fix: Watnings fixed and added comments

Author: Prajwal-Microsoft

infra/main.bicep

@@ -35,9 +35,6 @@ param subnetResourceId string = 'null'
 @description('Conditional. Resource ID of the Private DNS Zone. Required if enablePrivateNetworking is true.')
 param privateDnsZoneResourceId string = ''
 
-@description('Conditional. Module output contract supplying the Private DNS Zone. Required if enablePrivateNetworking is true.')
-param avmPrivateDnsZone object = {}
-
 @description('Optional. Object ID (principalId) of an additional principal to assign Key Vault Secrets User role.')
 param principalId string = ''
 

infra/main.json

@@ -64,18 +64,6 @@ param maxStalenessPrefix int = 100000
 @description('Optional. The maximum lag time in minutes. Required for "BoundedStaleness" consistency level. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. Defaults to 300.')
 param maxIntervalInSeconds int = 300
 
-@description('Optional. Specifies the MongoDB server version to use if using Azure Cosmos DB for MongoDB RU. Defaults to "4.2".')
-@allowed([
-  '3.2'
-  '3.6'
-  '4.0'
-  '4.2'
-  '5.0'
-  '6.0'
-  '7.0'
-])
-param serverVersion string = '4.2'
-
 @description('Optional. Configuration for databases when using Azure Cosmos DB for NoSQL.')
 param sqlDatabases sqlDatabaseType[]?
 
@@ -89,16 +77,9 @@ import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.6.0'
 @description('Optional. The lock settings of the service.')
 param lock lockType?
 
-import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
-@description('Optional. An array of control plane Azure role-based access control assignments.')
-param roleAssignments roleAssignmentType[]?
-
 @description('Optional. Configurations for Azure Cosmos DB for NoSQL native role-based access control definitions. Allows the creations of custom role definitions.')
 param dataPlaneRoleDefinitions dataPlaneRoleDefinitionType[]?
 
-@description('Optional. Configurations for Azure Cosmos DB for NoSQL native role-based access control assignments.')
-param dataPlaneRoleAssignments dataPlaneRoleAssignmentType[]?
-
 import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
 @description('Optional. The diagnostic settings for the service.')
 param diagnosticSettings diagnosticSettingFullType[]?
@@ -184,40 +165,6 @@ var identity = !empty(managedIdentities)
     }
   : null
 
-var builtInControlPlaneRoleNames = {
-  Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
-  'Cosmos DB Account Reader Role': subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    'fbdf93bf-df7d-467e-a4d2-9458aa1360c8'
-  )
-  'Cosmos DB Operator': subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    '230815da-be43-4aae-9cb4-875f7bd000aa'
-  )
-  CosmosBackupOperator: subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    'db7b14f2-5adf-42da-9f96-f2ee17bab5cb'
-  )
-  CosmosRestoreOperator: subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    '5432c526-bc82-444a-b7ba-57c5b0b5b34f'
-  )
-  'DocumentDB Account Contributor': subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    '5bd9cd88-fe45-4216-938b-f97437e15450'
-  )
-  Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
-  Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
-  'Role Based Access Control Administrator': subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    'f58310d9-a9f6-439a-9e8d-f62e7b41a168'
-  )
-  'User Access Administrator': subscriptionResourceId(
-    'Microsoft.Authorization/roleDefinitions',
-    '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9'
-  )
-}
-
 #disable-next-line no-deployments-resources
 resource avmTelemetry 'Microsoft.Resources/deployments@2024-07-01' = if (enableTelemetry) {
   name: '46d3xbcp.res.documentdb-databaseaccount.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}'

infra/modules/core/security/keyvault.bicep

@@ -272,8 +272,8 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2024-10-01-prev
           keyVaultProperties: {
             keyVaultArmId: cMKKeyVault.id
             keyIdentifier: !empty(customerManagedKey.?keyVersion ?? '')
-              ? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.keyVersion}'
-              : cMKKeyVault::cMKKey.properties.keyUriWithVersion
+              ? '${cMKKeyVault::cMKKey!.properties.keyUri}/${customerManagedKey!.keyVersion}'
+              : cMKKeyVault::cMKKey!.properties.keyUriWithVersion
           }
         }
       : null

infra/modules/document-db/database-account/main.bicep

@@ -27,7 +27,7 @@ import { subnetType } from 'virtualNetwork.bicep'
 @description('Optional. Subnet configuration for the Jumpbox VM.')
 param subnet subnetType?
 
-// 1. Create AzureBastionSubnet NSG 
+// 1. Create AzureBastionSubnet NSG
 // using AVM Network Security Group module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group
 module nsg 'br/public:avm/res/network/network-security-group:0.5.1' = if (!empty(subnet)) {
@@ -49,7 +49,7 @@ module bastionSubnet 'br/public:avm/res/network/virtual-network/subnet:0.1.2' =
     virtualNetworkName: vnetName
     name: 'AzureBastionSubnet' // this name required as is for Azure Bastion Host subnet
     addressPrefixes: subnet.?addressPrefixes
-    networkSecurityGroupResourceId: nsg.outputs.resourceId
+    networkSecurityGroupResourceId: nsg!.outputs.resourceId
     enableTelemetry: enableTelemetry
   }
 }
@@ -90,8 +90,8 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = {
 
 output resourceId string = bastionHost.outputs.resourceId
 output name string = bastionHost.outputs.name
-output subnetId string = bastionSubnet.outputs.resourceId
-output subnetName string = bastionSubnet.outputs.name
+output subnetId string = bastionSubnet!.outputs.resourceId
+output subnetName string = bastionSubnet!.outputs.name
 
 @export()
 @description('Custom type definition for establishing Bastion Host for remote connection.')

infra/modules/machine-learning-services/workspace/main.bicep

@@ -57,7 +57,7 @@ module subnetResource 'br/public:avm/res/network/virtual-network/subnet:0.1.2' =
     virtualNetworkName: vnetName
     name: subnet.?name ?? ''
     addressPrefixes: subnet.?addressPrefixes
-    networkSecurityGroupResourceId: nsg.outputs.resourceId
+    networkSecurityGroupResourceId: nsg!.outputs.resourceId
     enableTelemetry: enableTelemetry
   }
 }
@@ -97,10 +97,10 @@ module vm '../compute/virtual-machine/main.bicep' = {
         ipConfigurations: [
           {
             name: 'ipconfig1'
-            subnetResourceId: subnetResource.outputs.resourceId
+            subnetResourceId: subnetResource!.outputs.resourceId
           }
         ]
-        networkSecurityGroupResourceId: nsg.outputs.resourceId
+        networkSecurityGroupResourceId: nsg!.outputs.resourceId
         diagnosticSettings: [
           {
             name: 'jumpboxDiagnostics'
@@ -129,10 +129,10 @@ output resourceId string = vm.outputs.resourceId
 output name string = vm.outputs.name
 output location string = vm.outputs.location
 
-output subnetId string = subnetResource.outputs.resourceId
-output subnetName string = subnetResource.outputs.name
-output nsgId string = nsg.outputs.resourceId
-output nsgName string = nsg.outputs.name
+output subnetId string = subnetResource!.outputs.resourceId
+output subnetName string = subnetResource!.outputs.name
+output nsgId string = nsg!.outputs.resourceId
+output nsgName string = nsg!.outputs.name
 
 @export()
 @description('Custom type definition for establishing Jumpbox Virtual Machine and its associated resources.')

infra/modules/network/bastionHost.bicep

@@ -92,12 +92,12 @@ output vnetResourceId string = virtualNetwork.outputs.resourceId
 import { subnetOutputType } from 'virtualNetwork.bicep'
 output subnets subnetOutputType[] = virtualNetwork.outputs.subnets // This one holds critical info for subnets, including NSGs
 
-output bastionSubnetId string = bastionHost.outputs.subnetId
-output bastionSubnetName string = bastionHost.outputs.subnetName
-output bastionHostId string = bastionHost.outputs.resourceId
-output bastionHostName string = bastionHost.outputs.name
-
-output jumpboxSubnetName string = jumpbox.outputs.subnetName
-output jumpboxSubnetId string = jumpbox.outputs.subnetId
-output jumpboxName string = jumpbox.outputs.name
-output jumpboxResourceId string = jumpbox.outputs.resourceId
+output bastionSubnetId string = bastionHost!.outputs.subnetId
+output bastionSubnetName string = bastionHost!.outputs.subnetName
+output bastionHostId string = bastionHost!.outputs.resourceId
+output bastionHostName string = bastionHost!.outputs.name
+
+output jumpboxSubnetName string = jumpbox!.outputs.subnetName
+output jumpboxSubnetId string = jumpbox!.outputs.subnetId
+output jumpboxName string = jumpbox!.outputs.name
+output jumpboxResourceId string = jumpbox!.outputs.resourceId

infra/modules/network/jumpbox.bicep

@@ -77,8 +77,6 @@ param enableTelemetry bool = true
 //   })
 // ]
 
-var enableReferencedModulesTelemetry = false
-
 #disable-next-line no-deployments-resources
 resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) {
   name: '46d3xbcp.res.network-privatednszone.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}'

infra/modules/network/main.bicep

@@ -22,7 +22,7 @@ param logAnalyticsWorkspaceId string
 @description('Optional. Enable/Disable usage telemetry for module.')
 param enableTelemetry bool = true
 
-// 1. Create NSGs for subnets 
+// 1. Create NSGs for subnets
 // using AVM Network Security Group module
 // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group
 
@@ -54,7 +54,7 @@ module virtualNetwork 'br/public:avm/res/network/virtual-network:0.7.0' = {
       for (subnet, i) in subnets: {
         name: subnet.name
         addressPrefixes: subnet.?addressPrefixes
-        networkSecurityGroupResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i].outputs.resourceId : null
+        networkSecurityGroupResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i]!.outputs.resourceId : null
         privateEndpointNetworkPolicies: subnet.?privateEndpointNetworkPolicies
         privateLinkServiceNetworkPolicies: subnet.?privateLinkServiceNetworkPolicies
         delegation: subnet.?delegation
@@ -92,7 +92,7 @@ output subnets subnetOutputType[] = [
     name: subnet.name
     resourceId: virtualNetwork.outputs.subnetResourceIds[i]
     nsgName: !empty(subnet.?networkSecurityGroup) ? subnet.?networkSecurityGroup.name : null
-    nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i].outputs.resourceId : null
+    nsgResourceId: !empty(subnet.?networkSecurityGroup) ? nsgs[i]!.outputs.resourceId : null
   }
 ]