Move to frostfs-node

Signed-off-by: Pavel Karpy <p.karpy@yadro.com>

cmd/frostfs-cli/modules/container/create.go

@@ -0,0 +1,216 @@
+package container
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	"github.com/TrueCloudLab/frostfs-sdk-go/container"
+	"github.com/TrueCloudLab/frostfs-sdk-go/container/acl"
+	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
+	subnetid "github.com/TrueCloudLab/frostfs-sdk-go/subnet/id"
+	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"github.com/spf13/cobra"
+)
+
+var (
+	containerACL         string
+	containerPolicy      string
+	containerAttributes  []string
+	containerAwait       bool
+	containerName        string
+	containerNoTimestamp bool
+	containerSubnet      string
+	force                bool
+)
+
+var createContainerCmd = &cobra.Command{
+	Use:   "create",
+	Short: "Create new container",
+	Long: `Create new container and register it in the NeoFS. 
+It will be stored in sidechain when inner ring will accepts it.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		placementPolicy, err := parseContainerPolicy(containerPolicy)
+		common.ExitOnErr(cmd, "", err)
+
+		key := key.Get(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
+
+		if !force {
+			var prm internalclient.NetMapSnapshotPrm
+			prm.SetClient(cli)
+
+			resmap, err := internalclient.NetMapSnapshot(prm)
+			common.ExitOnErr(cmd, "unable to get netmap snapshot to validate container placement, "+
+				"use --force option to skip this check: %w", err)
+
+			nodesByRep, err := resmap.NetMap().ContainerNodes(*placementPolicy, nil)
+			common.ExitOnErr(cmd, "could not build container nodes based on given placement policy, "+
+				"use --force option to skip this check: %w", err)
+
+			for i, nodes := range nodesByRep {
+				if placementPolicy.ReplicaNumberByIndex(i) > uint32(len(nodes)) {
+					common.ExitOnErr(cmd, "", fmt.Errorf(
+						"the number of nodes '%d' in selector is not enough for the number of replicas '%d', "+
+							"use --force option to skip this check",
+						len(nodes),
+						placementPolicy.ReplicaNumberByIndex(i),
+					))
+				}
+			}
+		}
+
+		if containerSubnet != "" {
+			var subnetID subnetid.ID
+
+			err = subnetID.DecodeString(containerSubnet)
+			common.ExitOnErr(cmd, "could not parse subnetID: %w", err)
+
+			placementPolicy.RestrictSubnet(subnetID)
+		}
+
+		var cnr container.Container
+		cnr.Init()
+
+		err = parseAttributes(&cnr, containerAttributes)
+		common.ExitOnErr(cmd, "", err)
+
+		var basicACL acl.Basic
+		common.ExitOnErr(cmd, "decode basic ACL string: %w", basicACL.DecodeString(containerACL))
+
+		tok := getSession(cmd)
+
+		if tok != nil {
+			issuer := tok.Issuer()
+			cnr.SetOwner(issuer)
+		} else {
+			var idOwner user.ID
+			user.IDFromKey(&idOwner, key.PublicKey)
+
+			cnr.SetOwner(idOwner)
+		}
+
+		cnr.SetPlacementPolicy(*placementPolicy)
+		cnr.SetBasicACL(basicACL)
+
+		var syncContainerPrm internalclient.SyncContainerPrm
+		syncContainerPrm.SetClient(cli)
+		syncContainerPrm.SetContainer(&cnr)
+
+		_, err = internalclient.SyncContainerSettings(syncContainerPrm)
+		common.ExitOnErr(cmd, "syncing container's settings rpc error: %w", err)
+
+		var putPrm internalclient.PutContainerPrm
+		putPrm.SetClient(cli)
+		putPrm.SetContainer(cnr)
+
+		if tok != nil {
+			putPrm.WithinSession(*tok)
+		}
+
