[#197] Add a leading slash to the FilePath attribute

According to the frostfs api specification,
the File Path attribute must start with a
leading slash. More info:
https://git.frostfs.info/TrueCloudLab/frostfs-api

Signed-off-by: Roman Loginov <r.loginov@yadro.com>

.forgejo/workflows/oci-image.yml

@@ -0,0 +1,27 @@
+on:
+  pull_request:
+  push:
+  workflow_dispatch:
+
+jobs:
+  image:
+    name: OCI image
+    runs-on: docker
+    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
+    steps:
+      - name: Clone git repo
+        uses: actions/checkout@v3
+
+      - name: Build OCI image
+        run: make image
+
+      - name: Push image to OCI registry
+        run: |
+          echo "$REGISTRY_PASSWORD" \
+            | docker login --username truecloudlab --password-stdin git.frostfs.info
+          make image-push
+        if: >-
+          startsWith(github.ref, 'refs/tags/v') &&
+          (github.event_name == 'workflow_dispatch' || github.event_name == 'push')
+        env:
+          REGISTRY_PASSWORD: ${{secrets.FORGEJO_OCI_REGISTRY_PUSH_TOKEN}}

.forgejo/workflows/tests.yml

@@ -43,3 +43,19 @@ jobs:
 
       - name: Run tests
         run: make test
+
+  integration:
+    name: Integration tests
+    runs-on: oci-runner
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.23'
+
+      - name: Run integration tests
+        run: |-
+          podman-service.sh
+          make integration-test

.forgejo/workflows/vulncheck.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.22'
+          go-version: '1.22.12'
 
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest

CHANGELOG.md

@@ -4,6 +4,25 @@ This document outlines major changes between releases.
 
 ## [Unreleased]
 
+### Added
+- Add handling quota limit reached error (#187)
+- Add slash clipping for FileName attribute (#174)
+
+## [0.32.3] - 2025-02-05
+
+### Added
+- Add slash clipping for FileName attribute (#174)
+
+## [0.32.2] - 2025-02-03
+
+### Fixed
+- Possible memory leak in gRPC client (#202)
+
+## [0.32.1] - 2025-01-27
+
+### Fixed
+- SIGHUP panic (#198)
+
 ## [0.32.0] - Khumbu - 2024-12-20
 
 ### Fixed
@@ -184,4 +203,7 @@ To see CHANGELOG for older versions, refer to https://github.com/nspcc-dev/neofs
 [0.30.3]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.30.2...v0.30.3
 [0.31.0]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.30.3...v0.31.0
 [0.32.0]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.31.0...v0.32.0
-[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.32.0...master
+[0.32.1]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.32.0...v0.32.1
+[0.32.2]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.32.1...v0.32.2
+[0.32.3]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.32.2...v0.32.3
+[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.32.3...master

Makefile

@@ -7,7 +7,7 @@ LINT_VERSION ?= 1.60.3
 TRUECLOUDLAB_LINT_VERSION ?= 0.0.6
 BUILD ?= $(shell date -u --iso=seconds)
 
-HUB_IMAGE ?= truecloudlab/frostfs-http-gw
+HUB_IMAGE ?= git.frostfs.info/truecloudlab/frostfs-http-gw
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"
 
