AgentSkillsCN

osdu-preshipping

为 OSDU 预发货环境配置用户与服务主体。适用于设置预发货访问权限、为用户或 OID 启用预发货功能、进行预发货测试的批量配置,或配置预生产 OSDU 环境时使用。

SKILL.md
--- frontmatter
name: osdu-preshipping
description: Provision users and service principals for OSDU preshipping environments. Use when setting up preshipping access, enabling preshipping for users or OIDs, bulk-provisioning for preshipping testing, or configuring pre-production OSDU environments.

OSDU Preshipping Setup

IMPORTANT: Intent Detection

Parse user input to determine intent:

User InputIntentAction
help, how to, how do I, usage, formatHelpRespond with usage info below
Contains email or OID + add/remove intentExecuteRun preshipping script

Adding Users to Preshipping

For New External Users (Recommended)

Use the /invite command with the --preshipping flag:

code
/invite user@company.com --preshipping
/invite user@company.com --groups "AzOSDUPreshipReaders" --preshipping

This handles tenant invitation, AD group membership, AND preshipping in one command.

For Existing Tenant Users

If the user is already in your Azure AD tenant, just ask:

code
add user@example.com to preshipping

Or with a preview first:

code
add user@example.com to preshipping --dry-run

What Gets Provisioned

Users are added as OWNER to all preshipping groups including:

CategoryGroups
Data Lakeusers@, users.datalake.ops@, users.datalake.admins@
SDMSservice.edsdms.user@, data.sdms.*
Seismicseismic.default.*, seistore.system.admin@
Secretsservice.secret.admin@, service.secret.viewer@, service.secret.editor@
Searchservice.search.admin@, service.search.user@
Wellboredata.wellbore.owner@
Reservoirservice.reservoir-dms.*
Deliveryservice.delivery.viewer@

Workflow

  1. Run /audit <company> to see existing users' preshipping setup
  2. For new external users: /invite user@company.com --preshipping
  3. For existing tenant users: "add user@company.com to preshipping"

AI Execution (Internal)

When user requests preshipping actions, run these scripts:

bash
# Add user
uv run .claude/skills/osdu-preshipping/scripts/preshipping.py add --user "EMAIL" [--dry-run]

# Add by OID
uv run .claude/skills/osdu-preshipping/scripts/preshipping.py add --oid "GUID" [--dry-run]

# Remove user
uv run .claude/skills/osdu-preshipping/scripts/preshipping.py remove --user "EMAIL"

# List groups
uv run .claude/skills/osdu-preshipping/scripts/preshipping.py list-groups

# Check config
uv run .claude/skills/osdu-preshipping/scripts/preshipping.py check

Output Presentation

Present the script output directly to the user. Do NOT summarize.


Prerequisites

Verify environment variables are set:

bash
echo "AI_OSDU_HOST: ${AI_OSDU_HOST:-NOT SET}"
echo "AI_OSDU_DATA_PARTITION: ${AI_OSDU_DATA_PARTITION:-NOT SET}"
echo "AI_OSDU_CLIENT: ${AI_OSDU_CLIENT:-NOT SET}"
echo "AI_OSDU_SECRET: ${AI_OSDU_SECRET:+SET}"
echo "AI_OSDU_TENANT_ID: ${AI_OSDU_TENANT_ID:-NOT SET}"

Test configuration:

bash
uv run .claude/skills/osdu-preshipping/scripts/preshipping.py check

Environment Variables

VariableRequiredDescription
AI_OSDU_HOSTYesOSDU instance hostname
AI_OSDU_DATA_PARTITIONYesData partition ID (e.g., opendes)
AI_OSDU_CLIENTYesApp registration client ID
AI_OSDU_SECRETYesApp registration secret
AI_OSDU_TENANT_IDYesAzure AD tenant ID
AI_OSDU_DOMAINNoEntitlements domain (default from config)

Error Handling

ErrorCauseSolution
401 UnauthorizedInvalid/expired tokenCheck AI_OSDU_SECRET
403 ForbiddenMissing permissionsVerify app has entitlements API access
409 ConflictAlready in groupNot an error, skipped
Missing env varsNot configuredSet required AI_OSDU_* variables

Reference Files