Enterprise grade PowerShell helper modules for Azure, Terraform, Microsoft Graph, and the surrounding DevOps tooling. The toolkit wraps common CLIs (Terraform, Azure CLI, Checkov, Trivy, Packer, Docker, and more) with idempotent, testable functions, and ships a consistent logging framework.
Every command uses the Ldo prefix (for example Invoke-LdoTerraformPlan) so the helpers never
clash with built-in cmdlets or other modules.
- PowerShell 7.2 or later.
- The external CLIs used by a given function must be on
PATH(for exampleterraform,az,checkov,trivy,packer,docker). UseAssert-LdoChocoPath/Assert-LdoHomebrewPathto bootstrap a package manager, orAssert-LdoCommandto fail fast when a tool is missing.
Install-Module -Name LibreDevOpsHelpers -Scope CurrentUser
Import-Module LibreDevOpsHelpersNested modules auto-load with the root module. You can also import a single nested module:
Import-Module LibreDevOpsHelpers.Terraform- All public commands are prefixed with
Ldoand use approved PowerShell verbs. - Every command has comment-based help. Use
Get-Help <Command> -Fullfor parameters and examples. - Functions validate their input, throw on failure (they never call
exit), and check the exit code of any native CLI they invoke. - Logging goes through
Write-LdoLog, which writes to the correct stream and never pollutes a function's return value. It emits structured JSON by default (one object per line, for log aggregators); switch to a human-readable line withSet-LdoLogFormat -Format Text. Control verbosity withSet-LdoLogLevel. Both default to theLDO_LOG_FORMAT/LDO_LOG_LEVELenvironment variables when set.
# Plan Terraform and scan the plan with Checkov
$code = './terraform'
Invoke-LdoTerraformInit -CodePath $code -InitArgs '-input=false'
Invoke-LdoTerraformPlan -CodePath $code
Convert-LdoTerraformPlanToJson -CodePath $code
Invoke-LdoCheckov -CodePath $code
# Sign in to Azure with a service principal (secret as a SecureString)
$secret = Read-Host -AsSecureString
Connect-LdoAzureCli -Method ClientSecret -ClientId $id -ClientSecret $secret -TenantId $tenantLevelled, timestamped logging routed to non-output streams. Structured JSON by default, with an optional human-readable text format.
Write-LdoLog,Set-LdoLogLevel,Get-LdoLogLevel,Set-LdoLogFormat,Get-LdoLogFormat
General purpose helpers shared across the toolkit.
Test-LdoPath,Assert-LdoCommand,Assert-LdoEnvironmentVariable,Assert-LdoLastExitCodeGet-LdoPublicIpAddress,Get-LdoOperatingSystemNew-LdoPassword,New-LdoRandomSequenceConvertTo-LdoBoolean,ConvertTo-LdoNull
Resilient Microsoft Graph and Azure REST helpers.
Invoke-LdoWithRetry,Invoke-LdoGraphRequest,Get-LdoGraphToken,Clear-LdoGraphTokenCache,Get-LdoGraphErrorDetail
Az PowerShell authentication.
Connect-LdoAzurePowerShell,Connect-LdoAzurePowerShellClientSecret,Connect-LdoAzurePowerShellManagedIdentity,Connect-LdoAzurePowerShellDeviceCode,Test-LdoAzurePowerShellConnection,Disconnect-LdoAzurePowerShell
Azure CLI install and authentication.
Install-LdoAzureCli,Connect-LdoAzureCli,Connect-LdoAzureCliClientSecret,Connect-LdoAzureCliOidc,Connect-LdoAzureCliManagedIdentity,Connect-LdoAzureCliDeviceCode,Test-LdoAzureCliConnection,Disconnect-LdoAzureCli
Temporary network access rules for Key Vaults.
Add-LdoKeyVaultCurrentIpRule,Remove-LdoKeyVaultCurrentIpRule
Temporary network access rules for storage accounts.
Add-LdoStorageCurrentIpRule,Remove-LdoStorageCurrentIpRule
Network security group rule management.
Add-LdoNsgCurrentIpRule,Remove-LdoNsgRule
Function app packaging, deployment, settings, and access rules.
Compress-LdoFunctionAppSource,Invoke-LdoFunctionAppZipDeploy,Get-LdoFunctionAppDefaultUrl,Set-LdoFunctionAppSetting,Add-LdoFunctionAppCurrentIpRule,Remove-LdoFunctionAppCurrentIpRule
Azure DevOps organization lookup and Terraform module token injection.
Get-LdoAzureDevOpsOrgId,Invoke-LdoAzureDevOpsTokenReplacement,Invoke-LdoAzureDevOpsTokenReplacementRevert
End to end Terraform workflow helpers.