 METRICS_DUMP_OUT ?= ./metrics-dump.json

README.md

@@ -38,7 +38,7 @@ version      Show current version
 ```
 
 Or you can also use a [Docker
-image](https://hub.docker.com/r/truecloudlab/frostfs-http-gw) provided for the released
+image](https://git.frostfs.info/TrueCloudLab/-/packages/container/frostfs-http-gw) provided for the released
 (and occasionally unreleased) versions of the gateway (`:latest` points to the
 latest stable release).
 

VERSION

@@ -1 +1 @@
-v0.32.0
+v0.32.3

cmd/http-gw/app.go

@@ -25,7 +25,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/templates"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/metrics"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
@@ -45,6 +44,7 @@ import (
 	"github.com/valyala/fasthttp"
 	"go.opentelemetry.io/otel/trace"
 	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
 	"golang.org/x/exp/slices"
 )
 
@@ -52,12 +52,11 @@ type (
 	app struct {
 		ctx            context.Context
 		log            *zap.Logger
-		logLevel       zap.AtomicLevel
 		pool           *pool.Pool
 		treePool       *treepool.Pool
 		key            *keys.PrivateKey
 		owner          *user.ID
-		cfg            *viper.Viper
+		cfg            *appCfg
 		webServer      *fasthttp.Server
 		webDone        chan struct{}
 		resolver       *resolver.ContainerResolver
@@ -65,6 +64,7 @@ type (
 		services       []*metrics.Service
 		settings       *appSettings
 		loggerSettings *loggerSettings
+		bucketCache    *cache.BucketCache
 
 		servers       []Server
 		unbindServers []ServerInfo
@@ -94,10 +94,11 @@ type (
 		reconnectInterval time.Duration
 		dialerSource      *internalnet.DialerSource
 		workerPoolSize    int
+		logLevelConfig    *logLevelConfig
 
 		mu                     sync.RWMutex
 		defaultTimestamp       bool
-		zipCompression         bool
+		archiveCompression     bool
 		clientCut              bool
 		returnIndexPage        bool
 		indexPageTemplate      string
@@ -113,6 +114,15 @@ type (
 		enableFilepathFallback bool
 	}
 
+	tagsConfig struct {
+		tagLogs sync.Map
+	}
+
+	logLevelConfig struct {
+		logLevel   zap.AtomicLevel
+		tagsConfig *tagsConfig
+	}
+
 	CORS struct {
 		AllowOrigin      string
 		AllowMethods     []string
@@ -123,35 +133,114 @@ type (
 	}
 )
 
-func newApp(ctx context.Context, v *viper.Viper) App {
+func newLogLevel(v *viper.Viper) zap.AtomicLevel {
+	ll, err := getLogLevel(v)
+	if err != nil {
+		panic(err.Error())
+	}
+	atomicLogLevel := zap.NewAtomicLevel()
+	atomicLogLevel.SetLevel(ll)
+	return atomicLogLevel
+}
+
+func newTagsConfig(v *viper.Viper, ll zapcore.Level) *tagsConfig {
+	var t tagsConfig
+	if err := t.update(v, ll); err != nil {
+		// panic here is analogue of the similar panic during common log level initialization.
+		panic(err.Error())
+	}
+	return &t
+}
+
+func newLogLevelConfig(lvl zap.AtomicLevel, tagsConfig *tagsConfig) *logLevelConfig {
+	return &logLevelConfig{
+		logLevel:   lvl,
+		tagsConfig: tagsConfig,
+	}
+}
+
+func (l *logLevelConfig) update(cfg *viper.Viper, log *zap.Logger) {
+	if lvl, err := getLogLevel(cfg); err != nil {
+		log.Warn(logs.LogLevelWontBeUpdated, zap.Error(err), logs.TagField(logs.TagApp))
+	} else {
+		l.logLevel.SetLevel(lvl)
+	}
+
+	if err := l.tagsConfig.update(cfg, l.logLevel.Level()); err != nil {
+		log.Warn(logs.TagsLogConfigWontBeUpdated, zap.Error(err), logs.TagField(logs.TagApp))
+	}
+}
+
+func (t *tagsConfig) LevelEnabled(tag string, tgtLevel zapcore.Level) bool {
+	lvl, ok := t.tagLogs.Load(tag)
+	if !ok {
+		return false
+	}
+
+	return lvl.(zapcore.Level).Enabled(tgtLevel)
+}
+
+func (t *tagsConfig) update(cfg *viper.Viper, ll zapcore.Level) error {
+	tags, err := fetchLogTagsConfig(cfg, ll)
+	if err != nil {
+		return err
+	}
+
+	t.tagLogs.Range(func(key, value any) bool {
+		k := key.(string)
+		v := value.(zapcore.Level)
+
+		if lvl, ok := tags[k]; ok {
+			if lvl != v {
+				t.tagLogs.Store(key, lvl)
+			}
+		} else {
+			t.tagLogs.Delete(key)
+			delete(tags, k)
+		}
+		return true
+	})
+
+	for k, v := range tags {
+		t.tagLogs.Store(k, v)
+	}
+
+	return nil
+}
+
+func newApp(ctx context.Context, cfg *appCfg) App {
 	logSettings := &loggerSettings{}
-	log := pickLogger(v, logSettings)
+	logLevel := newLogLevel(cfg.config())
