Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions

feat: allow deletion of ressources via blueprints

Browse source
This commit is contained in:
Bert-Jan Fikse 2026-01-14 16:03:20 +01:00
parent 889c6abb9d
commit 8f02dd774f
Signed by: bert-jan
GPG key ID: C1E0AB516AC16D1A
3 changed files with 32 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
roles/authentik/README.md
View file

@ -16,4 +16,13 @@ The role renders blueprints for:
- Entra ID sources (`authentik_entra_sources`) - Entra ID sources (`authentik_entra_sources`)
- Login screen sources (`authentik_login_source_ids`) - Login screen sources (`authentik_login_source_ids`)
Secrets are passed via `authentik_blueprint_env` using environment variable references. Secrets are passed via `authentik_blueprint_env` using environment variable references.
## Removing resources
To remove resources from Authentik, move slugs to the removal lists:
- `authentik_removed_oidc_apps`
- `authentik_removed_proxy_apps`
- `authentik_removed_local_users`
After confirming deletion, remove the slug from the list.

11
roles/authentik/defaults/main.yml
View file

@ -111,3 +111,14 @@ authentik_local_users: []
# attributes: # attributes:
# settings: # settings:
# locale: en # locale: en
# Resources to remove from Authentik (cleanup)
# Add slugs/names here when removing from the lists above
authentik_removed_oidc_apps: []
# - grafana
authentik_removed_proxy_apps: []
# - whoami
authentik_removed_local_users: []
# - olduser

12
roles/authentik/tasks/main.yml
View file

@ -53,7 +53,8 @@
(authentik_proxy_outposts | map(attribute='name') | map('regex_replace', '^(.*)$', '30-outpost-\1.yaml') | list) + (authentik_proxy_outposts | map(attribute='name') | map('regex_replace', '^(.*)$', '30-outpost-\1.yaml') | list) +
(authentik_entra_sources | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-source-entra-\1.yaml') | list) + (authentik_entra_sources | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-source-entra-\1.yaml') | list) +
['21-login-sources.yaml'] + ['21-login-sources.yaml'] +
((authentik_local_users | length > 0) | ternary(['05-local-users.yaml'], [])) ((authentik_local_users | length > 0) | ternary(['05-local-users.yaml'], [])) +
(((authentik_removed_oidc_apps | length > 0) or (authentik_removed_proxy_apps | length > 0) or (authentik_removed_local_users | length > 0)) | ternary(['00-cleanup.yaml'], []))
}} }}
- name: Remove stale blueprint files - name: Remove stale blueprint files
@ -110,6 +111,14 @@
when: authentik_local_users | length > 0 when: authentik_local_users | length > 0
register: local_users_bp register: local_users_bp
- name: Render cleanup blueprint
ansible.builtin.template:
src: blueprints/blueprint-cleanup.yaml.j2
dest: "{{ authentik_docker_volume_dir }}/blueprints/00-cleanup.yaml"
mode: "0644"
when: (authentik_removed_oidc_apps | length > 0) or (authentik_removed_proxy_apps | length > 0) or (authentik_removed_local_users | length > 0)
register: cleanup_bp
- name: Create docker-compose file for authentik - name: Create docker-compose file for authentik
template: template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2
@ -129,5 +138,6 @@
or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0)) or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0))
or (login_bp is defined and login_bp.changed) or (login_bp is defined and login_bp.changed)
or (local_users_bp.changed | default(false)) or (local_users_bp.changed | default(false))
or (cleanup_bp.changed | default(false))
) | ternary('always','auto') ) | ternary('always','auto')
}} }}