Salt: SCRAM-SHA-256 support for states.postgres_user

Python 3 implementation of postgres' algorithm
```python
import base64
import hashlib
import hmac
import secrets

def scram_sha_256(password):
# TODO: saslprep
if not isinstance(password, (bytes, bytearray)):
password = password.encode('utf8')
iterations = 4096
salt = secrets.token_bytes(16)
salted_password = hashlib.pbkdf2_hmac('sha256', password, salt, iterations)
stored_key = hmac.new(salted_password, b'Client Key', 'sha256').digest()
stored_key = hashlib.sha256(stored_key).digest()
server_key = hmac.new(salted_password, b'Server Key', 'sha256').digest()
return 'SCRAM-SHA-256$%d:%s$%s:%s' % (
iterations,
base64.b64encode(salt).decode('ascii'),
base64.b64encode(stored_key).decode('ascii'),
base64.b64encode(server_key).decode('ascii')
)

@OrangeDog Can you provide me with an example state that I can use to test this?

@dwoz not sure what you mean by example state, but see linked commit.

You can see from saltstack's source code that the states.postgres_user state is only able to compare and set unencrypted or MD5 passwords. To use SCRAM passwords, PostgreSQL 10 or higher is required.

sadly without SCRAM support the current postgres_user state has very limited usefulness. please also let the module work with already encrypted passwords like:

postgres_user.present:
  name: blah
  password: "SCRAM-SHA-256$4096:lKj35tB36e3LV3fVaW3hlw==$NO7qHn5U1C [...] XDDEcI="

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

Still a desired feature.

Thank you for updating this issue. It is no longer marked as stale.

There doesn't seem to be any python library providing just saslprep.
There is an implementation in pymongo.