Fix temp state dir leak and unchecked Close in terraform bind

[simonfaltum]

Why

Found during a full-repo review of the CLI. bundle deployment bind (terraform engine) creates a temporary directory for the imported state, but the cleanup defer is registered only after terraform import and terraform plan succeed. Any failure in those steps leaves a state-* directory behind in the system temp dir on every retry. Separately, the state file written to the bundle cache directory is closed via a bare defer, so a failing flush on Close is ignored and the command can report success while leaving a truncated state file.

Changes

Before, a failed import or plan leaked the temporary state directory and a failed Close on the written state file was silently ignored; now the temp dir is always removed and a Close failure fails the bind.

• Register defer os.RemoveAll(tmpDir) immediately after os.MkdirTemp in bundle/deploy/terraform/import.go, so the temp dir is cleaned up on all paths, including import and plan errors.
• Check the error from Close on the written state file after the copy completes. The deferred Close stays in place for earlier error paths and is a no-op after the explicit one.

Test plan

• go test ./bundle/deploy/terraform/
• go test ./acceptance -run 'TestAccept/bundle/deployment/bind/job/noop-job' (terraform and direct variants; covers the bind happy path where the state file is written)
• go test ./acceptance -run 'TestAccept/bundle/deployment/bind/job/job-abort-bind' (terraform and direct variants; covers the error path after plan)
• ./task fmt-q, ./task lint-q, and ./task checks pass

This pull request and its description were written by Isaac.

[github-actions]

Waiting for approval

Based on git history, these people are best suited to review:

• @lennartkats-db -- recent work in bundle/deploy/terraform/
• @denik -- recent work in bundle/deploy/terraform/

Eligible reviewers: @andrewnester, @anton-107, @janniklasrose, @pietern, @shreyas-goenka

_{Suggestions based on git history. See OWNERS for ownership rules.}

[eng-dev-ecosystem-bot]

Integration test report

Commit: 83a91a8

Run: 27410872707

	Env	🔄​flaky	💚​RECOVERED	🙈​SKIP	✅​pass	🙈​skip	Time
💚​	aws linux		7	15	264	973	13:18
💚​	aws windows		7	15	266	971	9:56
💚​	aws-ucws linux		7	15	360	887	21:44
🔄​	aws-ucws windows	3	6	15	360	885	27:40
💚​	azure linux		1	17	267	971	11:44
💚​	azure windows		1	17	269	969	10:10
💚​	azure-ucws linux		1	17	365	883	26:07
🔄​	azure-ucws windows	2	1	17	365	881	13:47
💚​	gcp linux		1	17	263	974	13:35
💚​	gcp windows		1	17	265	972	12:32

26 interesting tests: 15 SKIP, 6 RECOVERED, 5 flaky

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
🔄​	TestAccept	💚​R	💚​R	💚​R	🔄​f	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
🙈​	TestAccept/bundle/invariant/no_drift	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/permissions	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	💚​R	💚​R	💚​R	💚​R	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	💚​R	💚​R	💚​R	💚​R	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	💚​R	💚​R	💚​R
🙈​	TestAccept/bundle/resources/postgres_branches/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/recreate	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/replace_existing	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/update_protected	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/without_branch_id	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_endpoints/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_endpoints/recreate	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_projects/update_display_name	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/synced_database_tables/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/vector_search_indexes/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/vector_search_indexes/grants/select	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🔄​	TestAccept/bundle/run_as/job_default	✅​p	✅​p	✅​p	🔄​f	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p
🔄​	TestAccept/bundle/run_as/job_default/DATABRICKS_BUNDLE_ENGINE=direct	✅​p	✅​p	✅​p	🔄​f	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p
🙈​	TestAccept/ssh/connection	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🔄​	TestFetchRepositoryInfoAPI_FromRepo/root	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p	🔄​f	✅​p	✅​p
🔄​	TestFetchRepositoryInfoAPI_FromRepo/subdir	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p	🔄​f	✅​p	✅​p

Top 50 slowest tests (at least 2 minutes):

duration	env	testname
6:20	gcp windows	TestAccept
5:43	azure-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
5:16	gcp linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
5:07	azure-ucws linux	TestAccept/bundle/resources/dashboards/generate_inplace/DATABRICKS_BUNDLE_ENGINE=direct
5:05	aws-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
5:00	azure windows	TestAccept
4:58	aws windows	TestAccept
4:53	azure-ucws windows	TestAccept
4:32	azure-ucws linux	TestAccept/bundle/deployment/bind/job/generate-and-bind/DATABRICKS_BUNDLE_ENGINE=direct
4:32	azure-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:32	aws-ucws windows	TestFilerRecursiveDelete/workspace_files_extensions
4:22	gcp windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:20	gcp linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:07	gcp windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:59	azure-ucws linux	TestFilerRecursiveDelete/workspace_files
3:56	azure-ucws linux	TestAccept/bundle/resources/volumes/recreate/DATABRICKS_BUNDLE_ENGINE=terraform
3:49	aws-ucws windows	TestAccept/bundle/resources/model_serving_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=direct
3:47	aws-ucws windows	TestFilerWorkspaceFilesExtensionsReadDir
3:45	aws-ucws windows	TestAccept/bundle/resources/volumes/recreate/DATABRICKS_BUNDLE_ENGINE=terraform
3:41	azure-ucws linux	TestAccept/bundle/resources/jobs/check-metadata/DATABRICKS_BUNDLE_ENGINE=direct
3:38	azure-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:33	aws-ucws windows	TestAccept/bundle/resources/jobs/check-metadata/DATABRICKS_BUNDLE_ENGINE=terraform
3:31	aws-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=direct
3:30	aws-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:23	aws-ucws windows	TestAccept/bundle/run_as/job_default/DATABRICKS_BUNDLE_ENGINE=direct
3:22	aws-ucws linux	TestFsCpDirToDirFileNotOverwritten/dbfs_to_dbfs
3:15	azure-ucws linux	TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=terraform
3:12	azure linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:10	aws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:10	aws-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:08	aws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:05	aws-ucws windows	TestAccept/bundle/resources/dashboards/generate_inplace/DATABRICKS_BUNDLE_ENGINE=direct
3:04	azure windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:04	aws-ucws linux	TestAccept/bundle/deploy/mlops-stacks/DATABRICKS_BUNDLE_ENGINE=terraform
3:03	azure-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:58	aws-ucws windows	TestAccept/bundle/resources/model_serving_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:56	aws-ucws windows	TestAccept/bundle/resources/volumes/recreate/DATABRICKS_BUNDLE_ENGINE=direct
2:55	aws-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:53	azure-ucws linux	TestAccept
2:53	aws-ucws linux	TestAccept/bundle/deploy/files/no-snapshot-sync/DATABRICKS_BUNDLE_ENGINE=terraform
2:52	azure linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:48	aws-ucws windows	TestFilerWorkspaceFilesExtensionsStat
2:48	gcp linux	TestAccept
2:46	aws linux	TestAccept
2:46	aws-ucws linux	TestImportDirDoesNotOverwrite
2:45	aws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:45	aws-ucws linux	TestAccept/bundle/deployment/bind/job/generate-and-bind/DATABRICKS_BUNDLE_ENGINE=direct
2:44	aws-ucws linux	TestAccept
2:44	azure linux	TestAccept
2:42	aws-ucws windows	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform