.

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj

@@ -245,6 +245,12 @@
     </ProjectReference>
   </ItemGroup>
   <ItemGroup>
+    <None Include="KeyVaultSetupTemplate.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="keyVaultTemplateParams.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SamplePolicyDefinition.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
@@ -321,6 +327,9 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DeploymentTests\TestNewDeploymentFromTemplateFile.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DeploymentTests\TestNewDeploymentWithKeyVaultReference.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.MoveResourceTest\TestMoveAzureResource.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Resources/Commands.Resources.Test/KeyVaultSetupTemplate.json

@@ -0,0 +1,125 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "keyVaultName": {
+            "type": "string",
+            "metadata": {
+                "description": "Name of the Vault"
+            }
+        },
+        "tenantId": {
+            "type": "string",
+            "metadata": {
+                "description": "Tenant Id for the subscription. Available from Get-AzureRMSubscription PowerShell cmdlet"
+            }
+        },
+        "objectId": {
+            "type": "string",
+            "metadata": {
+                "description": "Object Id of the AD user. Available from Get-AzureRMADUser or Get-AzureRMADServicePrincipal cmdlets"
+            }
+        },
+        "keysPermissions": {
+            "type": "array",
+            "defaultValue": [ "all" ],
+            "metadata": {
+                "description": "Permissions to grant user to keys in the vault. Valid values are: all, create, import, update, get, list, delete, backup, restore, encrypt, decrypt, wrapkey, unwrapkey, sign, and verify."
+            }
+        },
+        "secretsPermissions": {
+            "type": "array",
+            "defaultValue": [ "all" ],
+            "metadata": {
+                "description": "Permissions to grant user to secrets in the vault. Valid values are: all, get, set, list, and delete."
+            }
+        },
+        "skuName": {
+            "type": "string",
+            "defaultValue": "Standard",
+            "allowedValues": [
+                "Standard",
+                "Premium"
+            ],
+            "metadata": {
+                "description": "SKU for the vault"
+            }
+        },
+        "enabledForDeployment": {
+            "type": "bool",
+            "defaultValue": true,
+            "metadata": {
+                "description": "Specifies if the vault is enabled for a VM deployment"
+            }
+        },
+        "enabledForTemplateDeployment": {
+            "type": "bool",
+            "defaultValue": true,
+            "metadata": {
+                "description": "Specifies if the vault is enabled for a ARM template deployment"
+            }
+        },
+        "enableVaultForVolumeEncryption": {
+            "type": "bool",
+            "defaultValue": false,
+            "metadata": {
+                "description": "Specifies if the vault is enabled for volume encryption"
+            }
+        },
+        "secretName": {
+            "type": "string",
+            "metadata": {
+                "description": "Name of the secret to store in the vault"
+            }
+        },
+        "secretValue": {
+            "type": "securestring",
+            "metadata": {
+                "description": "Value of the secret"
+            }
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.KeyVault/vaults",
+            "name": "[parameters('keyVaultName')]",
+            "apiVersion": "2015-06-01",
+            "location": "[resourceGroup().location]",
+            "tags": { "displayName": "Vault" },
+            "properties": {
+                "enabledForDeployment": "[parameters('enabledForDeployment')]",
+                "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
+                "enabledForVolumeEncryption": "[parameters('enableVaultForVolumeEncryption')]",
+                "tenantId": "[parameters('tenantId')]",
+                "accessPolicies": [
+                    {
+                        "tenantId": "[parameters('tenantId')]",
+                        "objectId": "[parameters('objectId')]",
+                        "permissions": {
+                            "keys": "[parameters('keysPermissions')]",
+                            "secrets": "[parameters('secretsPermissions')]"
+                        }
+                    }
+                ],
+                "sku": {
+                    "name": "[parameters('skuName')]",
+                    "family": "A"
+                }
+            },
+            "resources": [
+                {
+                    "type": "secrets",
+                    "name": "[parameters('secretName')]",
+                    "apiVersion": "2015-06-01",
+                    "tags": { "displayName": "secret" },
+                    "properties": {
+                        "value": "[parameters('secretValue')]"
+                    },
+                    "dependsOn": [
+                        "[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
+                    ]
+                }
+            ]
+        }
+    ]
+}

src/ResourceManager/Resources/Commands.Resources.Test/ResourceGroups/NewAzureResourceGroupCommandTests.cs

@@ -39,8 +39,6 @@ public class NewAzureResourceGroupCommandTests : RMTestBase
 
         private string templateFile = @"Resources\sampleTemplateFile.json";
 
-        private string storageAccountName = "myStorageAccount";
-
         private Hashtable[] tags;
 
         public NewAzureResourceGroupCommandTests()

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/DeploymentTests.cs

@@ -29,5 +29,11 @@ public void TestNewDeploymentFromTemplateFile()
         {
             ResourcesController.NewInstance.RunPsTest("Test-NewDeploymentFromTemplateFile");
         }
+
+        [Fact(Skip = "Fix acquisition of TenantId in KeyVault Test.")]
+        public void TestNewDeploymentWithKeyVaultReference()
+        {
+            ResourcesController.NewInstance.RunPsTest("Test-NewDeploymentWithKeyVaultReference");
+        }
     }
 }

