chuckersjp/update_secret.yml

## update_secret.yml
- name: retrieve pullsecret
# Newer version of Ansible call this module k8s_info
  k8s_facts:
    api: v1
    kind: Secret
    name: pull-secret-chuck
    namespace: openshift-config
  register: pullsecret

- name: Get the original cred secrets
  set_fact:
    original_secret: "{{ item.data }}"
  with_items: "{{ pullsecret.resources }}"
  no_log: true

- name: Get the dockerconfigjson info
  set_fact:
    secret_string: '{{ original_secret[".dockerconfigjson"] | b64decode | from_json }}'

- name: Create the new string
  set_fact:
    new_secret_string: '{{ secret_string | combine( nexus_creds, recursive=True) }}'

- name: Set the initial update flag
  set_fact:
    need_update: False

- name: Change the update flag if there is a difference in the updated list of auths items
  set_fact:
    need_update: True
  # i.e. if we have a different number of keys, we obviously changed something so need an update
  when: "new_secret_string['auths'].keys() | symmetric_difference(secret_string['auths'].keys()) | length != 0"

- name: Change the update flag if there is a difference in the contents of the auths items
  set_fact:
    need_update: True
  loop: "{{ new_secret_string['auths'].keys() | sort }}"
  when:
  # If we have added a new auth don't bother checking we have and update
    - not need_update
  # If we have a different value for our keys, we need an update
    - new_secret_string['auths'][item] != secret_string['auths'][item]

- name: Create new secret
  k8s:
    state: present
    merge_type: merge
    definition:
      apiVersion: v1
      data:
        .dockerconfigjson: "{{ new_secret_string | to_json | b64encode }}"
      kind: Secret
      metadata:
        name: pull-secret-chuck
        namespace: openshift-config
      type: kubernetes.io/dockerconfigjson
  when: need_update
	- name: retrieve pullsecret
	# Newer version of Ansible call this module k8s_info
	k8s_facts:
	api: v1
	kind: Secret
	name: pull-secret-chuck
	namespace: openshift-config
	register: pullsecret

	- name: Get the original cred secrets
	set_fact:
	original_secret: "{{ item.data }}"
	with_items: "{{ pullsecret.resources }}"
	no_log: true

	- name: Get the dockerconfigjson info
	set_fact:
	secret_string: '{{ original_secret[".dockerconfigjson"] \| b64decode \| from_json }}'

	- name: Create the new string
	set_fact:
	new_secret_string: '{{ secret_string \| combine( nexus_creds, recursive=True) }}'

	- name: Set the initial update flag
	set_fact:
	need_update: False

	- name: Change the update flag if there is a difference in the updated list of auths items
	set_fact:
	need_update: True
	# i.e. if we have a different number of keys, we obviously changed something so need an update
	when: "new_secret_string['auths'].keys() \| symmetric_difference(secret_string['auths'].keys()) \| length != 0"

	- name: Change the update flag if there is a difference in the contents of the auths items
	set_fact:
	need_update: True
	loop: "{{ new_secret_string['auths'].keys() \| sort }}"
	when:
	# If we have added a new auth don't bother checking we have and update
	- not need_update
	# If we have a different value for our keys, we need an update
	- new_secret_string['auths'][item] != secret_string['auths'][item]

	- name: Create new secret
	k8s:
	state: present
	merge_type: merge
	definition:
	apiVersion: v1
	data:
	.dockerconfigjson: "{{ new_secret_string \| to_json \| b64encode }}"
	kind: Secret
	metadata:
	name: pull-secret-chuck
	namespace: openshift-config
	type: kubernetes.io/dockerconfigjson
	when: need_update