+		res, err := internalclient.PutContainer(putPrm)
+		common.ExitOnErr(cmd, "put container rpc error: %w", err)
+
+		id := res.ID()
+
+		cmd.Println("container ID:", id)
+
+		if containerAwait {
+			cmd.Println("awaiting...")
+
+			var getPrm internalclient.GetContainerPrm
+			getPrm.SetClient(cli)
+			getPrm.SetContainer(id)
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				_, err := internalclient.GetContainer(getPrm)
+				if err == nil {
+					cmd.Println("container has been persisted on sidechain")
+					return
+				}
+			}
+
+			common.ExitOnErr(cmd, "", errCreateTimeout)
+		}
+	},
+}
+
+func initContainerCreateCmd() {
+	flags := createContainerCmd.Flags()
+
+	// Init common flags
+	flags.StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
+	flags.DurationP(commonflags.Timeout, commonflags.TimeoutShorthand, commonflags.TimeoutDefault, commonflags.TimeoutUsage)
+	flags.StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
+	flags.StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
+
+	flags.StringVar(&containerACL, "basic-acl", acl.NamePrivate, fmt.Sprintf("HEX encoded basic ACL value or keywords like '%s', '%s', '%s'",
+		acl.NamePublicRW, acl.NamePrivate, acl.NamePublicROExtended,
+	))
+	flags.StringVarP(&containerPolicy, "policy", "p", "", "QL-encoded or JSON-encoded placement policy or path to file with it")
+	flags.StringSliceVarP(&containerAttributes, "attributes", "a", nil, "Comma separated pairs of container attributes in form of Key1=Value1,Key2=Value2")
+	flags.BoolVar(&containerAwait, "await", false, "Block execution until container is persisted")
+	flags.StringVar(&containerName, "name", "", "Container name attribute")
+	flags.BoolVar(&containerNoTimestamp, "disable-timestamp", false, "Disable timestamp container attribute")
+	flags.StringVar(&containerSubnet, "subnet", "", "String representation of container subnetwork")
+	flags.BoolVarP(&force, commonflags.ForceFlag, commonflags.ForceFlagShorthand, false,
+		"Skip placement validity check")
+}
+
+func parseContainerPolicy(policyString string) (*netmap.PlacementPolicy, error) {
+	_, err := os.Stat(policyString) // check if `policyString` is a path to file with placement policy
+	if err == nil {
+		common.PrintVerbose("Reading placement policy from file: %s", policyString)
+
+		data, err := os.ReadFile(policyString)
+		if err != nil {
+			return nil, fmt.Errorf("can't read file with placement policy: %w", err)
+		}
+
+		policyString = string(data)
+	}
+
+	var result netmap.PlacementPolicy
+
+	err = result.DecodeString(policyString)
+	if err == nil {
+		common.PrintVerbose("Parsed QL encoded policy")
+		return &result, nil
+	}
+
+	if err = result.UnmarshalJSON([]byte(policyString)); err == nil {
+		common.PrintVerbose("Parsed JSON encoded policy")
+		return &result, nil
+	}
+
+	return nil, errors.New("can't parse placement policy")
+}
+
+func parseAttributes(dst *container.Container, attributes []string) error {
+	for i := range attributes {
+		kvPair := strings.Split(attributes[i], attributeDelimiter)
+		if len(kvPair) != 2 {
+			return errors.New("invalid container attribute")
+		}
+
+		dst.SetAttribute(kvPair[0], kvPair[1])
+	}
+
+	if !containerNoTimestamp {
+		container.SetCreationTime(dst, time.Now())
+	}
+
+	if containerName != "" {
+		container.SetName(dst, containerName)
+	}
+
+	return nil
+}

cmd/frostfs-cli/modules/container/delete.go

@@ -0,0 +1,95 @@
+package container
+
+import (
+	"fmt"
+	"time"
+
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	objectSDK "github.com/TrueCloudLab/frostfs-sdk-go/object"
+	"github.com/spf13/cobra"
+)
+
+var deleteContainerCmd = &cobra.Command{
+	Use:   "delete",
+	Short: "Delete existing container",
+	Long: `Delete existing container. 
+Only owner of the container has a permission to remove container.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+
+		tok := getSession(cmd)
+
+		pk := key.Get(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		if force, _ := cmd.Flags().GetBool(commonflags.ForceFlag); !force {
+			fs := objectSDK.NewSearchFilters()
+			fs.AddTypeFilter(objectSDK.MatchStringEqual, objectSDK.TypeLock)
+
+			var searchPrm internalclient.SearchObjectsPrm
+			searchPrm.SetClient(cli)
+			searchPrm.SetContainerID(id)
+			searchPrm.SetFilters(fs)
+			searchPrm.SetTTL(2)
+
+			common.PrintVerbose("Searching for LOCK objects...")
+
+			res, err := internalclient.SearchObjects(searchPrm)
+			common.ExitOnErr(cmd, "can't search for LOCK objects: %w", err)
+
+			if len(res.IDList()) != 0 {
+				common.ExitOnErr(cmd, "",
+					fmt.Errorf("Container wasn't removed because LOCK objects were found.\n"+
+						"Use --%s flag to remove anyway.", commonflags.ForceFlag))
+			}
+		}
+
+		var delPrm internalclient.DeleteContainerPrm
+		delPrm.SetClient(cli)
+		delPrm.SetContainer(id)
+
+		if tok != nil {
+			delPrm.WithinSession(*tok)
+		}
+
+		_, err := internalclient.DeleteContainer(delPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		cmd.Println("container delete method invoked")
+
+		if containerAwait {
+			cmd.Println("awaiting...")
+
+			var getPrm internalclient.GetContainerPrm
+			getPrm.SetClient(cli)
+			getPrm.SetContainer(id)
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				_, err := internalclient.GetContainer(getPrm)
+				if err != nil {
+					cmd.Println("container has been removed:", containerID)
+					return
+				}
+			}
+
+			common.ExitOnErr(cmd, "", errDeleteTimeout)
+		}
+	},
+}
+
+func initContainerDeleteCmd() {
+	flags := deleteContainerCmd.Flags()
+
+	flags.StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
+	flags.StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
+	flags.StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
+
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.BoolVar(&containerAwait, "await", false, "Block execution until container is removed")
+	flags.BoolP(commonflags.ForceFlag, commonflags.ForceFlagShorthand, false, "Do not check whether container contains locks and remove immediately")
+}