Invoke-LdoTerraformValidate,Invoke-LdoTerraformFmtCheck,Invoke-LdoTerraformInit,Invoke-LdoTerraformWorkspaceSelect,Invoke-LdoTerraformPlan,Invoke-LdoTerraformPlanDestroy,Invoke-LdoTerraformApply,Invoke-LdoTerraformDestroy,Convert-LdoTerraformPlanToJson,Get-LdoTerraformStackFolders
Import existing Azure resources into Terraform state from a plan.
Get-LdoTerraformImportResourceId,Invoke-LdoTerraformImportFromPlan
Formatting and README generation for Terraform code.
Format-LdoTerraform,Format-LdoTerraformCode,Format-LdoTerraformVariables,Format-LdoTerraformOutputs,Get-LdoTerraformFileContent,Set-LdoTerraformFileContent,Update-LdoReadmeWithTerraformDocs
Terraform version management via tenv.
Install-LdoTenv,Test-LdoTenv,Invoke-LdoTenvTerraformInstall
Packer build workflow.
Invoke-LdoPackerInit,Invoke-LdoPackerValidate,Invoke-LdoPackerBuild,Invoke-LdoPackerWorkflow
Checkov install and scanning.
Install-LdoCheckov,Invoke-LdoCheckov
Trivy install and configuration scanning.
Install-LdoTrivy,Invoke-LdoTrivy
Docker build and push.
Assert-LdoDockerExists,Build-LdoDockerImage,Push-LdoDockerImage
Package manager bootstrapping.
Assert-LdoChocoPath,Assert-LdoHomebrewPath
Virtual environments, dependency install, and pytest.
New-LdoVenv,Initialize-LdoVenv,Use-LdoVenv,Clear-LdoVenv,Remove-LdoVenv,Invoke-LdoPythonInstallRequirements,Remove-LdoPythonPackages,Invoke-LdoPytestRun
The uv Python package and version manager: install/detect, Python version management, project and dependency workflow, and the pip interface.
Install-LdoUv,Test-LdoUvInstall-LdoUvPython,Get-LdoUvPython,Set-LdoUvPythonPinNew-LdoUvVenv,Invoke-LdoUvSync,Invoke-LdoUvLock,Add-LdoUvPackage,Remove-LdoUvPackageInvoke-LdoUvRun,Invoke-LdoUvPipInstall,Invoke-LdoUvPipUninstall
Microsoft Defender across four surfaces: Defender for Cloud (az security), Defender for
Endpoint / XDR (Graph Security API + Defender for Endpoint API), Defender Antivirus (Windows), and
Defender for Endpoint on Linux (mdatp).
- Cloud:
Get-LdoDefenderSecureScore,Get-LdoDefenderRecommendation,Get-LdoDefenderPlan,Set-LdoDefenderPlan - Endpoint/XDR:
Get-LdoDefenderAlert,Invoke-LdoDefenderHuntingQuery,Invoke-LdoDefenderDeviceIsolation,Invoke-LdoDefenderAvScan - Windows AV:
Get-LdoDefenderAvStatus,Start-LdoDefenderAvScan,Update-LdoDefenderAvSignature,Add-LdoDefenderAvExclusion - Linux (mdatp):
Get-LdoMdatpHealth,Start-LdoMdatpScan,Update-LdoMdatpDefinition,Add-LdoMdatpExclusion
GitHub Actions helpers.
Get-LdoGitHubActionsInput
The glab CLI plus helpers for PowerShell running inside GitLab CI/CD pipelines: install/detect/auth, pipelines, merge requests, releases, CI/CD variables, and pipeline runtime helpers.
Install-LdoGlab,Test-LdoGlab,Connect-LdoGlabInvoke-LdoGlabPipeline,Get-LdoGlabPipeline,Wait-LdoGlabPipelineNew-LdoGlabMergeRequest,New-LdoGlabRelease,Set-LdoGlabCiVariable,Get-LdoGlabCiVariableGet-LdoGitLabCiVariable,Set-LdoGitLabCiOutput,Write-LdoGitLabCiSection
Custom Pester operators and a test runner.
Register-LdoPesterAssertion,Invoke-LdoPesterTest,Test-LdoZeroExitCode,Test-LdoCommandOutputMatch
The repository root contains orchestration scripts that import the module and call its functions:
Run-Docker.ps1builds and optionally pushes a Docker image.Terraform-Import.ps1plans, converts to JSON, and imports existing Azure resources.Terraform-Release.ps1formats code, sorts variables and outputs, regenerates the README, and optionally tags a release.Delete-Modules.ps1resets and reinstalls the module from the PowerShell Gallery.Publish-ToPSGallery.ps1andPublish-ToGitHubPackages.ps1publish the module.
# Lint and test (installs PSScriptAnalyzer and Pester if missing)
./Invoke-Tests.ps1See CONTRIBUTING.md for the module coding standards.
Licensed under the MIT License.
Made by Libre DevOps.