Method: proposals.approve

Full name: projects.locations.singleTenantHsmInstances.proposals.approve

Approves a SingleTenantHsmInstanceProposal for a given SingleTenantHsmInstance. The proposal must be in the PENDING state.

HTTP request


POST https://cloudkms.googleapis.com/v1/{name=projects/*/locations/*/singleTenantHsmInstances/*/proposals/*}:approve

The URLs use gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The name of the SingleTenantHsmInstanceProposal to approve.

Request body

The request body contains data with the following structure:

JSON representation 
{

  // Union field approval_payload can be only one of the following:
  "quorumReply": {
    object (QuorumReply)
  },
  "requiredActionQuorumReply": {
    object (RequiredActionQuorumReply)
  }
  // End of list of possible types for union field approval_payload.
}
Fields
Union field approval_payload. The approval payload. The type of approval payload must correspond to the type of approval_parameters in the proposal. approval_payload can be only one of the following:
quorumReply

object (QuorumReply)

Required. The reply to QuorumParameters for approving the proposal.
requiredActionQuorumReply

object (RequiredActionQuorumReply)

Required. The reply to RequiredActionQuorumParameters for approving the proposal.

Response body

If successful, the response body is empty.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloudkms
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • cloudkms.singleTenantHsmInstanceProposals.approve

For more information, see the IAM documentation.

QuorumReply

The reply to QuorumParameters for approving the proposal.

JSON representation 
{
  "challengeReplies": [
    {
      object (ChallengeReply)
    }
  ]
}
Fields
challengeReplies[]

object (ChallengeReply)

Required. The challenge replies to approve the proposal. Challenge replies can be sent across multiple requests. The proposal will be approved when requiredApproverCount challenge replies are provided.

ChallengeReply

A reply to a challenge signed by a 2FA key.

JSON representation 
{
  "signedChallenge": string,
  "publicKeyPem": string
}
Fields
signedChallenge

string (bytes format)

Required. The signed challenge associated with the 2FA key. The signature must be RSASSA-PKCS1 v1.5 with a SHA256 digest.

A base64-encoded string.
publicKeyPem

string

Required. The public key associated with the 2FA key.

RequiredActionQuorumReply

The reply to RequiredActionQuorumParameters for approving the proposal.

JSON representation 
{
  "requiredChallengeReplies": [
    {
      object (ChallengeReply)
    }
  ],
  "quorumChallengeReplies": [
    {
      object (ChallengeReply)
    }
  ]
}
Fields
requiredChallengeReplies[]

object (ChallengeReply)

Required. All required challenges must be signed for the proposal to be approved. These can be sent across multiple requests.
quorumChallengeReplies[]

object (ChallengeReply)

Required. Quorum members' signed challenge replies. These can be provided across multiple requests. The proposal will be approved when requiredApproverCount quorumChallengeReplies are provided and when all requiredChallengeReplies are provided.