Fix system limits

The recent changes on the resource limit implementation exposed an issue
with the implementation of system limits. They shouldnt't be a third,
global scope of resources, but rather a default for organization limits
on creation. This change addresses this, by introducing a separate,
appropriately named table for handling these defaults. The system-level
endpoints are removed as they are not needed anymore, and a migration
ensures existing system limits are converted to the correct values.

Author: mxsrc

src/api/_util/resourcelimit.py

@@ -20,6 +20,7 @@
     BranchAllocationPublic,
     BranchProvisioning,
     EntityType,
+    OrganizationLimitDefault,
     ProvisioningLog,
     ResourceLimit,
     ResourceLimitsPublic,
@@ -134,26 +135,6 @@ async def clone_branch_provisioning(session: SessionDep, source: Branch, target:
     await session.refresh(target)
 
 
-async def initialize_organization_resource_limits(session: SessionDep, organization: Organization):
-    result = await session.execute(select(ResourceLimit).where(ResourceLimit.entity_type == EntityType.system))
-    system_limits = result.scalars().all()
-
-    with session.no_autoflush:
-        for system_limit in system_limits:
-            await session.merge(
-                ResourceLimit(
-                    entity_type=EntityType.org,
-                    org_id=organization.id,
-                    project_id=None,
-                    resource=system_limit.resource,
-                    max_total=system_limit.max_total,
-                    max_per_branch=system_limit.max_per_branch,
-                )
-            )
-    await session.commit()
-    await session.refresh(organization)
-
-
 def dict_to_resource_limits(value: Mapping[ResourceType, int | None]) -> ResourceLimitsPublic:
     return ResourceLimitsPublic(
         milli_vcpu=value.get(ResourceType.milli_vcpu),
@@ -320,7 +301,6 @@ async def get_remaining_project_resources(
     *,
     exclude_branch_ids: Sequence[Identifier] | None = None,
 ) -> ResourceLimitsPublic:
-    system_limits = await get_system_resource_limits(session)
     organization_limits = await get_organization_resource_limits(session, organization_id)
     project_limits = await get_project_resource_limits(session, project_id)
 
@@ -337,16 +317,13 @@ async def get_remaining_project_resources(
 
     effective_limits: dict[ResourceType, int] = {}
     for resource_type in ResourceType:
-        system_limit = system_limits.get(resource_type)
         organization_limit = organization_limits.get(resource_type)
         project_limit = project_limits.get(resource_type)
         per_branch_limit = (
             project_limit.max_per_branch
-            if project_limit and project_limit.max_per_branch is not None
+            if project_limit
             else organization_limit.max_per_branch
-            if organization_limit and organization_limit.max_per_branch is not None
-            else system_limit.max_per_branch
-            if system_limit and system_limit.max_per_branch is not None
+            if organization_limit
             else None
         )
 
@@ -374,17 +351,6 @@ async def get_remaining_project_resources(
     return dict_to_resource_limits(effective_limits)
 
 
-async def get_system_resource_limits(session: SessionDep) -> dict[ResourceType, ResourceLimit]:
-    result = await session.execute(
-        select(ResourceLimit).where(
-            ResourceLimit.entity_type == EntityType.system,
-            ResourceLimit.org_id.is_(None),  # type: ignore[union-attr]
-            ResourceLimit.project_id.is_(None),  # type: ignore[union-attr]
-        )
-    )
-    return _map_resource_limits(list(result.scalars().all()))
-
-
 async def get_organization_resource_limits(
     session: SessionDep, organization_id: Identifier
 ) -> dict[ResourceType, ResourceLimit]:
@@ -638,6 +604,18 @@ def from_database(cls, limits: Sequence[ResourceLimit]) -> Self:
             per_branch=Resources.from_database(limits, "max_per_branch"),
         )
 
+    @classmethod
+    def from_defaults(cls, defaults: Sequence["OrganizationLimitDefault"]) -> Self:
+        return cls(
+            total=Resources.from_database(defaults, "max_total"),
+            per_branch=Resources.from_database(defaults, "max_per_branch"),
+        )
+
+    @classmethod
+    async def organization_defaults(cls, session: AsyncSession) -> Self:
+        result = await session.execute(select(OrganizationLimitDefault))
+        return cls.from_defaults(list(result.scalars().all()))
+
     def to_database(self, entity_type: EntityType) -> list[ResourceLimit]:
         return [
             ResourceLimit(
@@ -651,14 +629,6 @@ def to_database(self, entity_type: EntityType) -> list[ResourceLimit]:
         ]
 
 
-async def system_limits(session: AsyncSession) -> Limits:
-    statement = select(ResourceLimit).where(
-        col(ResourceLimit.org_id).is_(None), col(ResourceLimit.project_id).is_(None)
-    )
-    entries = (await session.exec(statement)).all()
-    return Limits.from_database(entries)
-
-
 async def organization_limits(organization: Organization) -> Limits:
     return Limits.from_database(await organization.awaitable_attrs.limits)
 
@@ -683,11 +653,6 @@ def _allocations():
     )
 