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/DeploymentTests.ps1

@@ -67,3 +67,59 @@ function Test-NewDeploymentFromTemplateFile
         Clean-ResourceGroup $rgname
     }
 }
+
+<#
+.SYNOPSIS
+Tests deployment via template file and parameter file with KeyVault reference.
+#>
+function Test-NewDeploymentWithKeyVaultReference
+{
+	# Setup
+	$rgname = Get-ResourceGroupName
+	$rname = Get-ResourceName
+	$keyVaultname = Get-ResourceName
+	$secretName = Get-ResourceName
+	$rglocation = Get-ProviderLocation ResourceManagement
+	$location = Get-ProviderLocation "Microsoft.Web/sites"
+	$hostplanName = "xDeploymentTestHost26668"
+
+	try
+	{
+		# Test
+		New-AzureRmResourceGroup -Name $rgname -Location $rglocation
+
+		$context = Get-AzureRmContext
+		$subscriptionId = $context.Subscription.SubscriptionId
+		$tenantId = $context.Tenant.TenantId
+		$adUser = Get-AzureRmADUser -UserPrincipalName $context.Account.Id
+		$objectId = $adUser.Id
+		$KeyVaultResourceId = "/subscriptions/" + $subscriptionId + "/resourcegroups/" + $rgname + "/providers/Microsoft.KeyVault/vaults/" + $keyVaultname
+
+		$parameters = @{ "keyVaultName" = $keyVaultname; "secretName" = $secretName; "secretValue" = $hostplanName; "tenantId" = $tenantId; "objectId" = $objectId }
+		$deployment = New-AzureRmResourceGroupDeployment -Name $rname -ResourceGroupName $rgname -TemplateFile keyVaultSetupTemplate.json -TemplateParameterObject $parameters
+
+		# Assert
+		Assert-AreEqual Succeeded $deployment.ProvisioningState
+
+		$content = (Get-Content keyVaultTemplateParams.json) -join '' | ConvertFrom-Json
+		$content.hostingPlanName.reference.KeyVault.id = $KeyVaultResourceId
+		$content.hostingPlanName.reference.SecretName = $secretName
+		$content | ConvertTo-Json -depth 999 | Out-File keyVaultTemplateParams.json
+
+		$deployment = New-AzureRmResourceGroupDeployment -Name $rname -ResourceGroupName $rgname -TemplateFile sampleTemplate.json -TemplateParameterFile keyVaultTemplateParams.json
+
+		# Assert
+		Assert-AreEqual Succeeded $deployment.ProvisioningState
+
+		$subId = (Get-AzureRmContext).Subscription.SubscriptionId
+		$deploymentId = "/subscriptions/$subId/resourcegroups/$rgname/providers/Microsoft.Resources/deployments/$rname"
+		$getById = Get-AzureRmResourceGroupDeployment -Id $deploymentId
+		Assert-AreEqual $getById.DeploymentName $deployment.DeploymentName
+	}
+
+	finally
+    {
+        # Cleanup
+        Clean-ResourceGroup $rgname
+    }
+}

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ResourcesController.cs

@@ -19,7 +19,6 @@
 using System.Net.Http.Headers;
 using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components;
 using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Extensions;
-using Microsoft.Azure.Commands.ResourceManager.Common;
 using Microsoft.Azure.Common.Authentication;
 using Microsoft.Azure.Gallery;
 using Microsoft.Azure.Graph.RBAC;
@@ -32,6 +31,7 @@
 using Microsoft.WindowsAzure.Commands.Common;
 using Microsoft.WindowsAzure.Commands.ScenarioTest;
 
+
 namespace Microsoft.Azure.Commands.Resources.Test.ScenarioTests
 {
     public sealed class ResourcesController
@@ -51,15 +51,15 @@ public sealed class ResourcesController
         public SubscriptionClient SubscriptionClient { get; private set; }
 
         public GalleryClient GalleryClient { get; private set; }
-        
+
         public InsightsClient InsightsClient { get; private set; }
 
         public AuthorizationManagementClient AuthorizationManagementClient { get; private set; }
 
         public string UserDomain { get; private set; }
 
-        public static ResourcesController NewInstance 
-        { 
+        public static ResourcesController NewInstance
+        {
             get
             {
                 return new ResourcesController();
@@ -77,18 +77,18 @@ public void RunPsTest(params string[] scripts)
             var mockName = TestUtilities.GetCurrentMethodName(2);
 
             RunPsTestWorkflow(
-                () => scripts, 
+                () => scripts,
                 // no custom initializer
-                null, 
+                null,
                 // no custom cleanup 
                 null,
                 callingClassType,
                 mockName);
         }
 
         public void RunPsTestWorkflow(
-            Func<string[]> scriptBuilder, 
-            Action<CSMTestEnvironmentFactory> initialize, 
+            Func<string[]> scriptBuilder,
+            Action<CSMTestEnvironmentFactory> initialize,
             Action cleanup,
             string callingClassType,
             string mockName)
@@ -99,22 +99,22 @@ public void RunPsTestWorkflow(
 
                 this.csmTestFactory = new CSMTestEnvironmentFactory();
 