cmd/frostfs-cli/modules/container/get.go

@@ -0,0 +1,172 @@
+package container
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"encoding/json"
+	"os"
+
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
+	"github.com/TrueCloudLab/frostfs-sdk-go/container"
+	"github.com/TrueCloudLab/frostfs-sdk-go/container/acl"
+	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
+	"github.com/spf13/cobra"
+)
+
+const (
+	fromFlag      = "from"
+	fromFlagUsage = "Path to file with encoded container"
+)
+
+var (
+	containerID       string
+	containerPathFrom string
+	containerPathTo   string
+	containerJSON     bool
+)
+
+var getContainerInfoCmd = &cobra.Command{
+	Use:   "get",
+	Short: "Get container field info",
+	Long:  `Get container field info`,
+	Run: func(cmd *cobra.Command, args []string) {
+		cnr, _ := getContainer(cmd)
+
+		prettyPrintContainer(cmd, cnr, containerJSON)
+
+		if containerPathTo != "" {
+			var (
+				data []byte
+				err  error
+			)
+
+			if containerJSON {
+				data, err = cnr.MarshalJSON()
+				common.ExitOnErr(cmd, "can't JSON encode container: %w", err)
+			} else {
+				data = cnr.Marshal()
+			}
+
+			err = os.WriteFile(containerPathTo, data, 0644)
+			common.ExitOnErr(cmd, "can't write container to file: %w", err)
+		}
+	},
+}
+
+func initContainerInfoCmd() {
+	commonflags.Init(getContainerInfoCmd)
+
+	flags := getContainerInfoCmd.Flags()
+
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.StringVar(&containerPathTo, "to", "", "Path to dump encoded container")
+	flags.StringVar(&containerPathFrom, fromFlag, "", fromFlagUsage)
+	flags.BoolVar(&containerJSON, commonflags.JSON, false, "Print or dump container in JSON format")
+}
+
+type stringWriter cobra.Command
+
+func (x *stringWriter) WriteString(s string) (n int, err error) {
+	(*cobra.Command)(x).Print(s)
+	return len(s), nil
+}
+
+func prettyPrintContainer(cmd *cobra.Command, cnr container.Container, jsonEncoding bool) {
+	if jsonEncoding {
+		data, err := cnr.MarshalJSON()
+		if err != nil {
+			common.PrintVerbose("Can't convert container to json: %w", err)
+			return
+		}
+		buf := new(bytes.Buffer)
+		if err := json.Indent(buf, data, "", "  "); err != nil {
+			common.PrintVerbose("Can't pretty print json: %w", err)
+		}
+
+		cmd.Println(buf)
+
+		return
+	}
+
+	var id cid.ID
+	container.CalculateID(&id, cnr)
+	cmd.Println("container ID:", id)
+
+	cmd.Println("owner ID:", cnr.Owner())
+
+	basicACL := cnr.BasicACL()
+	prettyPrintBasicACL(cmd, basicACL)
+
+	cmd.Println("created:", container.CreatedAt(cnr))
+
+	cmd.Println("attributes:")
+	cnr.IterateAttributes(func(key, val string) {
+		cmd.Printf("\t%s=%s\n", key, val)
+	})
+
+	cmd.Println("placement policy:")
+	common.ExitOnErr(cmd, "write policy: %w", cnr.PlacementPolicy().WriteStringTo((*stringWriter)(cmd)))
+	cmd.Println()
+}
+
+func prettyPrintBasicACL(cmd *cobra.Command, basicACL acl.Basic) {
+	cmd.Printf("basic ACL: %s", basicACL.EncodeToString())
+
+	var prettyName string
+
+	switch basicACL {
+	case acl.Private:
+		prettyName = acl.NamePrivate
+	case acl.PrivateExtended:
+		prettyName = acl.NamePrivateExtended
+	case acl.PublicRO:
+		prettyName = acl.NamePublicRO
+	case acl.PublicROExtended:
+		prettyName = acl.NamePublicROExtended
+	case acl.PublicRW:
+		prettyName = acl.NamePublicRW
+	case acl.PublicRWExtended:
+		prettyName = acl.NamePublicRWExtended
+	case acl.PublicAppend:
+		prettyName = acl.NamePublicAppend
+	case acl.PublicAppendExtended:
+		prettyName = acl.NamePublicAppendExtended
+	}
+
+	if prettyName != "" {
+		cmd.Printf(" (%s)", prettyName)
+	}
+
+	cmd.Println()
+	util.PrettyPrintTableBACL(cmd, &basicACL)
+}
+
+func getContainer(cmd *cobra.Command) (container.Container, *ecdsa.PrivateKey) {
+	var cnr container.Container
+	var pk *ecdsa.PrivateKey
+	if containerPathFrom != "" {
+		data, err := os.ReadFile(containerPathFrom)
+		common.ExitOnErr(cmd, "can't read file: %w", err)
+
+		err = cnr.Unmarshal(data)
+		common.ExitOnErr(cmd, "can't unmarshal container: %w", err)
+	} else {
+		id := parseContainerID(cmd)
+		pk = key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		var prm internalclient.GetContainerPrm
+		prm.SetClient(cli)
+		prm.SetContainer(id)
+
+		res, err := internalclient.GetContainer(prm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		cnr = res.Container()
+	}
+	return cnr, pk
+}