 
-async def system_allocations(session: AsyncSession) -> Resources:
-    allocations = (await session.exec(_allocations())).one()
-    return Resources(**(allocations._asdict()))
-
-
 async def organization_allocations(session: AsyncSession, organization: Organization) -> Resources:
     statement = _allocations().join(Project).where(Project.organization_id == organization.id)
     allocations = (await session.exec(statement)).one()
@@ -700,15 +665,8 @@ async def project_allocations(session: AsyncSession, project: Project) -> Resour
     return Resources(**(allocations._asdict()))
 
 
-async def system_available(session: AsyncSession) -> Resources:
-    return (await system_limits(session)).total - await system_allocations(session)
-
-
 async def organization_available(session: AsyncSession, organization: Organization) -> Resources:
-    return Resources.min(
-        (await organization_limits(organization)).total - await organization_allocations(session, organization),
-        await system_available(session),
-    )
+    return (await organization_limits(organization)).total - await organization_allocations(session, organization)
 
 
 async def project_available(session: AsyncSession, project: Project) -> Resources:
@@ -718,16 +676,13 @@ async def project_available(session: AsyncSession, project: Project) -> Resource
     )
 
 
-async def project_branch_maxima(session: AsyncSession, project: Project) -> Resources:
-    """Minimum per-branch limit across the hierarchy (project > organization > system).
+async def project_branch_maxima(project: Project) -> Resources:
+    """Minimum per-branch limit across the hierarchy (project > organization).
 
     Returns None for any field where no per-branch limit has been configured at any level.
     """
     organization = await project.awaitable_attrs.organization
     return Resources.min(
-        Resources.min(
-            (await project_limits(project)).per_branch,
-            (await organization_limits(organization)).per_branch,
-        ),
-        (await system_limits(session)).per_branch,
+        (await project_limits(project)).per_branch,
+        (await organization_limits(organization)).per_branch,
     )

src/api/organization/__init__.py

@@ -13,9 +13,9 @@
 from ...deployment import delete_deployment
 from ...models.audit import OrganizationAuditLog
 from ...models.organization import Organization, OrganizationCreate, OrganizationUpdate
-from ...models.resources import ResourceTypePublic, ResourceUsageMinute
+from ...models.resources import EntityType, ResourceTypePublic, ResourceUsageMinute
 from .._util import Conflict, Forbidden, NotFound, Unauthenticated, url_path_for
-from .._util.resourcelimit import initialize_organization_resource_limits
+from .._util.resourcelimit import Limits
 from .._util.role import create_organization_admin_role
 from ..auth import authenticated_user
 from ..dependencies import AuthUserDep, OrganizationDep, SessionDep
@@ -87,7 +87,12 @@ async def create(
     user: AuthUserDep,
     response: Literal["empty", "full"] = "empty",
 ) -> JSONResponse:
-    entity = Organization(**parameters.model_dump(), users=[user])
+    default_limits = await Limits.organization_defaults(session)
+    entity = Organization(
+        **parameters.model_dump(),
+        users=[user],
+        limits=default_limits.to_database(EntityType.org),
+    )
     session.add(entity)
     try:
         await session.commit()
@@ -108,9 +113,6 @@ async def create(
     await session.commit()
     await session.refresh(entity)
 
-    # Set up initial organization resource limits
-    await initialize_organization_resource_limits(session, entity)
-
     entity_url = url_path_for(request, "organizations:detail", organization_id=entity.id)
     return JSONResponse(
         content=entity.model_dump() if response == "full" else None,

src/api/organization/project/resources.py

@@ -63,5 +63,5 @@ async def available(session: SessionDep, project: ProjectDep) -> Resources:
     name="organizations:projects:resources:branch-maxima",
     responses={401: Unauthenticated, 403: Forbidden, 404: NotFound},
 )
-async def branch_maxima(session: SessionDep, project: ProjectDep) -> Resources:
-    return await project_branch_maxima(session, project)
+async def branch_maxima(project: ProjectDep) -> Resources:
+    return await project_branch_maxima(project)

src/api/resources.py

@@ -40,10 +40,7 @@
     ResourceLimitsPublic,
     ResourceUsageMinute,
 )
-from ._util import Unauthenticated
 from ._util.resourcelimit import (
-    Limits,
-    Resources,
     check_resource_limits,
     create_or_update_branch_provisioning,
     dict_to_resource_limits,
@@ -55,9 +52,6 @@
     get_organization_resource_usage,
     get_project_resource_usage,
     make_usage_cycle,
-    system_allocations,
-    system_available,
-    system_limits,
 )
 from .auth import authenticated_user
 from .db import SessionDep
@@ -494,30 +488,3 @@ async def monitor_resources():
             await asyncio.sleep((interval - elapsed).total_seconds())
         else:
             logger.warning("Resource monitor execution exeeded desired interval")
-
-
-@api.get(
-    "/limits/",
-    name="resources:limits",
-    responses={401: Unauthenticated},
-)
-async def limits(session: SessionDep) -> Limits:
-    return await system_limits(session)
-
-
-@api.get(
-    "/allocations/",
-    name="resources:allocations",
-    responses={401: Unauthenticated},
-)
-async def allocated(session: SessionDep) -> Resources:
-    return await system_allocations(session)
-
-
-@api.get(
-    "/available/",
-    name="resources:available",
-    responses={401: Unauthenticated},
-)
-async def available(session: SessionDep) -> Resources:
-    return await system_available(session)

