Selectors only available for imports, maps, and modules got list error

getting the following error on my policy

An error occurred evaluating the policy:

policy.sentinel:15:7: selectors only available for imports, maps, and modules, got list

"endpoint_config": [
  {
       "enable_http_port_access": false,
       "http_ports":              {},
  },
],

I know it is because it is finding a list, but I am not sure what I need to correct.

import “tfplan/v2” as tfplan
import “strings”
import “types”

Find all Dataproc Clusters

allDataprocCluster = filter tfplan.resource_changes as _, resource_changes {
resource_changes.type is “google_dataproc_cluster” and
resource_changes.mode is “managed” and
( resource_changes.change.actions is [“create”] or
resource_changes.change.actions is [“update”] )
}

enable_http_port_access_is_true = rule {
all allDataprocCluster as _, dc {
all dc.change.after.cluster_config.endpoint_config as _, ehpa {
ehpa.enabled is true
}
}
}

main = rule { enable_http_port_access_is_true }

here is my policy on the playground

https://play.sentinelproject.io/p/2SJVEDWsCvu

Thanks for reaching out @frank.lugo. It seems that cluster_config and endpoint_config are both lists, which means accessing them directly via a selector (.) is in fact not allowed. However, you can go one level deeper on the all chain and handle it that way.

Playground example:

https://play.sentinelproject.io/p/R_xhpAeysib