roles/authentik/tasks/main.yml

@@ -38,6 +38,31 @@
     state: directory
     mode: '0755'
 
+- name: Find existing blueprint files
+  find:
+    paths: "{{ authentik_docker_volume_dir }}/blueprints"
+    patterns: "*.yaml"
+  register: existing_blueprints
+
+- name: Build list of expected blueprint files
+  set_fact:
+    expected_blueprints: >-
+      {{
+        (authentik_oidc_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '10-oidc-\1.yaml') | list) +
+        (authentik_proxy_apps | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-proxy-\1.yaml') | list) +
+        (authentik_proxy_outposts | map(attribute='name') | map('regex_replace', '^(.*)$', '30-outpost-\1.yaml') | list) +
+        (authentik_entra_sources | map(attribute='slug') | map('regex_replace', '^(.*)$', '20-source-entra-\1.yaml') | list) +
+        ['21-login-sources.yaml'] +
+        ((authentik_local_users | length > 0) | ternary(['05-local-users.yaml'], []))
+      }}
+
+- name: Remove stale blueprint files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ existing_blueprints.files }}"
+  when: item.path | basename not in expected_blueprints
+
 - name: Render OIDC blueprints
   ansible.builtin.template:
     src: blueprints/blueprint-oidc-app.yaml.j2