CREATE TABLE `identity` (
   `identity_id` int NOT NULL AUTO_INCREMENT,
   `network_id` int NOT NULL,
   `subject_type` enum('token','instance','user','service') CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
   `subject_id` varchar(128) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
   `created_at` int NOT NULL DEFAULT '0',
   `expired_at` int NOT NULL DEFAULT '0',
   PRIMARY KEY (`identity_id`),
   UNIQUE KEY `uk_subject` (`network_id`,`subject_type`,`subject_id`),
   KEY `idx_network_id` (`network_id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

CREATE TABLE `identity_policy` (
  `identity_id` int NOT NULL,
  `policy_id` int NOT NULL,
  PRIMARY KEY (`identity_id`,`policy_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

CREATE TABLE `policy` (
   `policy_id` int NOT NULL AUTO_INCREMENT,
   `network_id` int NOT NULL,
   `name` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
   `description` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT NULL,
   `created_at` int NOT NULL DEFAULT '0',
   PRIMARY KEY (`policy_id`),
   KEY `idx_network_id` (`network_id`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci

CREATE TABLE `rule` (
   `rule_id` int NOT NULL AUTO_INCREMENT,
   `network_id` int NOT NULL,
   `access_rule_id` int NOT NULL,
   `src_policy_id` int NOT NULL,
   `dst_policy_id` int NOT NULL,
   `proto` tinyint NOT NULL,
   `port` int NOT NULL,
   `action` enum('allow','deny') CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
   `created_at` int NOT NULL DEFAULT '0',
   PRIMARY KEY (`rule_id`),
   KEY `idx_src` (`src_policy_id`),
   KEY `idx_network_id` (`network_id`),
   KEY `idx_dst` (`dst_policy_id`)
) ENGINE=InnoDB AUTO_INCREMENT=85 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci