2 files changed, 12 insertions, 20 deletions

diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 8aabb9f17..216a40874 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -57,10 +57,12 @@
   run_once: true
 
 - name: "Add the secret to the registry's pod service accounts"
-  command: >
-    {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates
-    --config={{ openshift_hosted_kubeconfig  }}
-    -n default
+  oc_serviceaccount_secret:
+    service_account: "{{ item }}"
+    secret: registry-certificates
+    namespace: default
+    kubeconfig: "{{ openshift_hosted_kubeconfig  }}"
+    state: present
   with_items:
   - registry
   - default
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
index e56a68e27..15128784e 100644
--- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
@@ -53,23 +53,13 @@
     create -f -
   when: secrets.rc == 1
 
-- name: Determine if service account contains secrets
-  command: >
-    {{ openshift.common.client_binary }}
-    --config={{ openshift_hosted_kubeconfig }}
-    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
-    get serviceaccounts registry
-    -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
-  register: serviceaccount
-  changed_when: false
-
 - name: Add secrets to registry service account
-  command: >
-    {{ openshift.common.client_binary }}
-    --config={{ openshift_hosted_kubeconfig }}
-    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
-    secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
-  when: serviceaccount.stdout == ''
+  oc_serviceaccount_secret:
+    service_account: registry
+    secret: "{{ registry_config_secret_name }}"
+    namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
+    kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+    state: present
 
 - name: Determine if deployment config contains secrets
   command: >