Maintenance windows (Fleet in your calendar) #17230
Comments
noahtalerman
added
story
|
is there a point at which this will add .ics files sent to users as part of the feature? The vast majority of enterprises use Microsoft email services. |
@nonpunctual yes. It's likely Outlook will likely come after Google Calendar. |
|
Hey @sharon-fdm I moved your Figma comments below. Please ask questions and make comments in the GitHub issue here so they're all in one place and easy to find :)
Yes. The plan is to create one meeting for each end user. Even if they have more than one host.
Correct. In Fleet, a host can have many emails (end users) associated with it. Fleet will filter this list of emails by emails w/ the matching domain configured by the IT admin (see where the IT admin will configure the domain in Figma here) cc @getvictor |
|
cc @rachaelshaw ^^ (forgot to @ mention you) |
|
Thanks @noahtalerman. |
|
@getvictor you made me realize we could simplify the current plan:
Instead of only scheduling calendar events on Monday (after first enabling), if the end user doesn't have a calendar event, we always schedule one on the upcoming Friday. Here's how that would look:
This makes the experience more consistent for the end user and IT admin. The expectation becomes, once the end user starts failing one or more policies (no matter what day it is), the calendar event is going to show up on Friday. @rachaelshaw and Victor, what do y'all think? |
|
@getvictor this makes sense to me. If we removed the calendar event, after the event has started then I think I would be confused as an end user. Did the IT team do it's thing? |
|
Sorry to barge in here... maybe I am misunderstanding the intent. My opinion is that Friday is not a great day to use as a default. Lots of orgs:
Ideally, the feature should allow admins to pick their default / starting day. Thanks. |
|
I did not go looking for this article... It's # 1 on Hacker News: https://deploybot.com/blog/no-deployments-on-fridays-a-good-practice-for-software-development-teams |
noahtalerman
removed
the
Epic
getvictor
added
:release
#17230 Fix for the following scenarios: - Team has only one policy with calendar enabled. Events are created on user calendars. Then the user disables the calendar on such policy. Expected behavior: Events on the user calendar should be cleaned up in that scenario. - Policy `platform` is edited (which removes `policy_membership` entries) and we'd like to have the calendar event removed for the hosts that do not apply anymore. To cover these scenarios I changed `ds.GetTeamHostsPolicyMemberships` so that it also returns hosts that have a calendar event AND have no results on policies (returned as passing=1). E.g. this could happen if there ARE calendar events for a team but with a platform that doesn't match the host (so it has no results).
- In Fleet 4.48, we'll ship declaration (DDM) profiles (#14550) - OS updates w/ DDM (#17230) will ship in 4.49 - Update error message so users know OS updates w/ DDM are coming soon. Figma is also updated [here](https://www.figma.com/file/t3j8CGAHR1x1YGjuFLlMst/%2314550-Add-declaration-(DDM)-profiles-for-macOS?type=design&node-id=476%3A11294&mode=design&t=aMjkgv7PGEbePjmH-1). - In the [Figma wireframes here](https://www.figma.com/file/JDbJcLRGRs7c7gKDxAfios/%2317295-Use-new-Software-Update-(DDM)-for-macOS-Sonoma-(14)-and-higher?type=design&node-id=348%3A892&mode=design&t=kkpRKOYrvJxfFbM5-1) for (#17295) add designs for new error message copy so we make the change when we ship OS updates w/ DDM.
…rallel. (#17987) #17230 This fix addresses the unreleased bug where calendar cleanup job can take too long, causing the subsequent job to miss a calendar event. The event deletions now occur in parallel. Also, reducing max bandwidth for accessing Google calendar by 10% to prevent potential rate-limiting corner cases. # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests - [x] Manual QA for all new/changed functionality
lukeheath
added
:product
|
From customer conversation: 
|
@noahtalerman, reminder to update the docs w/ link to videos to set up Fleet in your calendar: https://www.loom.com/share/9fbdff2998be4877b95ec6702c6c062c?sid=6602e703-aa5a-450a-b092-b5d28eb6e311 |
TODO: Worth doing a scan of the policy automations docs to see if there's now outdated language (ex. reference to outdated UI elements). TODO: What would happen if you enable calendar automations for a "No team" policy? Add something to GitOps that adds a global policy w/ automations enabled.
TODO: If the permissions for choosing which policies trigger calendar events is the same as choosing which policies fire tickets/create webhooks, then let's use the same line in the Manage access table. If the permissions are different, break out a new line. @rachaelshaw when you get the chance, can you please take these on? Thanks! |
Hey @getvictor do you know what happens? |
It looks like we ended up adding the following redirect instead: https://github.com/fleetdm/fleet/blob/main/website/config/routes.js#L489
I updated the issue description to reflect this. cc @rachaelshaw |
Nothing would happen. We don't display calendar automation for global policies in the UI, and we don't process global policies in our calendar cron job. We could either return an error when someone tries to set calendar for a global policy, or simply always set it disabled for a global policy (without returning an error). |
noahtalerman
changed the title
|
FYI @noahtalerman ^^ |
|
Hey @marko-lisica when you get the chance (break during wireframes), can you please take on the TODOs in the "Permissions changes" and "Documentation changes" sections? Thanks! |
Hey @marko-lisica I can take this! |
|
Doc PR is here: #19232 No permissions doc changes needed. Policy automations are already a row in the permissions table:
|
Doc updates for the "Maintenance windows (Fleet in your calendar)" story (#17230)
|
Docs are merged! |
|
Calendar events bloom, |
|
related: #21351 |
Goal
Context
Changes
Product
Engineering
QA
In addition to what's below, see section 10 of the eng doc
Risk assessment
This feature adds:
DB migration and tables.
A job to go over all hosts and:
Risk level: High
Risk description:
The main risk will be at the performance level.
Other Risk will be at logical bugs level, or potentially interference with other jobs on base of performence and DB access.
Manual testing steps
New things we will need to check/do:
Configuring load test with real calendar
FLEET_GOOGLE_CALENDAR_PLUS_ADDRESSING=1select 0PUT fleet/hosts/:id/device_mappingand using plus addressing to ensure emails are uniqueConfiguring load test with mock calendar
select 0PUT fleet/hosts/:id/device_mappingModifying calendar event
The user should be able to modify the calendar event. Some situations to test:
Cleanup
Interesting corner cases
Testing notes
Confirmation
The text was updated successfully, but these errors were encountered: