huaweicloud · github-ci-robot · Jul 3, 2025 · Jun 26, 2025
diff --git a/docs/data-sources/workspace_policy_groups.md b/docs/data-sources/workspace_policy_groups.md
@@ -0,0 +1,123 @@
+---
+subcategory: "Workspace"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_workspace_policy_groups"
+description: |-
+  Use this data source to get the list of Workspace policy groups within HuaweiCloud.
+---
+
+# huaweicloud_workspace_policy_groups
+
+Use this data source to get the list of Workspace policy groups within HuaweiCloud.
+
+## Example Usage
+
+### Basic Usage
+
+```hcl
+data "huaweicloud_workspace_policy_groups" "test" {}
+```
+
+### Filter policy groups by priority
+
+```hcl
+variable "policy_priority" {}
+
+data "huaweicloud_workspace_policy_groups" "test" {
+  priority = var.policy_priority
+}
+```
+
+### Filter policy groups by name
+
+```hcl
+variable "policy_group_name" {}
+
+data "huaweicloud_workspace_policy_groups" "test" {
+  policy_group_name = var.policy_group_name
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the data source.  
+  If omitted, the provider-level region will be used.
+
+* `policy_group_id` - (Optional, String) Specifies the ID of the policy group.
+
+* `policy_group_name` - (Optional, String) Specifies the name of the policy group.  
+  The name support fuzzy match.
+
+* `priority` - (Optional, Int) Specifies the priority of the policy group.  
+  Defaults to **0**.
+
+* `description` - (Optional, String) Specifies the description of the policy group.  
+  The description support fuzzy match.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `policy_groups` - The list of policy groups that match the filter parameters.  
+  The [policy_groups](#workspace_policy_groups_attr) structure is documented below.
+
+<a name="workspace_policy_groups_attr"></a>
+The `policy_groups` block supports:
+
+* `policy_group_id` - The ID of the policy group.
+
+* `policy_group_name` - The name of the policy group.
+
+* `priority` - The priority of the policy group.
+
+* `update_time` - The update time of the policy group, in RFC3339 format.
+
+* `description` - The description of the policy group.
+
+* `policies` - The list of policy configurations.  
+  The [policies](#workspace_policy_groups_policies) structure is documented below.
+
+* `targets` - The list of target configurations.  
+  The [targets](#workspace_policy_groups_targets) structure is documented below.
+
+<a name="workspace_policy_groups_policies"></a>
+The `policies` block supports:
+
+* `peripherals` - The peripheral device policies, in JSON format.
+
+* `audio` - The audio policies, in JSON format.
+
+* `client` - The client policies, in JSON format.
+
+* `display` - The display policies, in JSON format.
+
+* `file_and_clipboard` - The file and clipboard policies, in JSON format.
+
+* `session` - The session policies, in JSON format.
+
+* `virtual_channel` - The virtual channel policies, in JSON format.
+
+* `watermark` - The watermark policies, in JSON format.
+
+* `keyboard_mouse` - The keyboard and mouse policies, in JSON format.
+
+* `seamless` - The general audio and video bypass policies, in JSON format.
+
+* `personalized_data_mgmt` - The personalized data management policies, in JSON format.
+
+* `custom` - The custom policies, in JSON format.
+
+* `record_audit` - The screen recording audit policies, in JSON format.
+
+<a name="workspace_policy_groups_targets"></a>
+The `targets` block supports:
+
+* `target_id` - The ID of the target.
+
+* `target_type` - The type of the target.
+
+* `target_name` - The name of the target.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -1507,6 +1507,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_workspace_desktops":                 workspace.DataSourceDesktops(),
 			"huaweicloud_workspace_desktop_tags":             workspace.DataSourceDesktopTags(),
 			"huaweicloud_workspace_flavors":                  workspace.DataSourceWorkspaceFlavors(),
+			"huaweicloud_workspace_policy_groups":            workspace.DataSourcePolicyGroups(),
 			"huaweicloud_workspace_service":                  workspace.DataSourceService(),
 			"huaweicloud_workspace_tags":                     workspace.DataSourceTags(),
 

diff --git a/...oud/services/acceptance/workspace/data_source_huaweicloud_workspace_policy_groups_test.go b/...oud/services/acceptance/workspace/data_source_huaweicloud_workspace_policy_groups_test.go
@@ -0,0 +1,206 @@
+package workspace
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourcePolicyGroups_basic(t *testing.T) {
+	var (
+		name = acceptance.RandomAccResourceName()
+
+		dcName = "data.huaweicloud_workspace_policy_groups.all"
+		dc     = acceptance.InitDataSourceCheck(dcName)
+
+		filterById   = "data.huaweicloud_workspace_policy_groups.filter_by_policy_group_id"
+		dcFilterById = acceptance.InitDataSourceCheck(filterById)
+
+		filterByName   = "data.huaweicloud_workspace_policy_groups.filter_by_policy_group_name"
+		dcFilterByName = acceptance.InitDataSourceCheck(filterByName)
+
+		filterByPriority   = "data.huaweicloud_workspace_policy_groups.filter_by_priority"
+		dcFilterByPriority = acceptance.InitDataSourceCheck(filterByPriority)
+
+		filterByDescription   = "data.huaweicloud_workspace_policy_groups.filter_by_description"
+		dcFilterByDescription = acceptance.InitDataSourceCheck(filterByDescription)
