Fix temp state dir leak and unchecked Close in terraform bind

[simonfaltum]

Why

Found during a full-repo review of the CLI. bundle deployment bind (terraform engine) creates a temporary directory for the imported state, but the cleanup defer is registered only after terraform import and terraform plan succeed. Any failure in those steps leaves a state-* directory behind in the system temp dir on every retry. Separately, the state file written to the bundle cache directory is closed via a bare defer, so a failing flush on Close is ignored and the command can report success while leaving a truncated state file.

Changes

Before, a failed import or plan leaked the temporary state directory and a failed Close on the written state file was silently ignored; now the temp dir is always removed and a Close failure fails the bind.

• Register defer os.RemoveAll(tmpDir) immediately after os.MkdirTemp in bundle/deploy/terraform/import.go, so the temp dir is cleaned up on all paths, including import and plan errors.
• Check the error from Close on the written state file after the copy completes. The deferred Close stays in place for earlier error paths and is a no-op after the explicit one.

Test plan

• go test ./bundle/deploy/terraform/
• go test ./acceptance -run 'TestAccept/bundle/deployment/bind/job/noop-job' (terraform and direct variants; covers the bind happy path where the state file is written)
• go test ./acceptance -run 'TestAccept/bundle/deployment/bind/job/job-abort-bind' (terraform and direct variants; covers the error path after plan)
• ./task fmt-q, ./task lint-q, and ./task checks pass

This pull request and its description were written by Isaac.

[github-actions]

Waiting for approval

Based on git history, these people are best suited to review:

• @lennartkats-db -- recent work in bundle/deploy/terraform/
• @denik -- recent work in bundle/deploy/terraform/

Eligible reviewers: @andrewnester, @anton-107, @janniklasrose, @pietern, @shreyas-goenka

_{Suggestions based on git history. See OWNERS for ownership rules.}

[eng-dev-ecosystem-bot]

Commit: cc230ab

Run: 27255240313

	Env	💚​RECOVERED	🙈​SKIP	✅​pass	🙈​skip	Time
💚​	aws linux	7	15	261	928	7:02
💚​	aws windows	7	15	263	926	12:19
💚​	aws-ucws linux	7	15	357	842	7:36
💚​	aws-ucws windows	7	15	359	840	12:10
💚​	azure linux	1	17	264	926	7:14
💚​	azure windows	1	17	266	924	12:11
💚​	azure-ucws linux	1	17	362	838	7:50
💚​	azure-ucws windows	1	17	364	836	11:36
💚​	gcp linux	1	17	260	929	7:46
💚​	gcp windows	1	17	262	927	10:44

22 interesting tests: 15 SKIP, 7 RECOVERED

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
💚​	TestAccept	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
🙈​	TestAccept/bundle/invariant/no_drift	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/permissions	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	💚​R	💚​R	💚​R	💚​R	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	💚​R	💚​R	💚​R	💚​R	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	💚​R	💚​R	💚​R
🙈​	TestAccept/bundle/resources/postgres_branches/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/recreate	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/replace_existing	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/update_protected	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_branches/without_branch_id	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_endpoints/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_endpoints/recreate	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/postgres_projects/update_display_name	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/synced_database_tables/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/vector_search_indexes/basic	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/bundle/resources/vector_search_indexes/grants/select	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🙈​	TestAccept/ssh/connection	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S

Top 30 slowest tests (at least 2 minutes):

duration	env	testname
6:12	aws windows	TestAccept
6:07	aws-ucws windows	TestAccept
6:07	azure windows	TestAccept
6:03	gcp windows	TestAccept
5:55	azure-ucws windows	TestAccept
4:23	gcp windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:23	gcp windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
4:21	gcp linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:18	gcp linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:52	azure windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:18	aws-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:17	azure linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:07	aws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:00	azure windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:59	aws-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:57	aws-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:56	aws linux	TestAccept
2:56	azure linux	TestAccept
2:55	aws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:55	gcp linux	TestAccept
2:55	azure-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:49	azure-ucws linux	TestAccept
2:47	azure-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:47	azure linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:46	aws-ucws linux	TestAccept
2:42	aws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:40	aws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:40	azure-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:34	azure-ucws windows	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:27	aws-ucws linux	TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct