Fix secret scope ACL deletion loop exiting early on NotFound

[pietern]

Changes

When deleting multiple secret scope ACLs, if one ACL returns NotFound (due to race conditions or eventual consistency), the code would return nil and exit the loop early. This prevented remaining ACLs from being deleted. Changed to continue to skip NotFound errors and proceed with remaining deletions.

Tests

Only static analysis, no tests.

[denik]

how can sequential call before "bundle deploy" simulate race condition?

If I understand correctly the race condition this refers too is the one in setACLs() function which indeed does list + delete,

[pietern]

It turned out this was a red herring when investigating the flaky test. It happens exclusively with TF.

The fix in this PR is real but the acceptance test doesn't properly test the fix. It can be useful in general though.

I will remove the acceptance test from this PR and verify that it adds real coverage before submitting it again.

[denik]

suggestion: add readplan variant to this test, it's a few lines of bash to make it test that this still works with deploy --plan:

% git grep -i readplan acceptance/bundle/resources/jobs/delete_task/
acceptance/bundle/resources/jobs/delete_task/script:$CLI bundle deploy $(readplanarg out.plan_create.direct.json)
acceptance/bundle/resources/jobs/delete_task/script:$CLI bundle deploy $(readplanarg out.plan_update.direct.json)
acceptance/bundle/resources/jobs/delete_task/test.toml:EnvMatrix.READPLAN = ["", "1"]

[eng-dev-ecosystem-bot]

Commit: ba3d55f

Run: 20913700897

	Env	🟨​KNOWN	🔄​flaky	💚​RECOVERED	🙈​SKIP	✅​pass	🙈​skip	Time
🟨​	aws linux	9		15	2	380	681	24:38
🟨​	aws windows	17		7	2	382	679	15:42
🟨​	aws-ucws linux	5	2	19	2	529	558	43:44
🟨​	aws-ucws windows	13		11	2	533	556	41:54
🟨​	azure linux	2	3	16	3	378	680	26:28
🟨​	azure windows	11		8	3	382	678	21:52
🟨​	azure-ucws linux	2	3	16	3	525	557	43:03
🟨​	azure-ucws windows	11		8	3	529	555	42:29
🟨​	gcp linux	2		17	3	369	686	25:45
🟨​	gcp windows	11		8	3	371	684	26:30

30 interesting tests: 17 KNOWN, 8 RECOVERED, 4 flaky, 1 SKIP

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
🟨​	TestAccept	🟨​K	🟨​K	🟨​K	🟨​K	🔄​f	🟨​K	🔄​f	🟨​K	💚​R	🟨​K
💚​	TestAccept/bundle/deployment/bind/alert	🙈​S	🙈​S	🙈​S	🙈​S	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
🟨​	TestAccept/bundle/generate/alert	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
🟨​	TestAccept/bundle/generate/alert/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
🟨​	TestAccept/bundle/generate/alert/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
💚​	TestAccept/bundle/resources/alerts/basic	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/alerts/basic/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/alerts/basic/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/alerts/with_file	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/alerts/with_file/DATABRICKS_BUNDLE_ENGINE=direct	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
💚​	TestAccept/bundle/resources/alerts/with_file/DATABRICKS_BUNDLE_ENGINE=terraform	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
🙈​	TestAccept/bundle/resources/permissions	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🟨​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	🟨​K	🟨​K	🟨​K	🟨​K	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🟨​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	🟨​K	🟨​K	🟨​K	🟨​K
🟨​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🟨​K	🟨​K	💚​R	💚​R
🟨​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	🟨​K	🟨​K	💚​R	💚​R	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S	🙈​S
🟨​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	🟨​K	🟨​K	💚​R	💚​R
🟨​	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🟨​K	🟨​K	💚​R	💚​R
🔄​	TestAccept/bundle/resources/secret_scopes/permissions	✅​p	✅​p	✅​p	✅​p	🔄​f	✅​p	🔄​f	✅​p	🙈​s	🙈​s
🔄​	TestAccept/bundle/resources/secret_scopes/permissions/DATABRICKS_BUNDLE_ENGINE=terraform	✅​p	✅​p	✅​p	✅​p	🔄​f	✅​p	🔄​f	✅​p
🔄​	TestAccept/bundle/templates/default-python/integration_classic	✅​p	✅​p	🔄​f	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p
🔄​	TestAccept/bundle/templates/default-python/integration_classic/DATABRICKS_BUNDLE_ENGINE=direct/UV_PYTHON=3.13	✅​p	✅​p	🔄​f	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p	✅​p
💚​	TestAccept/ssh/connection	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R	💚​R
🟨​	TestExport	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K
🟨​	TestExportWithFileFlag	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K	🟨​K
🟨​	TestImportDir	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
🟨​	TestImportDirDoesNotOverwrite	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
🟨​	TestImportDirWithOverwriteFlag	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
🟨​	TestImportFileFormatAuto	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K
🟨​	TestImportFileFormatSource	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K	💚​R	🟨​K

Top 38 slowest tests (at least 2 minutes):

duration	env	testname
7:23	aws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
6:41	aws-ucws linux	TestAccept/bundle/resources/synced_database_tables/basic
5:48	aws-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:43	gcp linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:42	aws-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:41	gcp linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:31	gcp windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:29	aws-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:21	azure-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:15	gcp windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:08	aws-ucws windows	TestAccept/bundle/resources/synced_database_tables/basic
4:35	azure-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
4:20	azure-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
3:26	azure linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
3:22	azure-ucws windows	TestAccept/bundle/resources/synced_database_tables/basic
3:10	azure-ucws linux	TestAccept/bundle/resources/synced_database_tables/basic
2:28	azure-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
2:27	aws-ucws windows	TestAccept/bundle/resources/registered_models/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:21	aws-ucws linux	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=no/NBOOK=yes/PY=yes/READPLAN=
2:19	gcp linux	TestAccept
2:17	aws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
2:14	azure-ucws linux	TestAccept/bundle/resources/registered_models/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:14	aws-ucws linux	TestAccept/bundle/resources/experiments/basic/DATABRICKS_BUNDLE_ENGINE=direct
2:10	aws-ucws linux	TestAccept/bundle/resources/experiments/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:10	azure-ucws windows	TestAccept/bundle/resources/registered_models/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:09	aws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
2:09	azure-ucws windows	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=no/NBOOK=no/PY=no/READPLAN=
2:09	gcp windows	TestAccept/bundle/resources/experiments/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:09	aws-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
2:06	aws-ucws windows	TestAccept/bundle/resources/registered_models/basic/DATABRICKS_BUNDLE_ENGINE=direct
2:06	azure-ucws linux	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=no/NBOOK=yes/PY=no/READPLAN=
2:03	azure-ucws windows	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=yes/NBOOK=yes/PY=yes/READPLAN=
2:02	azure-ucws linux	TestAccept/bundle/resources/experiments/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:01	aws-ucws linux	TestAccept/bundle/resources/registered_models/basic/DATABRICKS_BUNDLE_ENGINE=terraform
2:01	azure linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
2:00	azure-ucws windows	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=direct/DLT=no/NBOOK=no/PY=yes/READPLAN=
2:00	aws-ucws windows	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=no/NBOOK=yes/PY=yes/READPLAN=
2:00	azure-ucws windows	TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=direct/DLT=no/NBOOK=yes/PY=yes/READPLAN=

[denik]

A test would be really nice. Perhaps this can tested with regular static stubs in test.toml?