+	tagConfig := newTagsConfig(cfg.config(), logLevel.Level())
+	logConfig := newLogLevelConfig(logLevel, tagConfig)
+	log := pickLogger(cfg.config(), logConfig.logLevel, logSettings, tagConfig)
 
 	a := &app{
 		ctx:            ctx,
 		log:            log.logger,
-		cfg:            v,
+		cfg:            cfg,
 		loggerSettings: logSettings,
 		webServer:      new(fasthttp.Server),
 		webDone:        make(chan struct{}),
+		bucketCache:    cache.NewBucketCache(getBucketCacheOptions(cfg.config(), log.logger), cfg.config().GetBool(cfgFeaturesTreePoolNetmapSupport)),
 	}
 
-	a.initAppSettings()
+	a.initAppSettings(logConfig)
 
 	// -- setup FastHTTP server --
 	a.webServer.Name = "frost-http-gw"
-	a.webServer.ReadBufferSize = a.cfg.GetInt(cfgWebReadBufferSize)
-	a.webServer.WriteBufferSize = a.cfg.GetInt(cfgWebWriteBufferSize)
-	a.webServer.ReadTimeout = a.cfg.GetDuration(cfgWebReadTimeout)
-	a.webServer.WriteTimeout = a.cfg.GetDuration(cfgWebWriteTimeout)
+	a.webServer.ReadBufferSize = a.config().GetInt(cfgWebReadBufferSize)
+	a.webServer.WriteBufferSize = a.config().GetInt(cfgWebWriteBufferSize)
+	a.webServer.ReadTimeout = a.config().GetDuration(cfgWebReadTimeout)
+	a.webServer.WriteTimeout = a.config().GetDuration(cfgWebWriteTimeout)
 	a.webServer.DisableHeaderNamesNormalizing = true
 	a.webServer.NoDefaultServerHeader = true
 	a.webServer.NoDefaultContentType = true
-	a.webServer.MaxRequestBodySize = a.cfg.GetInt(cfgWebMaxRequestBodySize)
+	a.webServer.MaxRequestBodySize = a.config().GetInt(cfgWebMaxRequestBodySize)
 	a.webServer.DisablePreParseMultipartForm = true
-	a.webServer.StreamRequestBody = a.cfg.GetBool(cfgWebStreamRequestBody)
+	a.webServer.StreamRequestBody = a.config().GetBool(cfgWebStreamRequestBody)
 	// -- -- -- -- -- -- -- -- -- -- -- -- -- --
-	a.pool, a.treePool, a.key = getPools(ctx, a.log, a.cfg, a.settings.dialerSource)
+	a.initPools(ctx)
 
 	var owner user.ID
 	user.IDFromKey(&owner, a.key.PrivateKey.PublicKey)
@@ -166,18 +255,23 @@ func newApp(ctx context.Context, v *viper.Viper) App {
 	return a
 }
 
-func (a *app) initAppSettings() {
+func (a *app) config() *viper.Viper {
+	return a.cfg.config()
+}
+
+func (a *app) initAppSettings(lc *logLevelConfig) {
 	a.settings = &appSettings{
-		reconnectInterval: fetchReconnectInterval(a.cfg),
-		dialerSource:      getDialerSource(a.log, a.cfg),
-		workerPoolSize:    a.cfg.GetInt(cfgWorkerPoolSize),
+		reconnectInterval: fetchReconnectInterval(a.config()),
+		dialerSource:      getDialerSource(a.log, a.config()),
+		workerPoolSize:    a.config().GetInt(cfgWorkerPoolSize),
+		logLevelConfig:    lc,
 	}
-	a.settings.update(a.cfg, a.log)
+	a.settings.update(a.config(), a.log)
 }
 
 func (s *appSettings) update(v *viper.Viper, l *zap.Logger) {
 	defaultTimestamp := v.GetBool(cfgUploaderHeaderEnableDefaultTimestamp)
-	zipCompression := v.GetBool(cfgZipCompression)
+	archiveCompression := fetchArchiveCompression(v)
 	returnIndexPage := v.GetBool(cfgIndexPageEnabled)
 	clientCut := v.GetBool(cfgClientCut)
 	bufferMaxSizeForPut := v.GetUint64(cfgBufferMaxSizeForPut)
@@ -196,7 +290,7 @@ func (s *appSettings) update(v *viper.Viper, l *zap.Logger) {
 	defer s.mu.Unlock()
 
 	s.defaultTimestamp = defaultTimestamp
-	s.zipCompression = zipCompression
+	s.archiveCompression = archiveCompression
 	s.returnIndexPage = returnIndexPage
 	s.clientCut = clientCut
 	s.bufferMaxSizeForPut = bufferMaxSizeForPut
@@ -235,10 +329,10 @@ func (s *appSettings) DefaultTimestamp() bool {
 	return s.defaultTimestamp
 }
 
-func (s *appSettings) ZipCompression() bool {
+func (s *appSettings) ArchiveCompression() bool {
 	s.mu.RLock()
 	defer s.mu.RUnlock()
-	return s.zipCompression
+	return s.archiveCompression
 }
 
 func (s *appSettings) IndexPageEnabled() bool {
@@ -318,25 +412,26 @@ func (a *app) initResolver() {
 	var err error
 	a.resolver, err = resolver.NewContainerResolver(a.getResolverConfig())
 	if err != nil {
-		a.log.Fatal(logs.FailedToCreateResolver, zap.Error(err))
+		a.log.Fatal(logs.FailedToCreateResolver, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 }
 
 func (a *app) getResolverConfig() ([]string, *resolver.Config) {
 	resolveCfg := &resolver.Config{
 		FrostFS:    frostfs.NewResolverFrostFS(a.pool),
-		RPCAddress: a.cfg.GetString(cfgRPCEndpoint),
