--- title: On-boarding a duckling --- # Hello and welcome to KIWI.com This part will help for quicker onboarding and will guide you through some standard common processes, so you won't be lost! > *In case you find some parts missing or not up-to-date, please update this page for the next round.* ## Where to start There are multiple places, where you can get the onboarding info. This page tries to answer some basic questions and serves as a single-point entry leading to further resources. You can also investigate some older official resources: 1. [general HR guide](https://kiwicom.atlassian.net/wiki/spaces/PEOP/pages/222363937/For+Newbies) 2. [general Brno guide](https://kiwicom.atlassian.net/wiki/spaces/FI/pages/231145811/Brno) 1. or choose other office from the sidebar there 3. [general fintech guide](https://docs.google.com/document/d/16Ny1m1HDWdnAxWFBaQrkw1fQ7LFJneUVnVMhRV4QCgY/edit) 4. your team-specific guide 1. [acquiring](https://kiwi.wiki/fintech/guides/onboarding-acq) 2. [fraud](https://kiwi.wiki/fintech/guides/onboarding-fraud) 5. For engineering info see [kiwi.wiki](kiwi.wiki) and for general stuff see [kiwi confluence](https://kiwicom.atlassian.net/wiki/spaces/HR/pages/220729771/Onboarding+2.0+-+Guide) ## Basics The following sections contain notes or tribe/team specific steps and sections. If possible, section names follow the structure of the HR on-boarding guide. - Here's a list of useful contacts that you might need during your onboarding period - HR - Alžbeta Šípková -- Onboarding Specialist - Requisition people - Here's a list of useful channels that you might need during your onboarding period - `#plz-HR` -- HR stuff - `#plz-access` -- software access - `#plz-eus` -- hardware stuff - Here's how the company structure looks, how teams look, how teams communicate with each other + a list of team leaders and managers - [Fintech onboarding manual with fintech structure](https://docs.google.com/document/d/16Ny1m1HDWdnAxWFBaQrkw1fQ7LFJneUVnVMhRV4QCgY/edit) - [Kiwihub company diagram](https://performancemanager5.successfactors.eu/sf/orgchart?_s.crb=e99v5Tt1LcmPUZRkKc41p4KZPZGNidcZqHFsKL1SBxY%3d) - Here's a description of some standard processes in KIWI: - Home office - Let others in the team know that you are at home. Write "HO" into `#fintech-acquiring-standup` - How to take a vacation - To request vacation follow the checklist: 1. ask for vacation in #holidays, tag your manager 2. after getting approval fill tulip vacation request 3. mark the vacation in the calendar 4. before your vacation starts, handover your agenda, leadership of meetings and pager 5. immediately before your vacation, notify your colleagues via #fintech-acquiring-standup 6. (optional) change your name something cool like @JanOFF_till_eow - How to take a sick leave 1. Write to `#fintech-acquiring-standup` that you are sick 2. Put it into Tulip - How to communicate with other teams and team members - For each team, they have `#plz-<team>` slack channel where you can write your request - How to fill a work trip - TODO - 15five - Check-ins with your manager - One per week fill how you fell - Add discussion points for 1:1 - Tulip - Vacation tool - New request: - My attendace -> Table view -> New attendance request -> Fill out your request - How to propose changes (since every opinion matters!) - For now it's just a general discussion with your teammates or managers. No standardized tooling. - How to request access or a new hardware - [Service desk](https://kiwicom.atlassian.net/servicedesk/customer/portals) portal is for making requests - Here's an overview of company-wide roadmap and initiatives - https://docs.google.com/presentation/d/1aKQfcjaM9v-JcZIsCMfjgok_-_aGvlkxuSN17F8NAv4/edit#slide=id.p - What general meetings to attend - Ask your manager to invite you to the following meetings: - Daily stand-up - Refinement -- weekly - Review (acquiring team) -- bi-weekly - Retro (acquiring team) -- bi-weekly - Planning -- bi-weekly - 121/1:1 One should be scheduled ASAP by a manager. -- bi-weekly - Kiwi.com online briefing - How to solve conflicts and issues and work ethics - TODO (maybe some teamlead can fill this in or someone with more experience) - What workshops we have - All those events are announced either in team channels (e.g. #da-finance-bois) or in common channels. - Team tech talks, where anybody can present and share their knowledge about the project that they are most proficient in or just share some general knowledge. This helps us to progress as a team and become better engineers. - Some