From 62cf1cdcbe54b1fe3e6346172d77f58e00794bf1 Mon Sep 17 00:00:00 2001
From: Riya Mehta <55350838+rmehta19@users.noreply.github.com>
Date: Wed, 3 Jul 2024 08:47:28 -0700
Subject: [PATCH] update s2a proto tags (#154)

---
 grpc/gcp/s2a/s2a.proto         | 8 ++++++--
 grpc/gcp/s2a/s2a_context.proto | 4 +++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/grpc/gcp/s2a/s2a.proto b/grpc/gcp/s2a/s2a.proto
index 8a85e348..8fb4c9c7 100644
--- a/grpc/gcp/s2a/s2a.proto
+++ b/grpc/gcp/s2a/s2a.proto
@@ -57,11 +57,13 @@ message AlpnPolicy {
 }
 
 message AuthenticationMechanism {
+  reserved 1;
+
   // Applications may specify an identity associated to an authentication
   // mechanism. Otherwise, S2A assumes that the authentication mechanism is
   // associated with the default identity. If the default identity cannot be
   // determined, the request is rejected.
-  Identity identity = 1;
+  Identity identity = 3;
 
   oneof mechanism_oneof {
     // A token that the application uses to authenticate itself to S2A.
@@ -295,6 +297,8 @@ message ValidatePeerCertificateChainResp {
 }
 
 message SessionReq {
+  reserved 1;
+
   // The identity corresponding to the TLS configurations that MUST be used for
   // the TLS handshake.
   //
@@ -303,7 +307,7 @@ message SessionReq {
   // identity is not populated, S2A will try to deduce the managed identity to
   // use from the SNI extension. If that also fails, S2A uses the default
   // identity (if one exists).
-  Identity local_identity = 1;
+  Identity local_identity = 7;
 
   // The authentication mechanisms that the application wishes to use to
   // authenticate to S2A, ordered by preference. S2A will always use the first
diff --git a/grpc/gcp/s2a/s2a_context.proto b/grpc/gcp/s2a/s2a_context.proto
index edaeaf22..f10fb30f 100644
--- a/grpc/gcp/s2a/s2a_context.proto
+++ b/grpc/gcp/s2a/s2a_context.proto
@@ -26,6 +26,8 @@ option java_outer_classname = "S2AContextProto";
 option java_package = "io.grpc.s2a.handshaker";
 
 message S2AContext {
+  reserved 5, 7, 8
+
   // The SPIFFE ID from the peer leaf certificate, if present.
   //
   // This field is only populated if the leaf certificate is a valid SPIFFE
@@ -54,7 +56,7 @@ message S2AContext {
   repeated string peer_certificate_chain_fingerprints = 4;
 
   // The local identity used during session setup.
-  Identity local_identity = 5;
+  Identity local_identity = 9;
 
   // The SHA256 hash of the DER-encoding of the local leaf certificate used in
   // the handshake.