+		RPCAddress: a.config().GetString(cfgRPCEndpoint),
 		Settings:   a.settings,
 	}
 
-	order := a.cfg.GetStringSlice(cfgResolveOrder)
+	order := a.config().GetStringSlice(cfgResolveOrder)
 	if resolveCfg.RPCAddress == "" {
 		order = remove(order, resolver.NNSResolver)
-		a.log.Warn(logs.ResolverNNSWontBeUsedSinceRPCEndpointIsntProvided)
+		a.log.Warn(logs.ResolverNNSWontBeUsedSinceRPCEndpointIsntProvided, logs.TagField(logs.TagApp))
 	}
 
 	if len(order) == 0 {
-		a.log.Info(logs.ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty)
+		a.log.Info(logs.ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty,
+			logs.TagField(logs.TagApp))
 	}
 
 	return order, resolveCfg
@@ -344,14 +439,14 @@ func (a *app) getResolverConfig() ([]string, *resolver.Config) {
 
 func (a *app) initMetrics() {
 	gateMetricsProvider := metrics.NewGateMetrics(a.pool)
-	a.metrics = newGateMetrics(a.log, gateMetricsProvider, a.cfg.GetBool(cfgPrometheusEnabled))
+	a.metrics = newGateMetrics(a.log, gateMetricsProvider, a.config().GetBool(cfgPrometheusEnabled))
 	a.metrics.SetHealth(metrics.HealthStatusStarting)
 	a.loggerSettings.setMetrics(a.metrics.provider)
 }
 
 func newGateMetrics(logger *zap.Logger, provider *metrics.GateMetrics, enabled bool) *gateMetrics {
 	if !enabled {
-		logger.Warn(logs.MetricsAreDisabled)
+		logger.Warn(logs.MetricsAreDisabled, logs.TagField(logs.TagApp))
 	}
 	return &gateMetrics{
 		logger:   logger,
@@ -369,7 +464,7 @@ func (m *gateMetrics) isEnabled() bool {
 
 func (m *gateMetrics) SetEnabled(enabled bool) {
 	if !enabled {
-		m.logger.Warn(logs.MetricsAreDisabled)
+		m.logger.Warn(logs.MetricsAreDisabled, logs.TagField(logs.TagApp))
 	}
 
 	m.mu.Lock()
@@ -432,7 +527,7 @@ func getFrostFSKey(cfg *viper.Viper, log *zap.Logger) (*keys.PrivateKey, error)
 	walletPath := cfg.GetString(cfgWalletPath)
 
 	if len(walletPath) == 0 {
-		log.Info(logs.NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun)
+		log.Info(logs.NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun, logs.TagField(logs.TagApp))
 		key, err := keys.NewPrivateKey()
 		if err != nil {
 			return nil, err
@@ -489,7 +584,10 @@ func getKeyFromWallet(w *wallet.Wallet, addrStr string, password *string) (*keys
 }
 
 func (a *app) Wait() {
-	a.log.Info(logs.StartingApplication, zap.String("app_name", "frostfs-http-gw"), zap.String("version", Version))
+	a.log.Info(logs.StartingApplication,
+		zap.String("app_name", "frostfs-http-gw"),
+		zap.String("version", Version),
+		logs.TagField(logs.TagApp))
 
 	a.metrics.SetVersion(Version)
 	a.setHealthStatus()
@@ -520,10 +618,10 @@ func (a *app) Serve() {
 
 	for i := range servs {
 		go func(i int) {
-			a.log.Info(logs.StartingServer, zap.String("address", servs[i].Address()))
+			a.log.Info(logs.StartingServer, zap.String("address", servs[i].Address()), logs.TagField(logs.TagApp))
 			if err := a.webServer.Serve(servs[i].Listener()); err != nil && err != http.ErrServerClosed {
 				a.metrics.MarkUnhealthy(servs[i].Address())
-				a.log.Fatal(logs.ListenAndServe, zap.Error(err))
+				a.log.Fatal(logs.ListenAndServe, zap.Error(err), logs.TagField(logs.TagApp))
 			}
 		}(i)
 	}
@@ -545,7 +643,7 @@ LOOP:
 		}
 	}
 
-	a.log.Info(logs.ShuttingDownWebServer, zap.Error(a.webServer.Shutdown()))
+	a.log.Info(logs.ShuttingDownWebServer, zap.Error(a.webServer.Shutdown()), logs.TagField(logs.TagApp))
 
 	a.metrics.Shutdown()
 	a.stopServices()
@@ -555,7 +653,7 @@ LOOP:
 func (a *app) initWorkerPool() *ants.Pool {
 	workerPool, err := ants.NewPool(a.settings.workerPoolSize)
 	if err != nil {
-		a.log.Fatal(logs.FailedToCreateWorkerPool, zap.Error(err))
+		a.log.Fatal(logs.FailedToCreateWorkerPool, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 	return workerPool
 }
@@ -566,37 +664,33 @@ func (a *app) shutdownTracing() {
 	defer cancel()
 
 	if err := tracing.Shutdown(shdnCtx); err != nil {
-		a.log.Warn(logs.FailedToShutdownTracing, zap.Error(err))
+		a.log.Warn(logs.FailedToShutdownTracing, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 }
 
 func (a *app) configReload(ctx context.Context) {
-	a.log.Info(logs.SIGHUPConfigReloadStarted)
-	if !a.cfg.IsSet(cmdConfig) && !a.cfg.IsSet(cmdConfigDir) {
-		a.log.Warn(logs.FailedToReloadConfigBecauseItsMissed)
+	a.log.Info(logs.SIGHUPConfigReloadStarted, logs.TagField(logs.TagApp))
