New Resource: aws_route53_key_signing_key

Reference: #16834
Reference: #16836

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAwsRoute53KeySigningKey_disappears (209.62s)
--- PASS: TestAccAwsRoute53KeySigningKey_basic (233.38s)
--- PASS: TestAccAwsRoute53KeySigningKey_Status (295.66s)
```

Author: bflad

aws/internal/service/route53/enum.go

@@ -0,0 +1,9 @@
+package route53
+
+const (
+	KeySigningKeyStatusActionNeeded    = "ACTION_NEEDED"
+	KeySigningKeyStatusActive          = "ACTIVE"
+	KeySigningKeyStatusDeleting        = "DELETING"
+	KeySigningKeyStatusInactive        = "INACTIVE"
+	KeySigningKeyStatusInternalFailure = "INTERNAL_FAILURE"
+)

aws/internal/service/route53/finder/finder.go

@@ -0,0 +1,50 @@
+package finder
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/route53"
+	tfroute53 "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/route53"
+)
+
+func KeySigningKey(conn *route53.Route53, hostedZoneID string, name string) (*route53.KeySigningKey, error) {
+	input := &route53.GetDNSSECInput{
+		HostedZoneId: aws.String(hostedZoneID),
+	}
+
+	var result *route53.KeySigningKey
+
+	output, err := conn.GetDNSSEC(input)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil {
+		return nil, nil
+	}
+
+	for _, keySigningKey := range output.KeySigningKeys {
+		if keySigningKey == nil {
+			continue
+		}
+
+		if aws.StringValue(keySigningKey.Name) == name {
+			result = keySigningKey
+			break
+		}
+	}
+
+	return result, err
+}
+
+func KeySigningKeyByResourceID(conn *route53.Route53, resourceID string) (*route53.KeySigningKey, error) {
+	hostedZoneID, name, err := tfroute53.KeySigningKeyParseResourceID(resourceID)
+
+	if err != nil {
+		return nil, fmt.Errorf("error parsing Route 53 Key Signing Key (%s) identifier: %w", resourceID, err)
+	}
+
+	return KeySigningKey(conn, hostedZoneID, name)
+}

aws/internal/service/route53/id.go

@@ -0,0 +1,25 @@
+package route53
+
+import (
+	"fmt"
+	"strings"
+)
+
+const KeySigningKeyResourceIDSeparator = ","
+
+func KeySigningKeyCreateResourceID(transitGatewayRouteTableID string, prefixListID string) string {
+	parts := []string{transitGatewayRouteTableID, prefixListID}
+	id := strings.Join(parts, KeySigningKeyResourceIDSeparator)
+
+	return id
+}
+
+func KeySigningKeyParseResourceID(id string) (string, string, error) {
+	parts := strings.Split(id, KeySigningKeyResourceIDSeparator)
+
+	if len(parts) == 2 && parts[0] != "" && parts[1] != "" {
+		return parts[0], parts[1], nil
+	}
+
+	return "", "", fmt.Errorf("unexpected format for ID (%[1]s), expected hosted-zone-id%[2]sname", id, KeySigningKeyResourceIDSeparator)
+}

aws/internal/service/route53/waiter/status.go

@@ -0,0 +1,44 @@
+package waiter
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/route53"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/route53/finder"
+)
+
+func ChangeInfoStatus(conn *route53.Route53, changeID string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		input := &route53.GetChangeInput{
+			Id: aws.String(changeID),
+		}
+
+		output, err := conn.GetChange(input)
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		if output == nil || output.ChangeInfo == nil {
+			return nil, "", nil
+		}
+
+		return output.ChangeInfo, aws.StringValue(output.ChangeInfo.Status), nil
+	}
+}
+
+func KeySigningKeyStatus(conn *route53.Route53, hostedZoneID string, name string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		keySigningKey, err := finder.KeySigningKey(conn, hostedZoneID, name)
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		if keySigningKey == nil {
+			return nil, "", nil
+		}
+
+		return keySigningKey, aws.StringValue(keySigningKey.Status), nil
+	}
+}

aws/internal/service/route53/waiter/waiter.go

@@ -0,0 +1,67 @@
+package waiter
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/route53"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+const (
+	ChangeTimeout = 30 * time.Minute
+
+	KeySigningKeyStatusTimeout = 5 * time.Minute
+)
+
+func ChangeInfoStatusInsync(conn *route53.Route53, changeID string) (*route53.ChangeInfo, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{route53.ChangeStatusPending},
+		Target:     []string{route53.ChangeStatusInsync},
+		Refresh:    ChangeInfoStatus(conn, changeID),
+		Delay:      30 * time.Second,
+		MinTimeout: 5 * time.Second,
+		Timeout:    ChangeTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*route53.ChangeInfo); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func KeySigningKeyStatusUpdated(conn *route53.Route53, hostedZoneID string, name string, status string) (*route53.KeySigningKey, error) {
+	stateConf := &resource.StateChangeConf{
+		Target:     []string{status},
+		Refresh:    KeySigningKeyStatus(conn, hostedZoneID, name),
+		MinTimeout: 5 * time.Second,
+		Timeout:    KeySigningKeyStatusTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*route53.KeySigningKey); ok {
+		if err != nil && output != nil && output.Status != nil && output.StatusMessage != nil {
+			newErr := fmt.Errorf("%s: %s", aws.StringValue(output.Status), aws.StringValue(output.StatusMessage))
+
+			switch e := err.(type) {
+			case *resource.TimeoutError:
+				if e.LastError == nil {
+					e.LastError = newErr
+				}
+			case *resource.UnexpectedStateError:
+				if e.LastError == nil {
+					e.LastError = newErr
+				}
+			}
+		}
+
+		return output, err
+	}
+
+	return nil, err
+}

aws/provider.go

@@ -852,6 +852,7 @@ func Provider() *schema.Provider {
 			"aws_redshift_event_subscription":                         resourceAwsRedshiftEventSubscription(),
 			"aws_resourcegroups_group":                                resourceAwsResourceGroupsGroup(),
 			"aws_route53_delegation_set":                              resourceAwsRoute53DelegationSet(),
+			"aws_route53_key_signing_key":                             resourceAwsRoute53KeySigningKey(),
 			"aws_route53_query_log":                                   resourceAwsRoute53QueryLog(),
 			"aws_route53_record":                                      resourceAwsRoute53Record(),
 			"aws_route53_zone_association":                            resourceAwsRoute53ZoneAssociation(),