AgentSkillsCN

osdu-preshipping-setup

为 OSDU/ADME 预发货环境预置用户与服务主体。适用于设置预发货访问权限、为用户或 OID 启用预发货功能、批量预发货测试,或配置预生产 OSDU 环境时使用。

SKILL.md
--- frontmatter
name: osdu-preshipping-setup
description: Provision users and service principals for OSDU/ADME preshipping environments. Use when setting up preshipping access, enabling preshipping for users or OIDs, bulk-provisioning for preshipping testing, or configuring pre-production OSDU environments.

OSDU Preshipping Setup

Bulk provisioning for OSDU/ADME preshipping environments. Adds users or service principals to all required entitlement groups for preshipping testing.

Prerequisites

Verify environment variables are set:

bash
echo "ADME_HOST: ${ADME_HOST:-NOT SET}"
echo "ADME_DATA_PARTITION: ${ADME_DATA_PARTITION:-NOT SET}"
echo "ADME_CLIENT: ${ADME_CLIENT:-NOT SET}"
echo "ADME_SECRET: ${ADME_SECRET:+SET}"
echo "ADME_TENANT_ID: ${ADME_TENANT_ID:-NOT SET}"

Test configuration:

bash
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py check

Quick Reference

Add User to Preshipping

bash
# Add user to all preshipping groups
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py add --user "user@example.com"

# Add service principal by OID
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py add --oid "32e97796-eabc-4b0b-b1fb-3a65c71a0d09"

# Add multiple OIDs
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py add \
  --oid "32e97796-eabc-4b0b-b1fb-3a65c71a0d09" \
  --oid "f15486aa-d6f8-470c-86fa-f4b437d5f0d9"

# Preview without making changes
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py add --user "user@example.com" --dry-run

Remove User from Preshipping

bash
# Remove user from all preshipping groups
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py remove --user "user@example.com"

# Remove service principal by OID
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py remove --oid "32e97796-eabc-4b0b-b1fb-3a65c71a0d09"

# Preview without making changes
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py remove --user "user@example.com" --dry-run

View Configuration

bash
# List all preshipping groups
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py list-groups

# Check connectivity and auth
uv run ${CLAUDE_PLUGIN_ROOT}/skills/osdu-preshipping/scripts/preshipping.py check

What Gets Provisioned

When you add a user/OID to preshipping, they are added as OWNER to all groups defined in the preshipping configuration. This includes:

CategoryGroups
Data Lakeusers@, users.datalake.ops@, users.datalake.admin@
SDMSservice.edsdms.user@, data.sdms.*
Seismicseismic.default.*, seistore.system.admin@
Secretsservice.secret.admin@, service.secret.viewer@, service.secret.editor@
Searchservice.search.admin@, service.search.user@
Wellboredata.wellbore.owner@
Reservoirservice.reservoir-dms.*
Deliveryservice.delivery.viewer@

For the complete list, see reference/groups.md or run list-groups.

Environment Variables

VariableRequiredDescription
ADME_HOSTYesADME instance hostname
ADME_DATA_PARTITIONYesData partition ID (e.g., opendes)
ADME_CLIENTYesApp registration client ID
ADME_SECRETYesApp registration secret
ADME_TENANT_IDYesAzure AD tenant ID
ADME_DOMAINNoEntitlements domain (default from config)

Output Formats

FormatFlagUse Case
Table(default)Human readable with colors
JSON--jsonAutomation and processing

Error Handling

ErrorCauseSolution
401 UnauthorizedInvalid/expired tokenCheck ADME_SECRET
403 ForbiddenMissing permissionsVerify app has entitlements API access
409 ConflictAlready in groupNot an error, skipped
Missing env varsNot configuredSet required ADME_* variables

Reference Files