From 05f178f49a147b51e41a79b6ea163ae8bbc8a8d7 Mon Sep 17 00:00:00 2001
From: simonfaltum <simon.faltum@databricks.com>
Date: Tue, 9 Jun 2026 23:03:12 +0200
Subject: [PATCH 1/2] Fix temp state dir leak and unchecked Close in terraform
 bind

Co-authored-by: Isaac
---
 bundle/deploy/terraform/import.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/bundle/deploy/terraform/import.go b/bundle/deploy/terraform/import.go
index 48ad622c6cb..d6fdfc60231 100644
--- a/bundle/deploy/terraform/import.go
+++ b/bundle/deploy/terraform/import.go
@@ -44,6 +44,7 @@ func (m *importResource) Apply(ctx context.Context, b *bundle.Bundle) diag.Diagn
 	if err != nil {
 		return diag.Errorf("terraform init: %v", err)
 	}
+	defer os.RemoveAll(tmpDir)
 	relPath, _ := b.StateFilenameTerraform(ctx)
 	tmpState := filepath.Join(tmpDir, filepath.Base(relPath))
 
@@ -62,8 +63,6 @@ func (m *importResource) Apply(ctx context.Context, b *bundle.Bundle) diag.Diagn
 		return diag.Errorf("terraform plan: %v", err)
 	}
 
-	defer os.RemoveAll(tmpDir)
-
 	if changed && !m.opts.AutoApprove {
 		output := buf.String()
 		// Remove output starting from Warning until end of output, if present.
@@ -103,6 +102,14 @@ func (m *importResource) Apply(ctx context.Context, b *bundle.Bundle) diag.Diagn
 		return diag.FromErr(err)
 	}
 
+	// A failed Close can mean the state file was not fully written; report it
+	// instead of succeeding with a truncated state file. The deferred Close
+	// above remains for error paths and is a no-op after this one.
+	err = f.Close()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	return diags
 }
 

From cc230ab6e85c5cf0dce47d04a0442e26fba6c3dc Mon Sep 17 00:00:00 2001
From: simonfaltum <simon.faltum@databricks.com>
Date: Wed, 10 Jun 2026 07:23:18 +0200
Subject: [PATCH 2/2] Remove redundant comments

Co-authored-by: Isaac
---
 bundle/deploy/terraform/import.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/bundle/deploy/terraform/import.go b/bundle/deploy/terraform/import.go
index d6fdfc60231..474aaa23057 100644
--- a/bundle/deploy/terraform/import.go
+++ b/bundle/deploy/terraform/import.go
@@ -102,9 +102,7 @@ func (m *importResource) Apply(ctx context.Context, b *bundle.Bundle) diag.Diagn
 		return diag.FromErr(err)
 	}
 
-	// A failed Close can mean the state file was not fully written; report it
-	// instead of succeeding with a truncated state file. The deferred Close
-	// above remains for error paths and is a no-op after this one.
+	// A failed Close can mean a truncated state file; the deferred Close above covers error paths.
 	err = f.Close()
 	if err != nil {
 		return diag.FromErr(err)