I have a Node/Express API that follows the component pattern, and a handful of ABAC roles that cover those components/collections. This is in a single, multi-tenant DB, and said roles are created programmatically at startup.
In this startup procedure I delete all existing roles and then recreate them from the definitions in my code. In other words, currently during development even a save of a .js file with nodemon triggers a restart of my server, meaning roles get deleted and recreated. (This is done primarily because the roles evolve quite rapidly along with the components of the API)
Now I haven’t run into any issues yet, and the above happens almost instantly, so it’s not an issue at present, but I’m cautious about going to production with this mechanism, because I’m uncertain if the internal optimizations that Fauna does for my roles will also get wiped along with the role itself, and then at scale this will slow things down each time I restart a server container. Also I’m not sure what this will do with multiple containers being orchestrated outside of my direct control (I actually only thought of this just now… -_- )
An alternative might be to compare the current roles with the codebase ones at startup and only delete and recreate the ones that have been changed?
Anyone have a smart solution or advice on this topic? Is this a valid concern or am I overthinking this?