Document that user password can be hashed

docs/resources/user.md

@@ -37,7 +37,7 @@ resource "redshift_user" "user_with_unrestricted_syslog" {
 - **connection_limit** (Number) The maximum number of database connections the user is permitted to have open concurrently. The limit isn't enforced for superusers.
 - **create_database** (Boolean) Allows the user to create new databases. By default user can't create new databases.
 - **id** (String) The ID of this resource.
-- **password** (String, Sensitive) Sets the user's password. Users can change their own passwords, unless the password is disabled. To disable password, omit this parameter or set it to `null`.
+- **password** (String, Sensitive) Sets the user's password. Users can change their own passwords, unless the password is disabled. To disable password, omit this parameter or set it to `null`.  This can also be a hashed password rather than the plaintext password.  Please refer to the [CREATE USER documentation](https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_USER.html) for information on creating a password hash.
 - **superuser** (Boolean) Determine whether the user is a superuser with all database privileges.
 - **syslog_access** (String) A clause that specifies the level of access that the user has to the Amazon Redshift system tables and views. If `RESTRICTED` (default) is specified, the user can see only the rows generated by that user in user-visible system tables and views. If `UNRESTRICTED` is specified, the user can see all rows in user-visible system tables and views, including rows generated by another user. `UNRESTRICTED` doesn't give a regular user access to superuser-visible tables. Only superusers can see superuser-visible tables.
 - **valid_until** (String) Sets a date and time after which the user's password is no longer valid. By default the password has no time limit.