initial change waf+network

Author: Abdul-Microsoft

infra/main.bicep

@@ -198,48 +198,14 @@ resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentiti
 
 var useExistingService = !empty(existingFoundryProjectResourceId)
 
-module cognitiveServicesPrivateDnsZone '../privateDnsZone.bicep' = if (!useExistingService && privateNetworking != null && empty(privateNetworking.?cogServicesPrivateDnsZoneResourceId)) {
-  name: take('${name}-cognitiveservices-pdns-deployment', 64)
-  params: {
-    name: 'privatelink.cognitiveservices.${toLower(environment().name) == 'azureusgovernment' ? 'azure.us' : 'azure.com'}'
-    virtualNetworkResourceId: privateNetworking.?virtualNetworkResourceId ?? ''
-    tags: tags
-  }
-}
-
-module openAiPrivateDnsZone '../privateDnsZone.bicep' = if (!useExistingService && privateNetworking != null && empty(privateNetworking.?openAIPrivateDnsZoneResourceId)) {
-  name: take('${name}-openai-pdns-deployment', 64)
-  params: {
-    name: 'privatelink.openai.${toLower(environment().name) == 'azureusgovernment' ? 'azure.us' : 'azure.com'}'
-    virtualNetworkResourceId: privateNetworking.?virtualNetworkResourceId ?? ''
-    tags: tags
-  }
-}
-
-module aiServicesPrivateDnsZone '../privateDnsZone.bicep' = if (!useExistingService && privateNetworking != null && empty(privateNetworking.?aiServicesPrivateDnsZoneResourceId)) {
-  name: take('${name}-ai-services-pdns-deployment', 64)
-  params: {
-    name: 'privatelink.services.ai.${toLower(environment().name) == 'azureusgovernment' ? 'azure.us' : 'azure.com'}'
-    virtualNetworkResourceId: privateNetworking.?virtualNetworkResourceId ?? ''
-    tags: tags
-  }
-}
-
 var cogServicesPrivateDnsZoneResourceId = privateNetworking != null
-  ? (empty(privateNetworking.?cogServicesPrivateDnsZoneResourceId)
-      ? cognitiveServicesPrivateDnsZone.outputs.resourceId ?? ''
-      : privateNetworking.?cogServicesPrivateDnsZoneResourceId)
+  ? privateNetworking.?cogServicesPrivateDnsZoneResourceId ?? ''
   : ''
 var openAIPrivateDnsZoneResourceId = privateNetworking != null
-  ? (empty(privateNetworking.?openAIPrivateDnsZoneResourceId)
-      ? openAiPrivateDnsZone.outputs.resourceId ?? ''
-      : privateNetworking.?openAIPrivateDnsZoneResourceId)
+  ? privateNetworking.?openAIPrivateDnsZoneResourceId ?? ''
   : ''
-
 var aiServicesPrivateDnsZoneResourceId = privateNetworking != null
-  ? (empty(privateNetworking.?aiServicesPrivateDnsZoneResourceId)
-      ? aiServicesPrivateDnsZone.outputs.resourceId ?? ''
-      : privateNetworking.?aiServicesPrivateDnsZoneResourceId)
+  ? privateNetworking.?aiServicesPrivateDnsZoneResourceId ?? ''
   : ''
 
 resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-04-01-preview' = if(!useExistingService) {

infra/modules/ai-foundry/aifoundry.bicep

@@ -30,19 +30,8 @@ param roleAssignments roleAssignmentType[]?
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
 
-module privateDnsZone 'privateDnsZone.bicep' = if (privateNetworking != null && empty(privateNetworking.?privateDnsZoneResourceId)) {
-  name: take('${name}-documents-pdns-deployment', 64)
-  params: {
-    name: 'privatelink.documents.azure.com'
-    virtualNetworkResourceId: privateNetworking.?virtualNetworkResourceId ?? ''
-    tags: tags
-  }
-}
-
 var privateDnsZoneResourceId = privateNetworking != null
-  ? (empty(privateNetworking.?privateDnsZoneResourceId)
-      ? privateDnsZone.outputs.resourceId ?? ''
-      : privateNetworking.?privateDnsZoneResourceId ?? '')
+  ? privateNetworking.?privateDnsZoneResourceId ?? ''
   : ''
 
 resource sqlContributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2024-11-15' existing = {
@@ -56,8 +45,6 @@ var logContainerName = 'cmsalog'
 
 module cosmosAccount 'br/public:avm/res/document-db/database-account:0.15.0' = {
   name: take('${name}-account-deployment', 64)
-  #disable-next-line no-unnecessary-dependson
-  dependsOn: [privateDnsZone] // required due to optional flags that could change dependency
   params: {
     name: name
     enableAnalyticalStorage: true

infra/modules/cosmosDb.bicep

@@ -32,25 +32,12 @@ param secrets secretType[]?
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
 
-module privateDnsZone 'privateDnsZone.bicep' = if (privateNetworking != null && empty(privateNetworking.?privateDnsZoneResourceId)) {
-  name: take('${name}-kv-pdns-deployment', 64)
-  params: {
-    name: 'privatelink.${toLower(environment().name) == 'azureusgovernment' ? 'vaultcore.usgovcloudapi.net' : 'vaultcore.azure.net'}'
-    virtualNetworkResourceId: privateNetworking.?virtualNetworkResourceId ?? ''
-    tags: tags
-  }
-}
-
 var privateDnsZoneResourceId = privateNetworking != null
-  ? (empty(privateNetworking.?privateDnsZoneResourceId)
-      ? privateDnsZone.outputs.resourceId ?? ''
-      : privateNetworking.?privateDnsZoneResourceId ?? '')
+  ? privateNetworking.?privateDnsZoneResourceId ?? ''
   : ''
 
 module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
   name: take('${name}-kv-deployment', 64)
-  #disable-next-line no-unnecessary-dependson
-  dependsOn: [privateDnsZone] // required due to optional flags that could change dependency
   params: {
     name: name
     location: location