【问题标题】:Where can you use ARM template functions in policy definitions?在策略定义中可以在哪里使用 ARM 模板函数?
【发布时间】:2021-12-08 18:22:20
【问题描述】:

我正在尝试在 effect 部分策略中使用 ARM 模板函数,但它似乎不允许执行 ARM 模板支持 utcnow('YYYY') 的操作。每篇文章 (https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#policy-functions) 我至少可以在参数中使用这个函数,然后传递它,但它是作为字符串传递的。策略示例如下。我正在尝试将默认 utcnow() 转换为短日期字符串,但未能通过策略这样做

"policyRule": {
    "if": {
      "anyOf": [
        {
          "field": "tags['datemodified']",
          "exists": "false"
        },
        {
          "field": "tags['datemodified']",
          "exists": "true"
        }
      ]
    },
    "then": {
      "effect": "modify",
      "details": {
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "tags['datemodified']",
            "value": "[parameters('timeOfExecution')]"
          }
        ]
      }
    }
  },
  "parameters": {
    "timeOfExecution": {
      "type": "String",
      "metadata": {
        "displayName": "timeOfExecution",
        "description": null
      },
      "defaultValue": "[utcnow('yyyy-MM-dd')]"
    }
  }

【问题讨论】:

    标签: azure-policy


    【解决方案1】:

    根据 Microsoft 的支持,Azure 策略中不支持以下 ARM 模板函数:

    dateTimeAdd
    utcNow(format)
    deployment
    environment
    variables
    extensionResourceId
    listAccountSas
    listKeys
    listSecrets
    list*
    pickZones
    providers (deprecated)
    reference
    resourceId
    subscriptionResourceId
    tenantResourceId
    managementGroup
    tenant
    newGuid
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2016-10-03
      • 1970-01-01
      • 2014-10-29
      • 2015-01-26
      • 1970-01-01
      • 2015-11-27
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多