The filter parameter is used to filter the results based on values. Multiple filters can be provided.

Each filter is a 3-tuple comma-delimited expression:


  • fieldName: The field names can be attributes or sub-attributes (i.e. nested values) specified using a JSON path syntax using . for delimiters. For example rules.type will check the type attribute in the nested rules object array.
  • operator: the following operators are supported:
    • eq, equals
    • ne, notEquals
    • gt, greaterThan
    • lt, lessThan
    • gte, greaterThanOrEquals
    • lte, lessThanOrEquals
    • sw, startswith
    • ew, endswith
    • cs, contains
  • value: the field JSON value

This query returns the IDs and names of all policies with mutate rules:

nctl raw "/policies/api/policy?filter=rules.type,equals,Mutation&fields=id,name" | jq


    "id": "9ddaac9f-075f-4e69-a1bc-a0243d2f6072",
    "name": "disable-automount-sa-token"
    "id": "668bbd6a-c433-41a2-ab1d-325120ed14f2",
    "name": "check-images"
    "id": "44ec005e-f7ed-431f-99ba-89918205fe6c",
    "name": "disable-automount-sa-token"