cmd/frostfs-cli/modules/container/get_eacl.go

@@ -0,0 +1,63 @@
+package container
+
+import (
+	"os"
+
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	"github.com/spf13/cobra"
+)
+
+var getExtendedACLCmd = &cobra.Command{
+	Use:   "get-eacl",
+	Short: "Get extended ACL table of container",
+	Long:  `Get extended ACL table of container`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		var eaclPrm internalclient.EACLPrm
+		eaclPrm.SetClient(cli)
+		eaclPrm.SetContainer(id)
+
+		res, err := internalclient.EACL(eaclPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		eaclTable := res.EACL()
+
+		if containerPathTo == "" {
+			cmd.Println("eACL: ")
+			common.PrettyPrintJSON(cmd, &eaclTable, "eACL")
+
+			return
+		}
+
+		var data []byte
+
+		if containerJSON {
+			data, err = eaclTable.MarshalJSON()
+			common.ExitOnErr(cmd, "can't encode to JSON: %w", err)
+		} else {
+			data, err = eaclTable.Marshal()
+			common.ExitOnErr(cmd, "can't encode to binary: %w", err)
+		}
+
+		cmd.Println("dumping data to file:", containerPathTo)
+
+		err = os.WriteFile(containerPathTo, data, 0644)
+		common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
+	},
+}
+
+func initContainerGetEACLCmd() {
+	commonflags.Init(getExtendedACLCmd)
+
+	flags := getExtendedACLCmd.Flags()
+
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.StringVar(&containerPathTo, "to", "", "Path to dump encoded container (default: binary encoded)")
+	flags.BoolVar(&containerJSON, commonflags.JSON, false, "Encode EACL table in json format")
+}

cmd/frostfs-cli/modules/container/list.go

@@ -0,0 +1,89 @@
+package container
+
+import (
+	"strings"
+
+	"github.com/TrueCloudLab/frostfs-api-go/v2/container"
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	"github.com/TrueCloudLab/frostfs-sdk-go/user"
+	"github.com/spf13/cobra"
+)
+
+// flags of list command.
+const (
+	flagListPrintAttr      = "with-attr"
+	flagListContainerOwner = "owner"
+)
+
+// flag vars of list command.
+var (
+	flagVarListPrintAttr      bool
+	flagVarListContainerOwner string
+)
+
+var listContainersCmd = &cobra.Command{
+	Use:   "list",
+	Short: "List all created containers",
+	Long:  "List all created containers",
+	Run: func(cmd *cobra.Command, args []string) {
+		var idUser user.ID
+
+		key := key.GetOrGenerate(cmd)
+
+		if flagVarListContainerOwner == "" {
+			user.IDFromKey(&idUser, key.PublicKey)
+		} else {
+			err := idUser.DecodeString(flagVarListContainerOwner)
+			common.ExitOnErr(cmd, "invalid user ID: %w", err)
+		}
+
+		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
+
+		var prm internalclient.ListContainersPrm
+		prm.SetClient(cli)
+		prm.SetAccount(idUser)
+
+		res, err := internalclient.ListContainers(prm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		var prmGet internalclient.GetContainerPrm
+		prmGet.SetClient(cli)
+
+		list := res.IDList()
+		for i := range list {
+			cmd.Println(list[i].String())
+
+			if flagVarListPrintAttr {
+				prmGet.SetContainer(list[i])
+
+				res, err := internalclient.GetContainer(prmGet)
+				if err == nil {
+					res.Container().IterateAttributes(func(key, val string) {
+						if !strings.HasPrefix(key, container.SysAttributePrefix) {
+							// FIXME(@cthulhu-rider): neofs-sdk-go#314 use dedicated method to skip system attributes
+							cmd.Printf("  %s: %s\n", key, val)
+						}
+					})
+				} else {
+					cmd.Printf("  failed to read attributes: %v\n", err)
+				}
+			}
+		}
+	},
+}
+
+func initContainerListContainersCmd() {
+	commonflags.Init(listContainersCmd)
+
+	flags := listContainersCmd.Flags()
+
+	flags.StringVar(&flagVarListContainerOwner, flagListContainerOwner, "",
+		"Owner of containers (omit to use owner from private key)",
+	)
+	flags.BoolVar(&flagVarListPrintAttr, flagListPrintAttr, false,
+		"Request and print attributes of each container",
+	)
+}

