update s2a proto tags (#154)

grpc/gcp/s2a/s2a.proto

@@ -57,11 +57,13 @@ message AlpnPolicy {
 }
 
 message AuthenticationMechanism {
+  reserved 1;
+
   // Applications may specify an identity associated to an authentication
   // mechanism. Otherwise, S2A assumes that the authentication mechanism is
   // associated with the default identity. If the default identity cannot be
   // determined, the request is rejected.
-  Identity identity = 1;
+  Identity identity = 3;
 
   oneof mechanism_oneof {
     // A token that the application uses to authenticate itself to S2A.
@@ -295,6 +297,8 @@ message ValidatePeerCertificateChainResp {
 }
 
 message SessionReq {
+  reserved 1;
+
   // The identity corresponding to the TLS configurations that MUST be used for
   // the TLS handshake.
   //
@@ -303,7 +307,7 @@ message SessionReq {
   // identity is not populated, S2A will try to deduce the managed identity to
   // use from the SNI extension. If that also fails, S2A uses the default
   // identity (if one exists).
-  Identity local_identity = 1;
+  Identity local_identity = 7;
 
   // The authentication mechanisms that the application wishes to use to
   // authenticate to S2A, ordered by preference. S2A will always use the first

grpc/gcp/s2a/s2a_context.proto

@@ -26,6 +26,8 @@ option java_outer_classname = "S2AContextProto";
 option java_package = "io.grpc.s2a.handshaker";
 
 message S2AContext {
+  reserved 5, 7, 8
+
   // The SPIFFE ID from the peer leaf certificate, if present.
   //
   // This field is only populated if the leaf certificate is a valid SPIFFE
@@ -54,7 +56,7 @@ message S2AContext {
   repeated string peer_certificate_chain_fingerprints = 4;
 
   // The local identity used during session setup.
-  Identity local_identity = 5;
+  Identity local_identity = 9;
 
   // The SHA256 hash of the DER-encoding of the local leaf certificate used in
   // the handshake.