Comment 3 for bug 1807110

Hello,
We have Libery version and we have experienced the same issue recently.
In the "openstack image set" help list it's indicating that the unprotected status is by default enabled so i guess from glance point of view it's an expected behaviour on setting the status of the shelved image to "unprotected" when it's being created but it shouldn't be like that:

--protected Prevent image from being deleted
--unprotected Allow image to be deleted (default)

So yes the user can accidentally deletes the image as you say which will have a permanent data loss of his instance in case he tries to unshelve it. The user can set/unset the protected mode of the image whenever he want as well.

Regarding your thread in the openstack forum and what you mentioned in the end:

"The other problem with nova marking the image as protected is that if
the user deletes the server, the compute API tries to delete the
snapshot image [1] which would fail if it's still protected, and then we
could see snapshot images getting orphaned in glance. Arguably nova
could detect this situation, update the protected field to false, and
then delete the image."

I tested this (with protected status on) and I indeed deleted the instance but then the image stayed there and then i had to manually change the status to unprotected again so that it will be eligible for delete again.

Looking forward for more feedback from others as well.