-                if(initialize != null)
+                if (initialize != null)
                 {
                     initialize(this.csmTestFactory);
                 }
 
+                helper.SetupEnvironment(AzureModule.AzureResourceManager);
+
                 SetupManagementClients();
 
-                helper.SetupEnvironment(AzureModule.AzureResourceManager);
-
                 var callingClassName = callingClassType
                                         .Split(new[] { "." }, StringSplitOptions.RemoveEmptyEntries)
                                         .Last();
-                helper.SetupModules(AzureModule.AzureResourceManager, 
-                    "ScenarioTests\\Common.ps1", 
-                    "ScenarioTests\\" + callingClassName + ".ps1", 
-                    helper.RMProfileModule, 
+                helper.SetupModules(AzureModule.AzureResourceManager,
+                    "ScenarioTests\\Common.ps1",
+                    "ScenarioTests\\" + callingClassName + ".ps1",
+                    helper.RMProfileModule,
                     helper.RMResourceModule);
 
                 try
@@ -131,7 +131,7 @@ public void RunPsTestWorkflow(
                 }
                 finally
                 {
-                    if(cleanup !=null)
+                    if (cleanup != null)
                     {
                         cleanup();
                     }

src/ResourceManager/Resources/Commands.Resources/Models.ResourceGroups/ResourceClient.cs

@@ -107,7 +107,7 @@ private string GetDeploymentParameters(Hashtable templateParameterObject)
         {
             if (templateParameterObject != null)
             {
-                return SerializeHashtable(templateParameterObject, addValueLayer: true);
+                return SerializeHashtable(templateParameterObject, addValueLayer: false);
             }
             else
             {

src/ResourceManager/Resources/Commands.Resources/Models.ResourceGroups/ResourceWithParameterBaseCmdlet.cs

@@ -39,7 +39,7 @@ public abstract class ResourceWithParameterBaseCmdlet : ResourcesBaseCmdlet
         protected const string ParameterlessTemplateFileParameterSetName = "Deployment via template file without parameters";
         protected const string ParameterlessGalleryTemplateParameterSetName = "Deployment via Gallery without parameters";
         protected const string ParameterlessTemplateUriParameterSetName = "Deployment via template uri without parameters";
-        
+
         protected RuntimeDefinedParameterDictionary dynamicParameters;
 
         private string templateFile;
@@ -143,24 +143,32 @@ public object GetDynamicParameters()
 
         protected Hashtable GetTemplateParameterObject(Hashtable templateParameterObject)
         {
-            templateParameterObject = templateParameterObject ?? new Hashtable();
+            // NOTE(jogao): create a new Hashtable so that user can re-use the templateParameterObject.
+            var prameterObject = new Hashtable();
+            if (templateParameterObject != null)
+            {
+                foreach (var parameterKey in templateParameterObject.Keys)
+                {
+                    prameterObject[parameterKey] = new Hashtable { { "value", templateParameterObject[parameterKey] } };
+                }
+            }
 
             // Load parameters from the file
             string templateParameterFilePath = this.TryResolvePath(TemplateParameterFile);
             if (templateParameterFilePath != null && FileUtilities.DataStore.FileExists(templateParameterFilePath))
             {
                 var parametersFromFile = GalleryTemplatesClient.ParseTemplateParameterFileContents(templateParameterFilePath);
-                parametersFromFile.ForEach(dp => templateParameterObject[dp.Key] = dp.Value.Value);
+                parametersFromFile.ForEach(dp => prameterObject[dp.Key] = new Hashtable { { "value", dp.Value.Value }, { "reference", dp.Value.Reference } });
             }
 
             // Load dynamic parameters
             IEnumerable<RuntimeDefinedParameter> parameters = PowerShellUtilities.GetUsedDynamicParameters(dynamicParameters, MyInvocation);
             if (parameters.Any())
             {
-                parameters.ForEach(dp => templateParameterObject[((ParameterAttribute)dp.Attributes[0]).HelpMessage] = dp.Value);
+                parameters.ForEach(dp => prameterObject[((ParameterAttribute)dp.Attributes[0]).HelpMessage] = new Hashtable { { "value", dp.Value } });
             }
 
-            return templateParameterObject;
+            return prameterObject;
         }
     }
 }

src/ResourceManager/Resources/Commands.Resources/Models.ResourceGroups/TemplateFileParameterV1.cs

@@ -25,6 +25,9 @@ public class TemplateFileParameterV1
         [JsonProperty("value")]
         public object Value { get; set; }
 
+        [JsonProperty("reference")]
+        public object Reference { get; set; }
+
         [JsonProperty("defaultValue")]
         public object DefaultValue { get; set; }