cmd/frostfs-cli/modules/container/list_objects.go

@@ -0,0 +1,96 @@
+package container
+
+import (
+	"strings"
+
+	v2object "github.com/TrueCloudLab/frostfs-api-go/v2/object"
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	objectCli "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/object"
+	"github.com/TrueCloudLab/frostfs-sdk-go/object"
+	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
+	"github.com/spf13/cobra"
+)
+
+// flags of list-object command.
+const (
+	flagListObjectPrintAttr = "with-attr"
+)
+
+// flag vars of list-objects command.
+var (
+	flagVarListObjectsPrintAttr bool
+)
+
+var listContainerObjectsCmd = &cobra.Command{
+	Use:   "list-objects",
+	Short: "List existing objects in container",
+	Long:  `List existing objects in container`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+
+		filters := new(object.SearchFilters)
+		filters.AddRootFilter() // search only user created objects
+
+		cli := internalclient.GetSDKClientByFlag(cmd, key.GetOrGenerate(cmd), commonflags.RPC)
+
+		var prmSearch internalclient.SearchObjectsPrm
+		var prmHead internalclient.HeadObjectPrm
+
+		prmSearch.SetClient(cli)
+
+		if flagVarListObjectsPrintAttr {
+			prmHead.SetClient(cli)
+			objectCli.Prepare(cmd, &prmSearch, &prmHead)
+		} else {
+			objectCli.Prepare(cmd, &prmSearch)
+		}
+
+		prmSearch.SetContainerID(id)
+		prmSearch.SetFilters(*filters)
+
+		res, err := internalclient.SearchObjects(prmSearch)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		objectIDs := res.IDList()
+
+		for i := range objectIDs {
+			cmd.Println(objectIDs[i].String())
+
+			if flagVarListObjectsPrintAttr {
+				var addr oid.Address
+				addr.SetContainer(id)
+				addr.SetObject(objectIDs[i])
+				prmHead.SetAddress(addr)
+
+				resHead, err := internalclient.HeadObject(prmHead)
+				if err == nil {
+					attrs := resHead.Header().Attributes()
+					for i := range attrs {
+						attrKey := attrs[i].Key()
+						if !strings.HasPrefix(attrKey, v2object.SysAttributePrefix) {
+							// FIXME(@cthulhu-rider): neofs-sdk-go#226 use dedicated method to skip system attributes
+							cmd.Printf("  %s: %s\n", attrKey, attrs[i].Value())
+						}
+					}
+				} else {
+					cmd.Printf("  failed to read attributes: %v\n", err)
+				}
+			}
+		}
+	},
+}
+
+func initContainerListObjectsCmd() {
+	commonflags.Init(listContainerObjectsCmd)
+	objectCli.InitBearer(listContainerObjectsCmd)
+
+	flags := listContainerObjectsCmd.Flags()
+
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.BoolVar(&flagVarListObjectsPrintAttr, flagListObjectPrintAttr, false,
+		"Request and print user attributes of each object",
+	)
+}