company wide events ## Technical info - The list of more specific tools and accesses that you might need to be able to develop properly in most of the projects is in the Technical setup part - some more specific tools will be provided in projects READMEs - Here are architecture and diagrams for kiwi and fintech - [High level diagram](https://miro.com/app/board/uXjVNFliwfg=/) - [Company-wide architecture](https://miro.com/app/board/uXjVO99-VOE=/) - [Scrooge diagrams](https://miro.com/app/board/uXjVMHvrAs4=/?share_link_id=360425330793) - [Prehistoric technical introduction video](https://drive.google.com/file/d/1hJobuXpPMLE6eFzp-25U1QU0vWx8Wexb/view?usp=drive_link) - Here's a list of channels with technical info (common and team specific) - Your tribe lead should add you to the **@fintech_devs** Slack group. - Join the following tribe channels: - #acquiring-fr-spec-devs (secret) - #alerts-fintech-acquiring - `automated messages with errors and recoveries` - #finance-releases - #finance-devs-on-calls (secret) - #fintech-devs - #fintech-private (secret) - #fintech-devs-private (secret) - #fintech-acquiring-fraud-db - #fintech-acquiring-prod-releasers - `locks for prod releases` - #fintech-acquiring-sandbox-releasers - `locks for sandbox releases` - #fintech-acquiring-standup - `post your status here (e.g. to take HO)` - #plz-fintech-acquiring - #plz-fintech-qa - #logs-finance-errors - #logs-acquiring-errors - #logs-finance-repo - #plz-platform-infra - `ask infrastructure questions (like k8s) here` - #da-finance-bois (secret) - Here's a list of teams' responsibilities (what is the purpose of the team and what projects each team manage) - Booking clients -- Kiwi.com FE - Booking backend (BBE) -- BE for booking --> Uses our services to handle payment - Acquiring - payments and all related to it, manages part of BBE. - Here's an overview of how teams are connected - TODO - What is page duty - After you have completed your probation period, request access to PagerDuty in `#plz-access` and follow [do PICI guide](https://kiwi.wiki/fintech/guides/pci-guide/). - What monitoring tools do we have - some high-level overview, maybe have some list of dashboards per team - https://kiwicom.datadoghq.com - TODO: add concrete dashboards and explanations to them - https://kiwicom.sentry.io - k9s to track deployments in real time ## How the development process look: - We are using rebase not merge ### How to contribute: 1. Firstly, take the top TODO ticket from the Jira active sprint board. 2. Move it to in progress. 3. Create a branch from main/master with your name and Jira ticket id like `grygar/FRAUD-199_add_update_order_repository` 4. Make the changes and follow conventional commits. (`pre-commit` should check it as well) 5. When ready, push the changes. 6. Create a MR `<ticket> | <MR title>` eg. `FRAUD-199 | order repository.update added` and provide a description. 7. Move the Jira ticket into Core Review and assign a reviewer in GitLab using http://wheelofnames.com/ 1. If the code is dangerous, have at least 2 approves on it 8. Wait for the approve/s 9. When you have approve/s, move the Jira ticket to ready for production or QA 10. When you have approve/s, lock sandbox in #fintech-acquiring-sandbox-releasers with `/rlock <minutes> <message>` 11. In the same way, lock production in #fintech-acquiring-prod-releasers 12. Use pipeline to deploy it on sandbox and run qaa test. 13. Monitor sandbox for 5-10 minutes in Datadog 1. If ok, release to production 2. If not ok, deploy master to sandbox, make the changes, push, and repeat 13. (optional if service has canary) deploy to canary and monitor 14. Now release to production and pray 15. Monitor production for 5-10 minutes 1. If ok, merge to main and release it from the main branch 2. If not ok, revert the production by releasing the main branch 16. Unlock locks by `/runlock` 17. Close jira ticket ## Technical setup ### Setup the computer For Windows users, to login to your computer use your Okta username and password, provided by a manager. To obtain local administrator rights, request it in [\#plz-eus](https://skypicker.slack.com/archives/C30SCQUF5) slack channel. <Callout type="warning"> In the case of remote on-boarding, you need some other computer/device, from which you can setup Okta, as you won't be able to access Windows account without it. </Callout> For Linux users, you have a free hand to use a distribution of your preference. During installation please follow [security requirements](https://confluence.kiwi.com/display/SEC/Information+Security+Requirements+for+Another+Operating+System). ### Okta For Okta it is recommended to set up at least one of the available 2FA: - Optionally with Yubikey (_Deprecated, you may get it from EUS together with laptop_). - with Google Authenticator (_Two-step verification app - found on Google Play_) - with Okta app push In the case that you're provided a Yubikey, to make it run properly you need two programs: - [YubiKey Manager](https://www.yubico.com/products/services-software/download/yubikey-manager/) - [YubiKey Personalization Tools](https://www.yubico.com/products/services-software/download/yubikey-personalization-tools/) After installation open YubiKey Personalization Tools. Make sure your YubiKey is detected (_visible information in right panel_). Go to **Settings** section, next: - in the **Output Format** section unselect **Enter**. This will prevent sending tokens in input fields when accidentally touched. - in the **Output Speed Throttling** section set **Output Character Rate** to **Slow down by 60ms**, and check **Add a short delay before sending OTP part**. This should further eliminate accidents. Check with your manager that you are in [the team okta group](https://gitlab.skypicker.com/platform/security/tf-okta-groups/-/blob/master/engineering_fintech.tf). This is usually based on your org structure settings. ### 1Password First time sign in link should be in your email. For acquiring team, ask your manager to add you to [the team vault](https://my.1password.com/vaults/details/zrymz3zeajgt77kucpv2jgmjka). ### Slack If a person is not already in the Kiwi.com workspace: - check if he logged in to the correct Slack URL: **skypicker.slack.com** - Manager has to invite the person, click on **Kiwi.com** workspace (top left in the client) → **Invite people to Kiwi.com**. Then wait for admin approval. ### VPN Installation guide for [VPN](https://kiwicom.atlassian.net/l/cp/1fhdURuw). ### PyCharm Install [PyCharm Professional](https://www.jetbrains.com/pycharm/download/). For activation use licence server: **https://jetbrains-fls.kiwi.com**. To connect you have to be connected via VPN. To be able to run debugger, you have to enable gevent support. <ImageContainer size="medium">  </ImageContainer> ### Gitlab You have to login first for an account to be created. Your manager should then set access rights to the **developer** role, for the [finance](https://gitlab.skypicker.com/finance) gitlab group. In case of an acquiring team member, your manager should set the **maintainer** role in the [In payments](https://gitlab.skypicker.com/finance/payments-in) gitlab group. You will also need to add an SSH key to your gitlab account. [Instructions for Linux](https://www.youtube.com/watch?v=iXuIp5uNnLk) / [Instructions for Windows](https://www.youtube.com/watch?v=Vmt0V6a3ppE) ### Docker, Docker Compose & Docker Registry __TODO how to make guide for how to get license for Docker Desktop__ Ask your onboarding buddy and write update the guide please. Install Docker: [Installation guide for Docker on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04) [Installation guide for Docker Compose on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04) [Installation guide for Docker on MacOS](https://docs.docker.com/desktop/mac/install/) - Docker Compose comes with the Docker Desktop on Mac. To download Docker images to your local machine you need to be logged in to Kiwi's docker registry. Follow the instructions [here](https://kiwi.wiki/handbook/tooling/devtools/container-registry/#how-do-i-download-docker-images-to-my-local-machine). Make sure that you request on the #plz-access channel a Docker license and access to the Dockerhub organization. For that, you will need to [create a DockerHub account](https://hub.docker.com/). #### Second option is Colima [Instalation guide for Colima](https://github.com/abiosoft/colima) ### GCP & Kubectl Please follow [the official installation guide](https://cloud.google.com/sdk/docs/install). Along with gcloud, install kubectl from the additional components (`gcloud components install kubectl`). For access to [Fintech Clusters](https://console.cloud.google.com/kubernetes/workload?project=finance-prod-23dfe20d&supportedpurview=project) ask your manager to add you to the correct org structure in KiwiHub. You then need to configure the two following clusters: - configure access to sandbox ```bash gcloud config set project finance-sandbox-1aec3594 && gcloud config set compute/zone europe-west1-b && gcloud config set container/cluster finance-sandbox && gcloud container