在策略定义中可以在哪里使用 ARM 模板函数？

Question

我正在尝试在 effect 部分策略中使用 ARM 模板函数，但它似乎不允许执行 ARM 模板支持 utcnow('YYYY') 的操作。每篇文章 (https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#policy-functions) 我至少可以在参数中使用这个函数，然后传递它，但它是作为字符串传递的。策略示例如下。我正在尝试将默认 utcnow() 转换为短日期字符串，但未能通过策略这样做

"policyRule": {
    "if": {
      "anyOf": [
        {
          "field": "tags['datemodified']",
          "exists": "false"
        },
        {
          "field": "tags['datemodified']",
          "exists": "true"
        }
      ]
    },
    "then": {
      "effect": "modify",
      "details": {
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "tags['datemodified']",
            "value": "[parameters('timeOfExecution')]"
          }
        ]
      }
    }
  },
  "parameters": {
    "timeOfExecution": {
      "type": "String",
      "metadata": {
        "displayName": "timeOfExecution",
        "description": null
      },
      "defaultValue": "[utcnow('yyyy-MM-dd')]"
    }
  }

Answer 1

根据 Microsoft 的支持，Azure 策略中不支持以下 ARM 模板函数：

dateTimeAdd
utcNow(format)
deployment
environment
variables
extensionResourceId
listAccountSas
listKeys
listSecrets
list*
pickZones
providers (deprecated)
reference
resourceId
subscriptionResourceId
tenantResourceId
managementGroup
tenant
newGuid