cmd/frostfs-cli/modules/container/nodes.go

@@ -0,0 +1,64 @@
+package container
+
+import (
+	"crypto/sha256"
+
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	containerAPI "github.com/TrueCloudLab/frostfs-sdk-go/container"
+	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
+	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
+	"github.com/spf13/cobra"
+)
+
+var short bool
+
+var containerNodesCmd = &cobra.Command{
+	Use:   "nodes",
+	Short: "Show nodes for container",
+	Long:  "Show nodes taking part in a container at the current epoch.",
+	Run: func(cmd *cobra.Command, args []string) {
+		var cnr, pkey = getContainer(cmd)
+
+		if pkey == nil {
+			pkey = key.GetOrGenerate(cmd)
+		}
+
+		cli := internalclient.GetSDKClientByFlag(cmd, pkey, commonflags.RPC)
+
+		var prm internalclient.NetMapSnapshotPrm
+		prm.SetClient(cli)
+
+		resmap, err := internalclient.NetMapSnapshot(prm)
+		common.ExitOnErr(cmd, "unable to get netmap snapshot", err)
+
+		var id cid.ID
+		containerAPI.CalculateID(&id, cnr)
+		binCnr := make([]byte, sha256.Size)
+		id.Encode(binCnr)
+
+		policy := cnr.PlacementPolicy()
+
+		var cnrNodes [][]netmap.NodeInfo
+		cnrNodes, err = resmap.NetMap().ContainerNodes(policy, binCnr)
+		common.ExitOnErr(cmd, "could not build container nodes for given container: %w", err)
+
+		for i := range cnrNodes {
+			cmd.Printf("Descriptor #%d, REP %d:\n", i+1, policy.ReplicaNumberByIndex(i))
+			for j := range cnrNodes[i] {
+				common.PrettyPrintNodeInfo(cmd, cnrNodes[i][j], j, "\t", short)
+			}
+		}
+	},
+}
+
+func initContainerNodesCmd() {
+	commonflags.Init(containerNodesCmd)
+
+	flags := containerNodesCmd.Flags()
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.StringVar(&containerPathFrom, fromFlag, "", fromFlagUsage)
+	flags.BoolVar(&short, "short", false, "Shortens output of node info")
+}

cmd/frostfs-cli/modules/container/root.go

@@ -0,0 +1,58 @@
+package container
+
+import (
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/spf13/cobra"
+)
+
+// Cmd represents the container command.
+var Cmd = &cobra.Command{
+	Use:   "container",
+	Short: "Operations with containers",
+	Long:  "Operations with containers",
+	PersistentPreRun: func(cmd *cobra.Command, args []string) {
+		// bind exactly that cmd's flags to
+		// the viper before execution
+		commonflags.Bind(cmd)
+		commonflags.BindAPI(cmd)
+	},
+}
+
+func init() {
+	containerChildCommand := []*cobra.Command{
+		listContainersCmd,
+		createContainerCmd,
+		deleteContainerCmd,
+		listContainerObjectsCmd,
+		getContainerInfoCmd,
+		getExtendedACLCmd,
+		setExtendedACLCmd,
+		containerNodesCmd,
+	}
+
+	Cmd.AddCommand(containerChildCommand...)
+
+	initContainerListContainersCmd()
+	initContainerCreateCmd()
+	initContainerDeleteCmd()
+	initContainerListObjectsCmd()
+	initContainerInfoCmd()
+	initContainerGetEACLCmd()
+	initContainerSetEACLCmd()
+	initContainerNodesCmd()
+
+	for _, containerCommand := range containerChildCommand {
+		commonflags.InitAPI(containerCommand)
+	}
+
+	for _, el := range []struct {
+		cmd  *cobra.Command
+		verb string
+	}{
+		{createContainerCmd, "PUT"},
+		{deleteContainerCmd, "DELETE"},
+		{setExtendedACLCmd, "SETEACL"},
+	} {
+		commonflags.InitSession(el.cmd, "container "+el.verb)
+	}
+}

