mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
518475fc4c
This pull request updates the logic for selecting which user receives maintenance window calendar events on hosts with multiple users. The changes clarify and enforce a priority system for choosing the recipient email, ensuring that IdP-sourced emails are preferred, followed by Google Chrome profile emails. This affects both user-facing documentation and backend implementation. **User-facing behavior and documentation:** * The end-user documentation now explicitly describes the email selection priority for calendar event recipients: IdP Username email is chosen first, then Google Chrome profile email, and if multiple Chrome emails exist, the first alphabetically is selected. **Backend logic and data selection:** * The comment in `calendar_cron.go` is updated to match the new email selection logic, explaining the prioritization of email sources for host-user assignment. * The SQL query in `policies.go` is refactored to implement the new priority system for selecting user emails per host: - IdP sources (`mdm_idp_accounts`, `idp`) are considered first, - then Google Chrome profiles, - then other sources. - If multiple emails exist at the same priority, the first alphabetically is chosen. --------- Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Co-authored-by: Juan Fernandez <juan-fdz-hawa@users.noreply.github.com> Co-authored-by: Juan Fernandez <juan@fleetdm.com>
3.1 KiB
3.1 KiB
Using maintenance windows (Fleet in your calendar)
Fleet helps end users fix issues on their own by scheduling a maintenance window directly on their calendar—no IT ticket required.
When a host fails a policy (e.g. MDM enrollment profile expired, disk encryption disabled, outdated software), Fleet can notify the user via a Google Calendar event. The event includes:
- What’s wrong (based on policy description)
- What to do (from the policy resolution field)
- A scheduled time (next available slot on Tuesday, 9–5 local time)
The user can reschedule if needed—Fleet will respect the new time and run the remediation then.
You can customize these flows with a webhook (e.g. Tines) to run scripts, use the Fleet API, or call MDM commands.
🔜 Auto-remediation for patching (OS updates, software) is coming soon.
Setup
- Connect a Google Workspace service account to Fleet under Settings > Integrations > Calendars.
- Create a webhook to handle the remediation (see Fleet + Tines guide).
- In the Policies tab, click Manage automations > Calendar events, enable the feature, and paste your webhook URL.
End user experience
- If a user owns multiple failing hosts, only one host is scheduled at a time. Once it's fixed, Fleet schedules the next.
- If a host has multiple users, Fleet chooses one user to receive the event based on email priority:
- First priority: IdP Username email address (from MDM IdP accounts or manually set IdP email)
- Second priority: Google Chrome profile email address
- If multiple Google Chrome profile emails exist, Fleet selects the first one alphabetically
- Third priority: other email sources
- Users can reschedule the event on their calendar—Fleet will run remediation at the new time.
- If a user moves the event to before the current time, Fleet shifts it to the next day.
- If a user deletes the event, Fleet automatically reschedules it for the next day.
- Fleet monitors calendar changes in real time (reschedules within ~30 seconds), but only for events in the upcoming week. Events further out are updated within 30 minutes.
What happens when a policy fails?
- A calendar event is scheduled for the user who owns the host.
- Fleet waits for the scheduled time, then calls the webhook with host + failure details.
For more info: