Project Name: fr-tech-dev
Wikitech Usernames of requestors: andyrussg, jgleeson
Purpose: Provide WMF managed internet-facing development server to assist Fundraising Tech in testing and developing payment integrations.
Brief description: Fundraising Tech develops integrations with payment processors. Several of these integrations include processes where the payment processors make requests to our systems.
During the development & testing phases, we need to receive traffic transmitted from the payment processors servers and redirect it to our local development environments to confirm the integrations work as intended. Historically, we have accomplished this using tools such as ngrok, temporarily exposing our local development environments to the internet on free tiers of the product. This approach isn't ideal as it requires us to transmit potentially sensitive integration data via a third party service. Also, with some payment processors, we must have fixed URLs and valid SSL/TLS certificates to receive traffic, which ngrok does not provide on the free tier.
To properly develop and test these integrations, we need a list of fixed WMF managed URLs running over HTTPS, which we can share with payment processors during the setup stages of the integration. Those addresses will point to a single cloud VM on which fundraising-tech developers can connect to and configure ssh tunnels to intercept any traffic received to be processed and tested locally. This project will receive very little traffic as the URLs will only be used during development and testing by engineers on Fundraising Tech.
We have deliberately kept this project outside the fundraising server cluster to allay any PCI concerns and remove the possibility of accidentally exposing donor data stored on the cluster.
How soon you are hoping this can be fulfilled: ASAP. Our latest integration with Apple Pay requires us to specify a list of URLs to generate certificates to so that we can receive payment traffic during testing. We're currently using AWS in place of a proper solution, but we'd like to keep all this traffic on WMF-managed infrastructure for the reasons mentioned above.