Skip to content

test_cancelling_nonexistent_activities_is_idempotent should use same execution_id #40

New issue
New issue
Open
Open
test_cancelling_nonexistent_activities_is_idempotent should use same execution_id#40
Labels
duroxide-pgIssues reported by duroxide-pg-opt provider
@affandar

Description

@affandar
affandar
opened on Jan 2, 2026

Problem

The provider validation test test_cancelling_nonexistent_activities_is_idempotent currently passes ScheduledActivityIdentifier with execution_id: 99 when calling ack_orchestration_item with execution_id: 1.

This design implies that an orchestration can cancel activities from any execution, not just its own. However, this doesn't match the expected behavior:

An orchestration termination can only cancel that orchestration's activities.

When an orchestration completes, fails, or continues-as-new, it should only be able to cancel activities that belong to its own execution. Allowing cross-execution cancellation creates ambiguity and doesn't reflect real-world orchestration semantics.

Current Behavior

// From provider_validation/cancellation.rs
let cancelled = vec![ScheduledActivityIdentifier {
    instance: instance.to_string(),
    execution_id: 99,  // Different from ack's execution_id (1)
    activity_id: 12345,
}];

provider.ack_orchestration_item(
    &lock_token,
    1,  // execution_id = 1
    history_delta,
    vec![],
    vec![],
    metadata,
    cancelled,  // Contains execution_id = 99
).await

The test expects this to silently succeed (idempotent no-op).

Proposed Change

Change the test to use the same execution_id for both the ack_orchestration_item call and the ScheduledActivityIdentifier:

let cancelled = vec![ScheduledActivityIdentifier {
    instance: instance.to_string(),
    execution_id: 1,  // Same as ack's execution_id
    activity_id: 12345,  // Non-existent activity (idempotent test)
}];

provider.ack_orchestration_item(
    &lock_token,
    1,
    history_delta,
    vec![],
    vec![],
    metadata,
    cancelled,
).await

The test remains an idempotency test (activity doesn't exist), but now correctly validates that an orchestration only attempts to cancel its own activities.

Impact

This change would:

  1. Better reflect orchestration semantics (cancel only own activities)
  2. Allow providers to optionally validate that cancelled_activities match the current execution_id
  3. Clarify the provider contract around lock-stealing cancellation

Labels

duroxide-pg

Metadata

Metadata

Assignees

No one assigned

    Labels

    duroxide-pgIssues reported by duroxide-pg-opt provider

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions