#Project [v1]

#/auth/v1/projects

#get Fetch project list with rbac

#Parameters

• Authorization (in header): string

  Given Bearer token will use this as authorization for the API

• labelSelector (in query): string

  A selector to restrict the list of returned objects by their labels.

• fieldSelector (in query): string

  A selector to restrict the list of returned objects by their fields. Use fieldSelector=metadata.name={project name} to query a specific project.

• limit (in query): integer

  limit the number of returned records.

• continue (in query): string

  continue token for paginated queries.

• resourceVersion (in query): string

  resourceVersion sets a constraint on what resource versions a request may be served from.

• watch (in query): boolean

  watch for changes to the described resources.

• timeoutSeconds (in query): integer

  timeoutSeconds for the list/watch call.

• sortBy (in query): string

  sort option for fuzzy query, such as a,name.

• filterBy (in query): string

  filter option for fuzzy query, such as display-name,keyword.

#Response

• 200 ProjectList: OK
• 401 : Unauthorized - Invalid or missing authentication credentials

#/auth/v1/projects/{project-name}

#delete Delete projects

#Parameters

• Authorization (in header): string

  Given Bearer token will use this as authorization for the API

• project-name (in path): string required

  Project name

• reclaim (in query): boolean

  Whether to reclaim project clusters when deleting the project. true means Delete policy, false means Retain policy.

#Response

• 200 : OK
• 400 : Bad Request - Invalid reclaim query parameter
• 401 : Unauthorized - Invalid or missing authentication credentials
• 403 : Forbidden - User does not have permission to delete project
• 404 : Not Found - Project does not exist

#/auth/v1/projects/{name}/clusters/{cluster-name}/namespaces

#get Fetch namespaces, filtered by rbac

#Parameters

• Authorization (in header): string

  Given Bearer token will use this as authorization for the API

• name (in path): string required

  Project name

• cluster-name (in path): string required

  Cluster name

• labelSelector (in query): string

  A selector to restrict the list of returned objects by their labels.

• fieldSelector (in query): string

  A selector to restrict the list of returned objects by their fields.

• limit (in query): integer

  limit the number of returned records.

• continue (in query): string

  continue token for paginated queries.

• resourceVersion (in query): string

  resourceVersion sets a constraint on what resource versions a request may be served from.

• watch (in query): boolean

  watch for changes to the described resources.

• timeoutSeconds (in query): integer

  timeoutSeconds for the list/watch call.

• sortBy (in query): string

  sort option for fuzzy query, such as a,name.

• filterBy (in query): string

  filter option for fuzzy query, such as display-name,keyword.

#Response

• 200 NamespaceList: OK
• 401 : Unauthorized - Invalid or missing authentication credentials
• 403 : Forbidden - User does not have permission to list namespaces under the project

#ProjectList

• apiVersion: string
• kind: string
• metadata: ListMeta
• items: []Project

#ListMeta

• continue: string
• remainingItemCount: integer
• resourceVersion: string
• selfLink: string

#Project

• apiVersion: string

  APIVersion defines the versioned schema of this representation of an object.

• kind: string

  Kind is a string value representing the REST resource this object represents.

• metadata: ObjectMeta

  ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

• spec: ProjectSpec

  ProjectSpec defines the desired state of Project.

• status: ProjectStatus

  ProjectStatus defines the observed state of Project.

#ProjectSpec

ProjectSpec defines the desired state of Project.

• clusterDeletePolicy: string

  ClusterDeletePolicy specifies the delete policy for clusters when the project is deleted.

• clusters: []ProjectClusters

  Clusters contains the clusters associated with this project.

#ProjectClusters

ProjectClusters describes a cluster associated with a project.

• name: string

  Name of the cluster.

• quota: map[string]string

  Quota stores the quota info for project resources on this cluster.

• type: string

  Type of the cluster.

#ProjectStatus

ProjectStatus defines the observed state of Project.

• phase: string

  Phase records the state of the project.

• reason: string
• version: string
• conditions: []ProjectCondition

#ProjectCondition

ProjectCondition contains condition information for a cluster.

• lastTransitionTime: string

  LastTransitionTime is the last time the condition changed from one status to another.

• message: string

  Message is a human-readable message indicating details about the last status change.

• projectNameSpaceDetail: ProjectNameSpaceDetail

  ProjectNameSpaceDetail records project namespace creation details.

• reason: string

  Reason is a brief reason for the condition's last status change.

• status: string

  Status is one of True, False, Unknown.

• type: string

  Type is the type of the cluster condition.

#ProjectNameSpaceDetail

ProjectNameSpaceDetail records project namespace creation details.

• name: string

  Original project name, which is also used as namespace name.

• successClusters: map[string]boolean

  Clusters where namespace creation succeeded.

• failedClusters: map[string]string

  Clusters where namespace creation failed.

#NamespaceList

• apiVersion: string
• kind: string
• metadata: ListMeta
• items: []Namespace

#Namespace

• apiVersion: string
• kind: string
• metadata: ObjectMeta

  ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

• spec: object
• status: object

#Related APIs

• Cluster [v1]

#API usage

These APIs do not use /kubernetes/{cluster} as a path prefix.

#List all projects

GET /auth/v1/projects

#Get a specific project

Use fieldSelector with the project list API:

GET /auth/v1/projects?fieldSelector=metadata.name={name}

#Get namespaces in a project cluster

GET /auth/v1/projects/{name}/clusters/{cluster-name}/namespaces

#Delete a project

DELETE /auth/v1/projects/{project-name}

Optional query parameter:

#Request examples

List all projects:

curl -H "Authorization: Bearer ${TOKEN}" \
  "${APISERVER}/auth/v1/projects"

Get a specific project:

curl -H "Authorization: Bearer ${TOKEN}" \
  "${APISERVER}/auth/v1/projects?fieldSelector=metadata.name=${PROJECT_NAME}"

Delete a project:

DELETE /auth/v1/projects/demo
DELETE /auth/v1/projects/demo?reclaim=true

#Response examples

Project list response snippet:

{
  "apiVersion": "auth.alauda.io/v1",
  "kind": "ProjectList",
  "items": [
    {
      "metadata": {
        "name": "demo"
      },
      "spec": {
        "clusters": [
          {
            "name": "cluster-a"
          }
        ]
      }
    }
  ]
}

Namespace list response snippet:

{
  "apiVersion": "v1",
  "kind": "NamespaceList",
  "items": [
    {
      "metadata": {
        "name": "default"
      }
    }
  ]
}

#Get clusters and namespaces for one or more projects

Use the existing APIs in sequence:

1. Call /auth/v1/projects (or fieldSelector=metadata.name=...) to get project data.
2. Read cluster names from items[].spec.clusters[].name.
3. For each {name} and {cluster-name}, call /auth/v1/projects/{name}/clusters/{cluster-name}/namespaces.

Example:

# 1) list all projects (or replace with fieldSelector to target one project)
curl -H "Authorization: Bearer ${TOKEN}" \
  "${APISERVER}/auth/v1/projects"

# 2) for each project and cluster, query namespaces
curl -H "Authorization: Bearer ${TOKEN}" \
  "${APISERVER}/auth/v1/projects/${PROJECT}/clusters/${CLUSTER}/namespaces"