src/api/system.py

@@ -21,9 +21,8 @@
     VCPU_MILLIS_MIN,
     VCPU_MILLIS_STEP,
 )
-from ..models.resources import ResourceLimitDefinitionPublic, ResourceType
+from ..models.resources import OrganizationLimitDefault, ResourceLimitDefinitionPublic, ResourceType
 from ..models.role import AccessRight
-from ._util.resourcelimit import get_system_resource_limits
 from .auth import authenticated_user
 from .db import SessionDep
 
@@ -68,10 +67,12 @@ async def list_available_permissions(
 async def list_resource_limit_definitions(
     session: SessionDep,
 ) -> list[ResourceLimitDefinitionPublic]:
-    system_limits = await get_system_resource_limits(session)
+    defaults_result = await session.execute(select(OrganizationLimitDefault))
+    defaults = {d.resource: d for d in defaults_result.scalars().all()}
 
     def _get_limit(resource_type: ResourceType, default: int) -> int:
-        return system_limits[resource_type].max_total if system_limits[resource_type] else default
+        d = defaults.get(resource_type)
+        return d.max_total if d else default
 
     max_vcpu_millis = _get_limit(ResourceType.milli_vcpu, VCPU_MILLIS_MAX)
     max_ram_bytes = _get_limit(ResourceType.ram, MEMORY_MAX)

src/models/migrations/versions/e8f3a2d51c9b_fix_system_limits.py

@@ -0,0 +1,72 @@
+"""fix-system-limits
+
+Revision ID: e8f3a2d51c9b
+Revises: 9bebcc605033
+Create Date: 2026-03-20 00:00:00.000000
+
+"""
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+import sqlmodel
+import sqlmodel.sql
+from alembic import op
+from ulid import ULID
+
+# revision identifiers, used by Alembic.
+revision: str = "e8f3a2d51c9b"
+down_revision: Union[str, Sequence[str], None] = "9bebcc605033"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    resource_type_enum = sa.Enum(
+        "milli_vcpu", "ram", "iops", "database_size", "storage_size",
+        name="resourcetype",
+        create_type=False,
+    )
+
+    # Create the organizationlimitdefault table
+    op.create_table(
+        "organizationlimitdefault",
+        sa.Column("id", sa.UUID(), nullable=False),
+        sa.Column("resource", resource_type_enum, nullable=False),
+        sa.Column("max_total", sa.BigInteger(), nullable=False),
+        sa.Column("max_per_branch", sa.BigInteger(), nullable=False),
+        sa.PrimaryKeyConstraint("id"),
+    )
+    op.create_index("uq_org_limit_default_resource", "organizationlimitdefault", ["resource"], unique=True)
+
+    # Migrate system limits → OrganizationLimitDefault
+    conn = op.get_bind()
+    system_rows = conn.execute(
+        sa.text("SELECT resource, max_total, max_per_branch FROM resourcelimit WHERE entity_type = 'system'")
+    ).fetchall()
+
+    org_limit_default = sa.table(
+        "organizationlimitdefault",
+        sa.column("id", sa.UUID),
+        sa.column("resource", resource_type_enum),
+        sa.column("max_total", sa.BigInteger),
+        sa.column("max_per_branch", sa.BigInteger),
+    )
+    for resource, max_total, max_per_branch in system_rows:
+        conn.execute(
+            sa.insert(org_limit_default).values(
+                id=ULID().to_uuid(),
+                resource=resource,
+                max_total=max_total,
+                max_per_branch=max_per_branch,
+            )
+        )
+
+    conn.execute(sa.text("DELETE FROM resourcelimit WHERE entity_type = 'system'"))
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # Data migration is not trivially reversible; just drop the table.
+    op.drop_index("uq_org_limit_default_resource", table_name="organizationlimitdefault")
+    op.drop_table("organizationlimitdefault")

src/models/resources.py

@@ -29,7 +29,6 @@ class ResourceType(PyEnum):
 
 
 class EntityType(PyEnum):
-    system = "system"
     org = "org"
     project = "project"
 
@@ -85,6 +84,13 @@ class ResourceLimit(AsyncAttrs, Model, table=True):
     max_per_branch: Annotated[int, Field(sa_type=BigInteger)]
 
 
+class OrganizationLimitDefault(AsyncAttrs, Model, table=True):
+    __table_args__ = (Index("uq_org_limit_default_resource", "resource", unique=True),)
+    resource: ResourceType
+    max_total: Annotated[int, Field(sa_type=BigInteger)]
+    max_per_branch: Annotated[int, Field(sa_type=BigInteger)]
+
+
 class BranchProvisioning(AsyncAttrs, Model, table=True):
     branch_id: Identifier | None = Model.foreign_key_field("branch", ondelete="CASCADE")
     resource: ResourceType