Thycotic secret ids arg

keepercommander/importer/commands.py

@@ -79,6 +79,8 @@ def register_command_info(aliases, command_info):
                            help='temp directory used to cache encrypted attachment imports')
 import_parser.add_argument('--show-skipped', dest='show_skipped', action='store_true',
                            help='Display skipped records')
+import_parser.add_argument('--secret-ids', dest='secret_ids', action='store',
+                           help='Comma separated list of secret IDs to fetch (Thycotic)')
 import_parser.add_argument(
     'name', type=str, help='file name (json, csv, keepass, 1password), account name (lastpass), or URL (ManageEngine, Thycotic)'
 )

keepercommander/importer/imp_exp.py

@@ -715,6 +715,7 @@ def _import(params, file_format, filename, **kwargs):
     filter_folder = kwargs.get('filter_folder')
     dry_run = kwargs.get('dry_run') is True
     show_skipped = kwargs.get('show_skipped') is True
+    secret_ids = kwargs.get('secret_ids')
 
     import_into = kwargs.get('import_into') or ''
     if import_into:
@@ -732,7 +733,7 @@ def _import(params, file_format, filename, **kwargs):
     filter_folder_lower = filter_folder.lower() if isinstance(filter_folder, str) else ''
 
     for x in importer.execute(filename, params=params, users_only=import_users, filter_folder=filter_folder,
-                              old_domain=old_domain, new_domain=new_domain, tmpdir=tmpdir, dry_run=dry_run):
+                              old_domain=old_domain, new_domain=new_domain, tmpdir=tmpdir, secret_ids=secret_ids, dry_run=dry_run):
         if isinstance(x, ImportRecord):
             if filter_folder and not importer.support_folder_filter():
                 if not x.folders:

keepercommander/importer/thycotic/thycotic.py

@@ -341,6 +341,30 @@
                 secrets_ids.extend([x['id'] for x in auth.thycotic_search(query)])
         else:
             secrets_ids = [x['id'] for x in auth.thycotic_search(f'/v1/secrets/lookup')]
+
+        # secret_ids arg
+        debug_ids = kwargs.get('secret_ids')
+        if debug_ids is not None:
+          # Convert CLI string input into list
+          if isinstance(debug_ids,str):
+              debug_ids = debug_ids.replace(' ','').split(',')
+          # Handle secret IDs list
+          if isinstance(debug_ids,list):
+              # Deduplicate
+              debug_ids = list(set(debug_ids))
+              # Check whether secrets were found in the lookup
+              stringified_secrets_ids = [str(x) for x in secrets_ids]
+              stringified_debug_ids = [str(x) for x in debug_ids]
+              found_secrets = [x for x in stringified_debug_ids if x in stringified_secrets_ids]
+              logging.info(f'From the specified {len(debug_ids)} secret IDs, {len(found_secrets)} were found in the secret server lookup.')
+              logging.info(', '.join(found_secrets))
+
+              # Replace import list with specified IDs
+              secrets_ids = debug_ids
+          else:
+              # Quit if secret IDs != list
+              logging.warning('Invalid input for secret IDs, exiting.')
+              return
 
         self._send_keep_alive_if_needed(params)
         print(f'Loading {len(secrets_ids)} Records ', flush=True, end='')
@@ -779,12 +803,12 @@
             except requests.exceptions.ConnectionError:
                 time.sleep(10)
                 rs = requests.get(url, headers=headers, verify=False, proxies=self.proxy)
             if rs.status_code != 200:
                 error_rs = rs.json()
                 raise Exception(error_rs['message'])
             chunk_rs = rs.json()
             records = chunk_rs.get('records')
             if isinstance(records, list):
                 result.extend(records)
             else:
                 break
@@ -792,9 +816,9 @@
                 skip = chunk_rs['nextSkip']
             else:
                 break
         return result
 
     def thycotic_entity(self, endpoint):  # type: (str) -> Optional[dict]
         self.ensure_auth_token()
         headers = {
             'Accept': 'application/json',