Compare specific key from 2 JSON files and write in 3rd file if certain condition matches

Question

I am trying to read "certkey" key from 2 different JSON files that get created in my ansible playbook and then write the appended output to 3rd file. I want the script to check for key "daystoexpiration" in JSON file Certkey_output.json and if the value is "0" then lookup the same certkey in JSON file Certkey_binding_output.json and write 3rd file.

Json File 1: Certkey_output.json

# BEGIN ANSIBLE MANAGED BLOCK vpx-cdcl3gw-region14
{
    "errorcode": 0,
    "message": "Done",
    "severity": "NONE",
    "sslcertkey": [
        {
            "cert": "ns-server.cert",
            "certkey": "ns-server-certificate",
            "daystoexpiration": 3808,
            "key": "ns-server.key"
        },
        {
            "cert": "/nsconfig/ssl/tekton-cert-966607.cer",
            "certkey": "tekton-key-966607",
            "daystoexpiration": 0,
            "key": "/nsconfig/ssl/tekton-key-966607.key"
        },
        {
            "cert": "/nsconfig/ssl/tekton-cert-100087713.cer",
            "certkey": "tekton-key-100087713",
            "daystoexpiration": 0,
            "key": "/nsconfig/ssl/tekton-key-100087713.key"
        },
        {
            "cert": "/nsconfig/ssl/tekton-cert-1166.cer",
            "certkey": "tekton-key-1166",
            "daystoexpiration": 0,
            "key": "/nsconfig/ssl/tekton-key-1166.key"
        },
        {
            "cert": "/nsconfig/ssl/tekton-cert-100062456.cer",
            "certkey": "tekton-key-100062456",
            "daystoexpiration": 0,
            "key": "/nsconfig/ssl/tekton-key-100062456.key"
        },
    ]
}
# END ANSIBLE MANAGED BLOCK vpx-cdcl3gw-region14 

JSON File 2: Certkey_binding_output.json

# BEGIN ANSIBLE MANAGED BLOCK vpx-cdcl3gw-region14
{
    "errorcode": 0,
    "message": "Done",
    "severity": "NONE",
    "sslcertkey_sslvserver_binding": [
        {
            "certkey": "tekton-key-966607",
            "data": "1",
            "servername": "tekton-python-lbtest-ssl-cdc146.w-HTTPS-443-tcp-lb",
            "stateflag": "2",
            "version": 2
        }
    ]
}
# END ANSIBLE MANAGED BLOCK vpx-cdcl3gw-region14 

Ansible script:

---
- name: NS_expired_cert_removal
  hosts: citrix_adc
  gather_facts: False


  tasks:
    - name: NS certkey info
      delegate_to: localhost
      ansible.builtin.uri:
        url: "https://{{server}}/nitro/v1/config/sslcertkey?view=summary"
        url_username: "{{user}}"
        url_password: "{{password}}"
        method: GET
        status_code: 200
        timeout: 30
        validate_certs: no
        body_format: json
      register: result_certkey

    - name: Write certkey data to file
      delegate_to: localhost
      ansible.builtin.blockinfile:
        create: yes
        content: "{{ result_certkey.json | to_nice_json }}"
        path: "/Users/abcdef/Downloads/Ansible_Automation/Certkey_output.json"
        marker: "# {mark} ANSIBLE MANAGED BLOCK {{ server }}"
        block: 

    - name: NS certkey binding
      delegate_to: localhost
      ansible.builtin.uri:
        url: "https://{{server}}/nitro/v1/config/sslcertkey_sslvserver_binding?bulkbindings=yes"
        url_username: "{{user}}"
        url_password: "{{password}}"
        method: GET
        status_code: 200
        timeout: 30
        validate_certs: no
        body_format: json
      register: result_certkey_bindings


    - name: Write certkey binding data to file
      delegate_to: localhost   
      ansible.builtin.blockinfile:
        create: yes
        content: "{{ result_certkey_bindings.json | to_nice_json }}"
        path: "/Users/a0b07td/Downloads/Ansible_Automation/Certkey_binding_output.json"
        marker: "# {mark} ANSIBLE MANAGED BLOCK {{ server }}"
        block: 


    - name: Lookup files
      delegate_to: localhost
      set_fact:
        doc1: "{{ lookup('file', '/Users/abcdef/Downloads/Ansible_Automation/Certkey_output.json') }}"
        doc2: "{{ lookup('file', '/Users/abcdef/Downloads/Ansible_Automation/Certkey_binding_output.json') }}"

    - name: Append when condition matches
      delegate_to: localhost  
      ansible.builtin.debug:
        msg: "{{ doc1 | combine(doc2) }}"
      when: result_certkey.json.sslcertkey.daystoexpiration == "0"

I want the script to check for key "daystoexpiration" in JSON file Certkey_output.json and if the value is "0" then lookup the same certkey in JSON file Certkey_binding_output.json and write 3rd file as below:

# BEGIN ANSIBLE MANAGED BLOCK vpx-cdcl3gw-region14
{
    "errorcode": 0,
    "message": "Done",
    "severity": "NONE",
    "Expired_sslcertkey_sslvserver_binding": [
        {
            "cert": "/nsconfig/ssl/tekton-cert-966607.cer",
            "certkey": "tekton-key-966607",
            "daystoexpiration": 0,
            "key": "/nsconfig/ssl/tekton-key-966607.key"
            "servername": "tekton-python-lbtest-ssl-cdc146.w-HTTPS-443-tcp-lb",
        }
    ]
}
# END ANSIBLE MANAGED BLOCK vpx-cdcl3gw-region14

Without using "when" condition, I am getting below error:

"msg": "failed to combine variables, expected dicts but got a 'AnsibleUnsafeText' and a 'AnsibleUnsafeText': \n"# BEGIN ANSIBLE MANAGED BLOCK vpx-ndcl3gw-region14

When I add "when" condition, I am getting below error:

"msg": "The conditional check 'result_certkey.json.sslcertkey.daystoexpiration == "0"' failed. The error was: error while evaluating conditional (result_certkey.json.sslcertkey.daystoexpiration == "0"): 'list object' has no attribute 'daystoexpiration'. 'list object' has no attribute 'daystoexpiration'\n\nThe error appears to be in '/Users/abcdef/Downloads/Ansible_Automation/NS_outputs.yaml': line 60, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Append when condition matches\n ^ here\n"