+	if !a.config().IsSet(cmdConfig) && !a.config().IsSet(cmdConfigDir) {
+		a.log.Warn(logs.FailedToReloadConfigBecauseItsMissed, logs.TagField(logs.TagApp))
 		return
 	}
-	if err := readInConfig(a.cfg); err != nil {
-		a.log.Warn(logs.FailedToReloadConfig, zap.Error(err))
+	if err := a.cfg.reload(); err != nil {
+		a.log.Warn(logs.FailedToReloadConfig, zap.Error(err), logs.TagField(logs.TagApp))
 		return
 	}
 
-	if lvl, err := getLogLevel(a.cfg); err != nil {
-		a.log.Warn(logs.LogLevelWontBeUpdated, zap.Error(err))
-	} else {
-		a.logLevel.SetLevel(lvl)
-	}
+	a.settings.logLevelConfig.update(a.cfg.settings, a.log)
 
-	if err := a.settings.dialerSource.Update(fetchMultinetConfig(a.cfg, a.log)); err != nil {
-		a.log.Warn(logs.MultinetConfigWontBeUpdated, zap.Error(err))
+	if err := a.settings.dialerSource.Update(fetchMultinetConfig(a.config(), a.log)); err != nil {
+		a.log.Warn(logs.MultinetConfigWontBeUpdated, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 
 	if err := a.resolver.UpdateResolvers(a.getResolverConfig()); err != nil {
-		a.log.Warn(logs.FailedToUpdateResolvers, zap.Error(err))
+		a.log.Warn(logs.FailedToUpdateResolvers, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 
 	if err := a.updateServers(); err != nil {
-		a.log.Warn(logs.FailedToReloadServerParameters, zap.Error(err))
+		a.log.Warn(logs.FailedToReloadServerParameters, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 
 	a.setRuntimeParameters()
@@ -604,22 +698,24 @@ func (a *app) configReload(ctx context.Context) {
 	a.stopServices()
 	a.startServices()
 
-	a.settings.update(a.cfg, a.log)
+	a.settings.update(a.config(), a.log)
 
-	a.metrics.SetEnabled(a.cfg.GetBool(cfgPrometheusEnabled))
+	a.metrics.SetEnabled(a.config().GetBool(cfgPrometheusEnabled))
 	a.initTracing(ctx)
 	a.setHealthStatus()
 
-	a.log.Info(logs.SIGHUPConfigReloadCompleted)
+	a.log.Info(logs.SIGHUPConfigReloadCompleted, logs.TagField(logs.TagApp))
 }
 
 func (a *app) startServices() {
-	pprofConfig := metrics.Config{Enabled: a.cfg.GetBool(cfgPprofEnabled), Address: a.cfg.GetString(cfgPprofAddress)}
+	a.services = a.services[:0]
+
+	pprofConfig := metrics.Config{Enabled: a.config().GetBool(cfgPprofEnabled), Address: a.config().GetString(cfgPprofAddress)}
 	pprofService := metrics.NewPprofService(a.log, pprofConfig)
 	a.services = append(a.services, pprofService)
 	go pprofService.Start()
 
-	prometheusConfig := metrics.Config{Enabled: a.cfg.GetBool(cfgPrometheusEnabled), Address: a.cfg.GetString(cfgPrometheusAddress)}
+	prometheusConfig := metrics.Config{Enabled: a.config().GetBool(cfgPrometheusEnabled), Address: a.config().GetString(cfgPrometheusAddress)}
 	prometheusService := metrics.NewPrometheusService(a.log, prometheusConfig)
 	a.services = append(a.services, prometheusService)
 	go prometheusService.Start()
@@ -634,30 +730,32 @@ func (a *app) stopServices() {
 	}
 }
 
-func (a *app) configureRouter(handler *handler.Handler) {
+func (a *app) configureRouter(h *handler.Handler) {
 	r := router.New()
 	r.RedirectTrailingSlash = true
 	r.NotFound = func(r *fasthttp.RequestCtx) {
-		response.Error(r, "Not found", fasthttp.StatusNotFound)
+		handler.ResponseError(r, "Not found", fasthttp.StatusNotFound)
 	}
 	r.MethodNotAllowed = func(r *fasthttp.RequestCtx) {
-		response.Error(r, "Method Not Allowed", fasthttp.StatusMethodNotAllowed)
+		handler.ResponseError(r, "Method Not Allowed", fasthttp.StatusMethodNotAllowed)
 	}
 
-	r.POST("/upload/{cid}", a.addMiddlewares(handler.Upload))
+	r.POST("/upload/{cid}", a.addMiddlewares(h.Upload))
 	r.OPTIONS("/upload/{cid}", a.addPreflight())
-	a.log.Info(logs.AddedPathUploadCid)
-	r.GET("/get/{cid}/{oid:*}", a.addMiddlewares(handler.DownloadByAddressOrBucketName))
-	r.HEAD("/get/{cid}/{oid:*}", a.addMiddlewares(handler.HeadByAddressOrBucketName))
+	a.log.Info(logs.AddedPathUploadCid, logs.TagField(logs.TagApp))
+	r.GET("/get/{cid}/{oid:*}", a.addMiddlewares(h.DownloadByAddressOrBucketName))
+	r.HEAD("/get/{cid}/{oid:*}", a.addMiddlewares(h.HeadByAddressOrBucketName))
 	r.OPTIONS("/get/{cid}/{oid:*}", a.addPreflight())
-	a.log.Info(logs.AddedPathGetCidOid)
-	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(handler.DownloadByAttribute))
