On multiple occations (at least 3), I have accidentally deleted a container instead of deleting a snapshot. This is why:
The following commands exist:
lxc snapshot <instance> <snapshot>
lxc restore <instance> <snapshot>
lxc delete <instance>/<snapshot>
As you can see, lxc delete differs from the other two in how you specify the snapshot you want to delete. While working with snapshots, I forgot that and did this instead:
lxc delete <instance> <snapshot>
LXD deleted “instance” and complained about not being able to delete “snapshot”.
Has this happened to you?
I’ll consider using security.protection.delete, but would the LXD team also consider adding a safeguard for this usability issue?
Here is a suggestion for doing this, without changing the command line of lxc delete:
lxc delete should not delete anything, if any of the requested instances or snapshots do not exist, unless the -f flag is specified, in which case it should work as it does now.
The usage of the -f flag would change to:
-f, --force Force the removal of running instances. Do not fail if any instances do not exist.
So, if I accidentally type “lxc delete a snapshot1”, instead of “lxc delete a/snapshot1” and there is no instance named “snapshot1”, I would not lose instance “a”.
I also considered suggesting that “lxc delete” checks specifically for the two argument case (delete only if the second argument exists), but I think this adds complexity without improving backward compatibility.