cmd/frostfs-cli/modules/container/set_eacl.go

@@ -0,0 +1,103 @@
+package container
+
+import (
+	"bytes"
+	"errors"
+	"time"
+
+	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	"github.com/spf13/cobra"
+)
+
+var flagVarsSetEACL struct {
+	noPreCheck bool
+
+	srcPath string
+}
+
+var setExtendedACLCmd = &cobra.Command{
+	Use:   "set-eacl",
+	Short: "Set new extended ACL table for container",
+	Long: `Set new extended ACL table for container.
+Container ID in EACL table will be substituted with ID from the CLI.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+		eaclTable := common.ReadEACL(cmd, flagVarsSetEACL.srcPath)
+
+		tok := getSession(cmd)
+
+		eaclTable.SetCID(id)
+
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		if !flagVarsSetEACL.noPreCheck {
+			cmd.Println("Checking the ability to modify access rights in the container...")
+
+			extendable, err := internalclient.IsACLExtendable(cli, id)
+			common.ExitOnErr(cmd, "Extensibility check failure: %w", err)
+
+			if !extendable {
+				common.ExitOnErr(cmd, "", errors.New("container ACL is immutable"))
+			}
+
+			cmd.Println("ACL extension is enabled in the container, continue processing.")
+		}
+
+		var setEACLPrm internalclient.SetEACLPrm
+		setEACLPrm.SetClient(cli)
+		setEACLPrm.SetTable(*eaclTable)
+
+		if tok != nil {
+			setEACLPrm.WithinSession(*tok)
+		}
+
+		_, err := internalclient.SetEACL(setEACLPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		if containerAwait {
+			exp, err := eaclTable.Marshal()
+			common.ExitOnErr(cmd, "broken EACL table: %w", err)
+
+			cmd.Println("awaiting...")
+
+			var getEACLPrm internalclient.EACLPrm
+			getEACLPrm.SetClient(cli)
+			getEACLPrm.SetContainer(id)
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				res, err := internalclient.EACL(getEACLPrm)
+				if err == nil {
+					// compare binary values because EACL could have been set already
+					table := res.EACL()
+					got, err := table.Marshal()
+					if err != nil {
+						continue
+					}
+
+					if bytes.Equal(exp, got) {
+						cmd.Println("EACL has been persisted on sidechain")
+						return
+					}
+				}
+			}
+
+			common.ExitOnErr(cmd, "", errSetEACLTimeout)
+		}
+	},
+}
+
+func initContainerSetEACLCmd() {
+	commonflags.Init(setExtendedACLCmd)
+
+	flags := setExtendedACLCmd.Flags()
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.StringVar(&flagVarsSetEACL.srcPath, "table", "", "path to file with JSON or binary encoded EACL table")
+	flags.BoolVar(&containerAwait, "await", false, "block execution until EACL is persisted")
+	flags.BoolVar(&flagVarsSetEACL.noPreCheck, "no-precheck", false, "do not pre-check the extensibility of the container ACL")
+}

cmd/frostfs-cli/modules/container/util.go

@@ -0,0 +1,57 @@
+package container
+
+import (
+	"errors"
+
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
+	"github.com/TrueCloudLab/frostfs-sdk-go/session"
+	"github.com/spf13/cobra"
+)
+
+const (
+	attributeDelimiter = "="
+
+	awaitTimeout = 120 // in seconds
+)
+
+var (
+	errCreateTimeout  = errors.New("timeout: container has not been persisted on sidechain")
+	errDeleteTimeout  = errors.New("timeout: container has not been removed from sidechain")
+	errSetEACLTimeout = errors.New("timeout: EACL has not been persisted on sidechain")
+)
+
+func parseContainerID(cmd *cobra.Command) cid.ID {
+	if containerID == "" {
+		common.ExitOnErr(cmd, "", errors.New("container ID is not set"))
+	}
+
+	var id cid.ID
+	err := id.DecodeString(containerID)
+	common.ExitOnErr(cmd, "can't decode container ID value: %w", err)
+	return id
+}
+
+// decodes session.Container from the file by path provided in
+// commonflags.SessionToken flag. Returns nil if the path is not specified.
+func getSession(cmd *cobra.Command) *session.Container {
+	common.PrintVerbose("Reading container session...")
+
+	path, _ := cmd.Flags().GetString(commonflags.SessionToken)
+	if path == "" {
+		common.PrintVerbose("Session not provided.")
+		return nil
+	}
+
+	common.PrintVerbose("Reading container session from the file [%s]...", path)
+
+	var res session.Container
+
+	err := common.ReadBinaryOrJSON(&res, path)
+	common.ExitOnErr(cmd, "read container session: %v", err)
+
+	common.PrintVerbose("Session successfully read.")
+
+	return &res
+}