Safer shell sub-commands

You will undoubtedly encounter deprecated, inadvisable, or outright dangerous commands in your daily work. Rather than having to rely on your erring, fallible memory, it would be better if you could guarantee avoidance of such commands. Or at least have them behind an additional prompt. This is especially important in infrastructure work, where the stakes are that much higher.

You might be reading the documentation on terraform refresh and come across the following warning:

Automatically applying the effect of a refresh is risky. If you have misconfigured credentials for one or more providers, Terraform may be misled into thinking that all of the managed objects have been deleted, causing it to remove all of the tracked objects without any confirmation prompt.

Rather than form a memory of the quoted bits in your hippocampus, you’d be better off storing these bits into your appropriate ~/.{bash,zsh,etc}rc runcommand file:

terraform() {
  case $1 in
    refresh)
      terraform apply -refresh-only
      ;;
    *)
      command terraform "$@"
      ;;
  esac
}

You now have a guarantee that the alternative, recommended subcommand apply -refresh-only will be used. This pattern can be applied on other dangerous and/or deprecated subcommands, be it for terraform or some other command. How ~/.gitconfig allows for customized subcommands might also serve you as a further inspiration.