clusters get-credentials finance-sandbox ``` - configure access to production ```bash gcloud config set project finance-prod-23dfe20d && gcloud config set compute/zone europe-west3-b && gcloud config set container/cluster finance-production && gcloud container clusters get-credentials --region=europe-west3 finance-production ``` Some useful links for diagnostics: [GCP - MemoryStore](https://kiwicom.datadoghq.com/dashboard/x5a-7pa-zgx/gcp---memorystore?from_ts=1619077094464&live=true&to_ts=1619163494464) [Databases Dashboard](https://kiwicom.datadoghq.com/dashboard/lists?q=cloudSQL) Kubens for switching kubernetes namespaces [Kubens + kubectx](https://github.com/ahmetb/kubectx) ### K9s Install [K9s](https://k9scli.io/topics/install/) for better cluster management. ### PyPi Ask for access to `pypi` in `#plz-access`, you will receive credentials in 1Password. You can use the credentials at [PyPi webpage](https://pypi.skypicker.com). **BE CAREFUL** because the password you will get will be easily visible in the `pip.conf` file, be sure not to use the password anywhere else. ### Vault Install Vault by following the instructions [here](https://learn.hashicorp.com/tutorials/vault/getting-started-install). Ask your manager to add you to the correct org structure in KiwiHub. ### Jira Ask for access to `jira` in `#plz-access`, then ask your manager or PM to add you to the project team. You can login to vault [here](https://vault.skypicker.com). ### Gitlab You have to login first for an account to be created. Your manager should then set access rights to the **developer** role, for the [finance](https://gitlab.skypicker.com/finance) gitlab group. In case of an acquiring team member, your manager should set the **maintainer** role in the [In payments](https://gitlab.skypicker.com/finance/payments-in) gitlab group. You will also need to add an SSH key to your gitlab account. [Instructions for Linux](https://www.youtube.com/watch?v=iXuIp5uNnLk) / [Instructions for Windows](https://www.youtube.com/watch?v=Vmt0V6a3ppE) ### Python For managing python version the team is using pyenv. For dependencies, we are slowly moving towards poetry. ### Datadog Access datadog via okta, developers have access by default. - [Fintech dashboards](https://kiwicom.datadoghq.com/dashboard/lists/manual/72570) ### Miro Access via okta. Check if you are in [Fintech team](https://miro.com/app/settings/team/3458764518936870958/users). ### Sentry Follow platform handbook, [Sentry - How can I start using it?](../../handbook/tooling/observability/sentry.md#how-can-i-start-using-it). Join the team #fintech-acquiring and check it [here](https://kiwicom.sentry.io/settings/teams/fintech-acquiring/members/) ### GPT-4 for company use Go to [librechat](https://librechat.skypicker.com/c/new) ### Google drive and Google mailing groups Send a request to access the `FinTech` and `Fintech devs` shared drives to **Mirka Mizeráková** ([slack](https://skypicker.slack.com/team/U03HWUA73TN)). The request to join the inpayments.dev@kiwi.com mailing group should also be sent to Mirka. In case she is offline or unavailable send a message in `#plz-eus`. ### Debug mode at kiwi.com website - [In the kiwi.wiki](https://kiwi.wiki/qa/guides/qa/test-booking/#test-booking-confirmation) you can find how to create a test booking that goes to sandbox. TL;DR: `enable_magic` query param. ### Domain knowledge Your onboarding buddy is expected to go over the following terms with you. Fill in any additional information you find useful. Outdated materials: + [payment process](https://kiwi.wiki/fintech/acquiring/payment-process/) + [payment flows](https://kiwi.wiki/fintech/acquiring/paymentflows/) Order: + identified by: + order_id + bid + unpaid + paid + cancelled Payment methods: + credit cards + Zooz + partners: + payu, credorax + Ixopay + partners + volt + APM - alternative payment method + apple pay + revolut + PayPal + AliPay + google pay + Credits + are done solely through BBE and do not show up in our services Payment: + states: + init + authorize + capture + void + refund + for APMs states like authorize and capture might be merged into one + PCI Fraud: + stage + __pre-auth__ + outcome: + authorize + authorize with 3DS + authorize with 3DS challenge + decline + __post-auth__ + approve + decline + __3DS-challenge__ + authorize + decline + liability shift + riskified, forter + no-shift: + identiq (WIP) Post-payment: + reconciliation + chargebacks + fraud reports + settlements Supporting services: + currency rates + kantox, openexchangerates + promocodes + invoices + client configuration [A podcast](https://www.acquired.fm/episodes/visa) (with transcript!) about Visa and banking industry in general, very digestible for a newbie. ### Glossary of usfeul links Those links may duplicate the ones in the previous sections, but grouped here for convenience. - [all kiwi infrastructure](https://kiwicom.atlassian.net/browse/INP-3625) - [acq infrastructure](https://miro.com/app/board/uXjVMHvrAs4=/) - [fintech wiki](https://kiwi.wiki/fintech/tribe/) - [learning basics](https://kiwi.wiki/fintech/tribe/basics/) - [how kiwi works (very legacy)](https://drive.google.com/file/d/1hJobuXpPMLE6eFzp-25U1QU0vWx8Wexb/view) - [scrooge tech description](https://docs.google.com/document/d/1J_3wpJzq45sow7z3YLBmNH6XGfRvuyXwGXZzLJ_Qju8/edit#heading=h.l110hdk1xopz) - [fintech knowledge share]([https://kiwi.zoom.us/rec/share/olJ-4qNwRdJkpXdnIwBRHKWjV4czM_UwFXWmRj20dxG_AEA129PvBv9ffZI0ayPU.gOtof__xtaIpcc_u](https://kiwi.zoom.us/rec/share/olJ-4qNwRdJkpXdnIwBRHKWjV4czM_UwFXWmRj20dxG_AEA129PvBv9ffZI0ayPU.gOtof__xtaIpcc_u)) - Passcode: !wNTKvh9 - [monitoring](https://kiwicom.datadoghq.com/dashboard/lists/manual/72570) - [PCI diagram](https://miro.com/app/board/uXjVMHsYaF8=/) - [how to start BBE](https://kiwi.wiki/booking/features/general/booking-services/#17-starting-api-servers) - [bbe introductory presentation](https://docs.google.com/presentation/d/1s5G554Y2hqP3KYViBVFd4Au_xJOjYLuRdclLTGKgopw/edit#slide=id.g29da1d1ce01_0_144) ### Q&A This section is something that we already asked, so that you don't have to :) #### Accesses > Q: can you have vault write access during the probation period A: NO! --- #### BBE > Q: how to start BBE? A: https://kiwi.wiki/booking/features/general/booking-services/#17-starting-api-servers --- > Q: is there any introductory presentation? A: https://docs.google.com/presentation/d/1s5G554Y2hqP3KYViBVFd4Au_xJOjYLuRdclLTGKgopw/edit#slide=id.g6d9253ae77_0_0 --- #### Releases > Q: how to deploy scrooge? (many other repos follow the same principle) A: several steps (requires having an unmerged and approved MR + should be tested somehow - QA or manually) 1. acquire locks in both `#fintech-acquiring-sandbox-releasers` and `#fintech-acquiring-prod-releasers` channels (50-60 minutes can be ok) 2. run the staging pipeline 3. run the QAA pipeline (may take a lot of time). this pipeline could fail, because of some flaky tests. may need to restart, all of the steps should be run as the prerequisite of the prod release 4. release the prod 5. monitor the release here: [https://kiwicom.datadoghq.com/dashboard/lists/manual/72570](https://kiwicom.datadoghq.com/dashboard/lists/manual/72570) 6. merge the branch into master (squash if needed) 7. release the locks if all is ok --- #### Tokenization > Q: what is tokenization, why is it needed and how it works A: OK, tokenization is used so that services like scrooge and scrooge ng don't deal with credit card data directly why is that a problem? because Visa and Mastercard audit our systems and if they find that we are not being extremely careful with that data, we could be expelled from the system. As in not being able to accept cards online.That said, what we can do is have a tiny environment, isolated from the rest, heavily secured, responsible for storing that data, and providing the other services with an associated token that we can work with. that's what the PICI, or PCI --- > Q: who can have access and what is required A: you won't have access yet to that service, because you need to pass some training, provide criminal records. Serious stuff --- > Q: do i understand that the flow is the following? - user wants to pay with a method that requires them to enter their card details (what are those methods btw?) - those data then are transferred from client directly to the pici service - pici service then directs those data to ... (where?) - we receive the tokenized data (scrooge recieves them?) - those data are sent to some 3rd party provider >such a system allows us to not pass sensitive information across the wire and through our servers, but just the tokenized version. is this correct? is pici self written service? is it using some 3rd party lib/service for tokenization? since 3rd party providers have to somehow decrypt/detokenize the user data A: some general answer can be provided with this diagram: [https://miro.com/app/board/uXjVMHsYaF8=/](https://miro.com/app/board/uXjVMHsYaF8=/) --- > Q: for what cases is PICI used? A: only for card payments and not any other 3rd party provider (like apple pay, gpay, etc)