allow superusers to have unmanaged passwords

redshift/resource_redshift_user.go

@@ -1,7 +1,6 @@
 package redshift
 
 import (
-	"context"
 	"crypto/md5"
 	"database/sql"
 	"fmt"
@@ -56,17 +55,6 @@ Amazon Redshift user accounts can only be created and dropped by a database supe
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
 		},
-		CustomizeDiff: func(_ context.Context, d *schema.ResourceDiff, p interface{}) error {
-			isSuperuser := d.Get(userSuperuserAttr).(bool)
-			isPasswordKnown := d.NewValueKnown(userPasswordAttr)
-
-			password, hasPassword := d.GetOk(userPasswordAttr)
-			if isSuperuser && isPasswordKnown && (!hasPassword || password.(string) == "") {
-				return fmt.Errorf("Users that are superusers must define a password.")
-			}
-
-			return nil
-		},
 
 		Schema: map[string]*schema.Schema{
 			userNameAttr: {

redshift/resource_redshift_user_test.go

@@ -4,7 +4,6 @@ import (
 	"database/sql"
 	"fmt"
 	"os"
-	"regexp"
 	"strconv"
 	"strings"
 	"testing"
@@ -191,28 +190,6 @@ resource "redshift_user" "update_superuser" {
 	})
 }
 
-func TestAccRedshiftUser_SuperuserRequiresPassword(t *testing.T) {
-	userName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_acc_superuser"), "-", "_")
-	config := fmt.Sprintf(`
-resource "redshift_user" "superuser" {
-  name = %[1]q
-  superuser = true
-}
-`, userName)
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProviders,
-		CheckDestroy: testAccCheckRedshiftUserDestroy,
-		Steps: []resource.TestStep{
-			{
-				Config:      config,
-				ExpectError: regexp.MustCompile("Users that are superusers must define a password."),
-			},
-		},
-	})
-}
-
 func TestAccRedshiftUser_SuperuserFalseDoesntRequiresPassword(t *testing.T) {
 	userName := strings.ReplaceAll(acctest.RandomWithPrefix("tf_acc_superuser"), "-", "_")
 	config := fmt.Sprintf(`