CONCEPT Cited by 1 source

Quota lifecycle management

Quota lifecycle management is the discipline of treating a quota as a first-class object with a full CRUD + operational lifetime — schema definition, validation, authorization, distribution (dispatch), enforcement, and usage-driven updates — rather than as an ad-hoc configuration value hard-coded at one of those layers.

A system that only does enforcement can throttle callers but can't tell you who owns a quota, whether a new quota definition is valid, who can change it, how it gets to the hosts enforcing it, or how its usage flows back into tuning it. A platform doing lifecycle management handles all of those surfaces explicitly.

The six lifecycle surfaces (per Piqama)

Pinterest's Piqama platform makes all six surfaces explicit (Source: sources/2026-02-24-pinterest-piqama-pinterest-quota-management-ecosystem):

1. Schema management — define unique identifiers and hierarchical relationships (e.g. workloads within an organisation's project). A quota for a "workload" is scoped under its owning "project"; this hierarchy is how aggregation + authorization cascade.
2. Validation — a pluggable validation framework where users define custom rules at schema level (structural) and semantic level (invariants, including remote-service checks like cluster-capacity sum constraints).
3. Update authorization — modifications and deletions require authorization based on ownership set at creation. Owners can be individuals or groups; the owner model drives who can change a quota without paging the platform team.
4. Update dispatch — how the latest quota value reaches the enforcement point. Piqama clients pull; operators may plug in their own dispatcher (Pinterest's own example: PinConf push for rate-limit rules).
5. Enforcement / punishment strategies — default strategies integrated with Piqama clients (real-time decisions on serve / drop based on resource usage against the quota) or application-supplied logic. This is the data-plane surface; see control-plane / data-plane separation.
6. Usage feedback — statistics collected transparently by Piqama clients (or via system / storage feedback loops for non-client integrations), pre-aggregated, persisted in Apache Iceberg on S3. Feeds auto-rightsizing.

Why the lifecycle framing matters

Teams can tell a familiar story by which surface is missing:

• Missing schema → quotas as loose config values; nobody knows the full list of quotas across the fleet; duplication between teams is invisible.
• Missing validation → operators type an extra zero and a cluster gets overcommitted; invariants live only in the authors' heads.
• Missing authorization → anyone with config access can raise anyone's quota; governance lives outside the system.
• Missing dispatch → every service rolls its own config-update path; rollouts are inconsistent.
• Missing enforcement hooks → the platform can only enforce its default model; applications with special requirements fork.
• Missing usage feedback → quotas drift; capacity planning reverts to operator intuition.

Seen in

• sources/2026-02-24-pinterest-piqama-pinterest-quota-management-ecosystem — canonical wiki introduction. Piqama makes all six surfaces pluggable and explicit, enabling one control plane to serve diverse applications (capacity quotas for Moka; rate-limit quotas for TiDB + KV stores; future app-specific quotas).

Related

• systems/pinterest-piqama
• concepts/capacity-vs-rate-limit-quota
• concepts/pluggable-validation-framework
• concepts/quota-auto-rightsizing
• concepts/control-plane-data-plane-separation
• patterns/generic-quota-management-platform