-	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(handler.HeadByAttribute))
+	a.log.Info(logs.AddedPathGetCidOid, logs.TagField(logs.TagApp))
+	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(h.DownloadByAttribute))
+	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(h.HeadByAttribute))
 	r.OPTIONS("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addPreflight())
-	a.log.Info(logs.AddedPathGetByAttributeCidAttrKeyAttrVal)
-	r.GET("/zip/{cid}/{prefix:*}", a.addMiddlewares(handler.DownloadZipped))
+	a.log.Info(logs.AddedPathGetByAttributeCidAttrKeyAttrVal, logs.TagField(logs.TagApp))
+	r.GET("/zip/{cid}/{prefix:*}", a.addMiddlewares(h.DownloadZip))
 	r.OPTIONS("/zip/{cid}/{prefix:*}", a.addPreflight())
-	a.log.Info(logs.AddedPathZipCidPrefix)
+	r.GET("/tar/{cid}/{prefix:*}", a.addMiddlewares(h.DownloadTar))
+	r.OPTIONS("/tar/{cid}/{prefix:*}", a.addPreflight())
+	a.log.Info(logs.AddedPathZipCidPrefix, logs.TagField(logs.TagApp))
 
 	a.webServer.Handler = r.Handler
 }
@@ -746,14 +844,11 @@ func (a *app) logger(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 		reqCtx = utils.SetReqLog(reqCtx, log)
 		utils.SetContextToRequest(reqCtx, req)
 
-		fields := []zap.Field{
-			zap.String("remote", req.RemoteAddr().String()),
+		log.Info(logs.Request, zap.String("remote", req.RemoteAddr().String()),
 			zap.ByteString("method", req.Method()),
 			zap.ByteString("path", req.Path()),
 			zap.ByteString("query", req.QueryArgs().QueryString()),
-		}
-
-		log.Info(logs.Request, fields...)
+			logs.TagField(logs.TagDatapath))
 		h(req)
 	}
 }
@@ -797,8 +892,8 @@ func (a *app) tokenizer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 		if err != nil {
 			log := utils.GetReqLogOrDefault(reqCtx, a.log)
 
-			log.Error(logs.CouldNotFetchAndStoreBearerToken, zap.Error(err))
-			response.Error(req, "could not fetch and store bearer token: "+err.Error(), fasthttp.StatusBadRequest)
+			log.Error(logs.CouldNotFetchAndStoreBearerToken, zap.Error(err), logs.TagField(logs.TagDatapath))
+			handler.ResponseError(req, "could not fetch and store bearer token: "+err.Error(), fasthttp.StatusBadRequest)
 			return
 		}
 		utils.SetContextToRequest(appCtx, req)
@@ -839,12 +934,12 @@ func (a *app) AppParams() *handler.AppParams {
 		FrostFS:  frostfs.NewFrostFS(a.pool),
 		Owner:    a.owner,
 		Resolver: a.resolver,
-		Cache:    cache.NewBucketCache(getCacheOptions(a.cfg, a.log)),
+		Cache:    a.bucketCache,
 	}
 }
 
 func (a *app) initServers(ctx context.Context) {
-	serversInfo := fetchServers(a.cfg, a.log)
+	serversInfo := fetchServers(a.config(), a.log)
 
 	a.servers = make([]Server, 0, len(serversInfo))
 	for _, serverInfo := range serversInfo {
@@ -856,22 +951,22 @@ func (a *app) initServers(ctx context.Context) {
 		if err != nil {
 			a.unbindServers = append(a.unbindServers, serverInfo)
 			a.metrics.MarkUnhealthy(serverInfo.Address)
-			a.log.Warn(logs.FailedToAddServer, append(fields, zap.Error(err))...)
+			a.log.Warn(logs.FailedToAddServer, append(fields, zap.Error(err), logs.TagField(logs.TagApp))...)
 			continue
 		}
 		a.metrics.MarkHealthy(serverInfo.Address)
 
 		a.servers = append(a.servers, srv)
-		a.log.Info(logs.AddServer, fields...)
+		a.log.Info(logs.AddServer, append(fields, logs.TagField(logs.TagApp))...)
 	}
 
 	if len(a.servers) == 0 {
-		a.log.Fatal(logs.NoHealthyServers)
+		a.log.Fatal(logs.NoHealthyServers, logs.TagField(logs.TagApp))
 	}
 }
 
 func (a *app) updateServers() error {
-	serversInfo := fetchServers(a.cfg, a.log)
+	serversInfo := fetchServers(a.config(), a.log)
 
 	a.mu.Lock()
 	defer a.mu.Unlock()
@@ -884,8 +979,8 @@ func (a *app) updateServers() error {
 				if err := ser.UpdateCert(serverInfo.TLS.CertFile, serverInfo.TLS.KeyFile); err != nil {
 					return fmt.Errorf("failed to update tls certs: %w", err)
 				}
-				found = true
 			}
+			found = true
 		} else if unbind := a.updateUnbindServerInfo(serverInfo); unbind {
 			found = true
 		}
@@ -929,58 +1024,60 @@ func (a *app) initTracing(ctx context.Context) {
 		instanceID = a.servers[0].Address()
 	}
 	cfg := tracing.Config{
-		Enabled:    a.cfg.GetBool(cfgTracingEnabled),
-		Exporter:   tracing.Exporter(a.cfg.GetString(cfgTracingExporter)),
-		Endpoint:   a.cfg.GetString(cfgTracingEndpoint),