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourcePolicyGroups_basic(name),
+				Check: resource.ComposeTestCheckFunc(
+					// Query policy groups without any filter parameter
+					dc.CheckResourceExists(),
+					resource.TestMatchResourceAttr(dcName, "policy_groups.#", regexp.MustCompile(`^[1-9]([0-9]*)?$`)),
+					resource.TestCheckResourceAttrSet(dcName, "policy_groups.0.policy_group_id"),
+					resource.TestCheckResourceAttrSet(dcName, "policy_groups.0.policy_group_name"),
+					resource.TestCheckResourceAttrSet(dcName, "policy_groups.0.priority"),
+					resource.TestCheckResourceAttrSet(dcName, "policy_groups.0.update_time"),
+					// Filter by ID
+					dcFilterById.CheckResourceExists(),
+					resource.TestCheckOutput("is_id_filter_useful", "true"),
+					// Filter by name
+					dcFilterByName.CheckResourceExists(),
+					resource.TestCheckOutput("is_name_filter_useful", "true"),
+					// Filter by priority
+					dcFilterByPriority.CheckResourceExists(),
+					resource.TestCheckOutput("is_priority_filter_useful", "true"),
+					// Filter by description
+					dcFilterByDescription.CheckResourceExists(),
+					resource.TestCheckOutput("is_description_filter_useful", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourcePolicyGroups_basic(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+data "huaweicloud_workspace_policy_groups" "all" {
+  depends_on = [
+    huaweicloud_workspace_policy_group.test,
+    huaweicloud_workspace_policy_group.nontest,
+  ]
+}
+
+locals {
+  policy_group_id   = try(data.huaweicloud_workspace_policy_groups.all.policy_groups[0].policy_group_id, "NOT_FOUND")
+  policy_group_name = try(data.huaweicloud_workspace_policy_groups.all.policy_groups[0].policy_group_name, "NOT_FOUND")
+  priority          = try(data.huaweicloud_workspace_policy_groups.all.policy_groups[0].priority, -1)
+  update_time       = try(data.huaweicloud_workspace_policy_groups.all.policy_groups[0].update_time, "1900-01-01T01:01:01Z")
+  description       = try(data.huaweicloud_workspace_policy_groups.all.policy_groups[0].description, "NOT_FOUND")
+}
+
+# Filter by policy group id
+data "huaweicloud_workspace_policy_groups" "filter_by_policy_group_id" {
+  policy_group_id = local.policy_group_id
+
+  depends_on = [
+    huaweicloud_workspace_policy_group.test,
+    huaweicloud_workspace_policy_group.nontest,
+  ]
+}
+
+locals {
+  id_filter_result = [
+    for v in data.huaweicloud_workspace_policy_groups.filter_by_policy_group_id.policy_groups[*].policy_group_id :
+    v == local.policy_group_id
+  ]
+}
+
+output "is_id_filter_useful" {
+  value = length(local.id_filter_result) < 2 && alltrue(local.id_filter_result)
+}
+
+# Filter by policy group name
+data "huaweicloud_workspace_policy_groups" "filter_by_policy_group_name" {
+  policy_group_name = local.policy_group_name
+
+  depends_on = [
+    huaweicloud_workspace_policy_group.test,
+    huaweicloud_workspace_policy_group.nontest,
+  ]
+}
+
+output "is_name_filter_useful" {
+  value = length(data.huaweicloud_workspace_policy_groups.filter_by_policy_group_name.policy_groups) > 0
+}
+
+# Filter by priority
+data "huaweicloud_workspace_policy_groups" "filter_by_priority" {
+  priority = local.priority
+
+  depends_on = [
+    huaweicloud_workspace_policy_group.test,
+    huaweicloud_workspace_policy_group.nontest,
+  ]
+}
+
+locals {
+  priority_filter_result = [
+    for v in data.huaweicloud_workspace_policy_groups.filter_by_priority.policy_groups[*].priority :
+    v == local.priority
+  ]
+}
+
+output "is_priority_filter_useful" {
+  value = length(local.priority_filter_result) > 0 && alltrue(local.priority_filter_result)
+}
+
+# Filter by description
+data "huaweicloud_workspace_policy_groups" "filter_by_description" {
+  description = local.description
+
+  depends_on = [
+    huaweicloud_workspace_policy_group.test,
+    huaweicloud_workspace_policy_group.nontest,
+  ]
+}
+
+locals {
+  description_filter_result = [
+    for v in data.huaweicloud_workspace_policy_groups.filter_by_description.policy_groups[*].description :
+    strcontains(v, local.description)
+  ]
+}
+
+output "is_description_filter_useful" {
+  value = length(local.description_filter_result) > 0 && alltrue(local.description_filter_result)
+}
+`, testAccDataSourcePolicyGroups_base(name))
+}
+
+func testAccDataSourcePolicyGroups_base(name string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_workspace_user" "test" {
+  name  = "%[1]s"
+  email = "www.%[1][email protected]"
+}
+
+// The priority will automatically increment with the creation of the resource, no need to specify it manually.
+resource "huaweicloud_workspace_policy_group" "test" {
+  name        = "%[1]s"
+  description = "Created by terraform script"
+
+  targets {
+    type = "USER"
+    id   = huaweicloud_workspace_user.test.id
+    name = huaweicloud_workspace_user.test.name
+  }
+
+  policy {
+    access_control {
+      ip_access_control = "112.20.53.2|255.255.240.0;112.20.53.3|255.255.240.0"
+    }
+  }
+}
+
+resource "huaweicloud_workspace_policy_group" "nontest" {
+  name = "non_%[1]s"
+
+  targets {
+    type = "USER"
+    id   = huaweicloud_workspace_user.test.id
+    name = huaweicloud_workspace_user.test.name
+  }
+
+  policy {
+    access_control {
+      ip_access_control = "112.20.53.2|255.255.240.0;112.20.53.3|255.255.240.0"
+    }
+  }
+}
+`, name)
+}