to the [CREATE USER documentation](https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_USER.html) for information on creating an md5 password hash.  This value can NOT be a `sha256hash` string because it is also used in [ALTER USER which does not support that format](https://docs.aws.amazon.com/redshift/latest/dg/r_ALTER_USER.html).

[hoxu]

@mtesch-um:

Documentation added in commit 49aad90.

Did you check that ALTER USER does not actually support SHA256, and it's just not missing from the documentation?

Can you review this one more time and resolve the conversations if you are satisfied? I'll rebase -i --autosquash after that.

[hoxu]

I tested with Redshift and it seems ALTER USER at least supports the SHA256 syntax (the password is password in this example):

redacted=# BEGIN; CREATE USER delete_me PASSWORD 'sha256|1ab974118c07c09efe65e8bd04b0b47efaf232e2ee6f6132bd018ef72b208991|12e6c1c1cd63ef012278f51e5d65441930250d4701fd52274f6c5c1d1da35fad'; ALTER USER delete_me PASSWORD 'sha256|1ab974118c07c09efe65e8bd04b0b47efaf232e2ee6f6132bd018ef72b208991|12e6c1c1cd63ef012278f51e5d65441930250d4701fd52274f6c5c1d1da35fad'; ROLLBACK;
BEGIN
CREATE USER
ALTER USER
ROLLBACK

Creation of SHA256-hashed Redshift passwords is poorly documented in AWS documentation, but this Stack Overflow answer has instructions: https://stackoverflow.com/questions/73489343/creating-a-redshift-user-with-a-sha256-password

However, I didn't test logging in with a SHA256-hashed password, because apparently psql does not support it and fails with authentication method 13 not supported: https://www.repost.aws/questions/QUGYGra6yiQrOxXat9-tLcsg/redshift-error-authentication-method-13-not-supported-when-creating-a-user-with-sha-256-hashed-password

[hoxu]

One more change, squash baee2bd. I removed mention of MD5 and SHA256 as well as ALTER USER link, and just mentioned that the password can be hashed, and to consult the CREATE USER documentation for more information.

[hoxu]

I did git rebase -i --autosquash origin/master, and resolved the conversations, hope that's okay. Thakns for review and coding help @mtesch-um!

Could someone with write access, like @robertomczak, @rg00d, @szemek or @winglot review and approve this so that the test workflow can be executed?

[mtesch-um]

@hoxu thanks [again] for taking the initiative to fix this!!!

[hoxu]

@mtesch-um Thanks to you for helping on every step along the way :)