+		Enabled:    a.config().GetBool(cfgTracingEnabled),
+		Exporter:   tracing.Exporter(a.config().GetString(cfgTracingExporter)),
+		Endpoint:   a.config().GetString(cfgTracingEndpoint),
 		Service:    "frostfs-http-gw",
 		InstanceID: instanceID,
 		Version:    Version,
 	}
 
-	if trustedCa := a.cfg.GetString(cfgTracingTrustedCa); trustedCa != "" {
+	if trustedCa := a.config().GetString(cfgTracingTrustedCa); trustedCa != "" {
 		caBytes, err := os.ReadFile(trustedCa)
 		if err != nil {
-			a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err))
+			a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err), logs.TagField(logs.TagApp))
 			return
 		}
 		certPool := x509.NewCertPool()
 		ok := certPool.AppendCertsFromPEM(caBytes)
 		if !ok {
-			a.log.Warn(logs.FailedToInitializeTracing, zap.String("error", "can't fill cert pool by ca cert"))
+			a.log.Warn(logs.FailedToInitializeTracing, zap.String("error", "can't fill cert pool by ca cert"),
+				logs.TagField(logs.TagApp))
 			return
 		}
 		cfg.ServerCaCertPool = certPool
 	}
 
-	attributes, err := fetchTracingAttributes(a.cfg)
+	attributes, err := fetchTracingAttributes(a.config())
 	if err != nil {
-		a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err))
+		a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err), logs.TagField(logs.TagApp))
 		return
 	}
 	cfg.Attributes = attributes
 
 	updated, err := tracing.Setup(ctx, cfg)
 	if err != nil {
-		a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err))
+		a.log.Warn(logs.FailedToInitializeTracing, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 	if updated {
-		a.log.Info(logs.TracingConfigUpdated)
+		a.log.Info(logs.TracingConfigUpdated, logs.TagField(logs.TagApp))
 	}
 }
 
 func (a *app) setRuntimeParameters() {
 	if len(os.Getenv("GOMEMLIMIT")) != 0 {
 		// default limit < yaml limit < app env limit < GOMEMLIMIT
-		a.log.Warn(logs.RuntimeSoftMemoryDefinedWithGOMEMLIMIT)
+		a.log.Warn(logs.RuntimeSoftMemoryDefinedWithGOMEMLIMIT, logs.TagField(logs.TagApp))
 		return
 	}
 
-	softMemoryLimit := fetchSoftMemoryLimit(a.cfg)
+	softMemoryLimit := fetchSoftMemoryLimit(a.config())
 	previous := debug.SetMemoryLimit(softMemoryLimit)
 	if softMemoryLimit != previous {
 		a.log.Info(logs.RuntimeSoftMemoryLimitUpdated,
 			zap.Int64("new_value", softMemoryLimit),
-			zap.Int64("old_value", previous))
+			zap.Int64("old_value", previous),
+			logs.TagField(logs.TagApp))
 	}
 }
 
@@ -1006,34 +1103,32 @@ func (a *app) tryReconnect(ctx context.Context, sr *fasthttp.Server) bool {
 	a.mu.Lock()
 	defer a.mu.Unlock()
 
-	a.log.Info(logs.ServerReconnecting)
+	a.log.Info(logs.ServerReconnecting, logs.TagField(logs.TagApp))
 	var failedServers []ServerInfo
 
 	for _, serverInfo := range a.unbindServers {
-		fields := []zap.Field{
-			zap.String("address", serverInfo.Address), zap.Bool("tls enabled", serverInfo.TLS.Enabled),
-			zap.String("tls cert", serverInfo.TLS.CertFile), zap.String("tls key", serverInfo.TLS.KeyFile),
-		}
-
 		srv, err := newServer(ctx, serverInfo)
 		if err != nil {
-			a.log.Warn(logs.ServerReconnectFailed, zap.Error(err))
+			a.log.Warn(logs.ServerReconnectFailed, zap.Error(err), logs.TagField(logs.TagApp))
 			failedServers = append(failedServers, serverInfo)
 			a.metrics.MarkUnhealthy(serverInfo.Address)
 			continue
 		}
 
 		go func() {
-			a.log.Info(logs.StartingServer, zap.String("address", srv.Address()))
+			a.log.Info(logs.StartingServer, zap.String("address", srv.Address()), logs.TagField(logs.TagApp))
 			a.metrics.MarkHealthy(serverInfo.Address)
 			if err = sr.Serve(srv.Listener()); err != nil && !errors.Is(err, http.ErrServerClosed) {
-				a.log.Warn(logs.ListenAndServe, zap.Error(err))
+				a.log.Warn(logs.ListenAndServe, zap.Error(err), logs.TagField(logs.TagApp))
 				a.metrics.MarkUnhealthy(serverInfo.Address)
 			}
 		}()
 
 		a.servers = append(a.servers, srv)
-		a.log.Info(logs.ServerReconnectedSuccessfully, fields...)
+		a.log.Info(logs.ServerReconnectedSuccessfully,
+			zap.String("address", serverInfo.Address), zap.Bool("tls enabled", serverInfo.TLS.Enabled),
+			zap.String("tls cert", serverInfo.TLS.CertFile), zap.String("tls key", serverInfo.TLS.KeyFile),
+			logs.TagField(logs.TagApp))
 	}
 
 	a.unbindServers = failedServers

cmd/http-gw/integration_test.go

@@ -14,6 +14,7 @@ import (
 	"net/http"
 	"os"
 	"sort"
+	"strings"
 	"testing"
 	"time"
 
@@ -28,9 +29,9 @@ import (
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
+	docker "github.com/docker/docker/api/types/container"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
-	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
@@ -49,11 +50,12 @@ const (
 
 func TestIntegration(t *testing.T) {
 	rootCtx := context.Background()
-	aioImage := "truecloudlab/frostfs-aio:"
+	aioImage := "git.frostfs.info/truecloudlab/frostfs-aio:"
 	versions := []string{
 		"1.2.7",
 		"1.3.0",
 		"1.5.0",
+		"1.6.5",
 	}
 	key, err := keys.NewPrivateKeyFromHex("1dd37fba80fec4e6a6f13fd708d8dcb3b29def768017052f6c930fa1c5d90bbb")
 	require.NoError(t, err)
@@ -70,21 +72,28 @@ func TestIntegration(t *testing.T) {
 		ctx, cancel2 := context.WithCancel(rootCtx)
 
 		aioContainer := createDockerContainer(ctx, t, aioImage+version)
+		if strings.HasPrefix(version, "1.6") {
+			registerUser(t, ctx, aioContainer, file.Name())
+		}
+
+		// See the logs from the command execution.
 		server, cancel := runServer(file.Name())
 		clientPool := getPool(ctx, t, key)
-		CID, err := createContainer(ctx, t, clientPool, ownerID, version)
+		CID, err := createContainer(ctx, t, clientPool, ownerID)
 		require.NoError(t, err, version)
 
-		token := makeBearerToken(t, key, ownerID, version)
+		jsonToken, binaryToken := makeBearerTokens(t, key, ownerID, version)
 
-		t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
-		t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) })
-		t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) })
+		t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID) })
+		t.Run("put with json bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, jsonToken) })
+		t.Run("put with json bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, jsonToken) })
+		t.Run("put with binary bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, binaryToken) })
+		t.Run("put with binary bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, binaryToken) })
 		t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
-		t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
-		t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
-		t.Run("get zip "+version, func(t *testing.T) { getZip(ctx, t, clientPool, ownerID, CID, version) })
-		t.Run("test namespaces "+version, func(t *testing.T) { checkNamespaces(ctx, t, clientPool, ownerID, CID, version) })
+		t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID) })
+		t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID) })
+		t.Run("get zip "+version, func(t *testing.T) { getZip(ctx, t, clientPool, ownerID, CID) })
+		t.Run("test namespaces "+version, func(t *testing.T) { checkNamespaces(ctx, t, clientPool, ownerID, CID) })
 
 		cancel()
 		server.Wait()
@@ -98,8 +107,8 @@ func runServer(pathToWallet string) (App, context.CancelFunc) {
 	cancelCtx, cancel := context.WithCancel(context.Background())
 
 	v := getDefaultConfig()
-	v.Set(cfgWalletPath, pathToWallet)
-	v.Set(cfgWalletPassphrase, "")
+	v.config().Set(cfgWalletPath, pathToWallet)
+	v.config().Set(cfgWalletPassphrase, "")
 
 	application := newApp(cancelCtx, v)
 	go application.Serve()
@@ -107,7 +116,7 @@ func runServer(pathToWallet string) (App, context.CancelFunc) {
 	return application, cancel
 }
 
-func simplePut(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID, version string) {
+func simplePut(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID) {
 	url := testHost + "/upload/" + CID.String()
 	makePutRequestAndCheck(ctx, t, p, CID, url)
 
@@ -255,7 +264,7 @@ func putWithDuplicateKeys(t *testing.T, CID cid.ID) {
 	require.Equal(t, http.StatusBadRequest, resp.StatusCode)
 }
 
-func simpleGet(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
+func simpleGet(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) {
 	content := "content of file"
 	attributes := map[string]string{
 		"some-attr": "some-get-value",
@@ -302,7 +311,7 @@ func checkGetByAttrResponse(t *testing.T, resp *http.Response, content string, a
 	}
 }
 
-func getByAttr(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
+func getByAttr(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) {
 	keyAttr, valAttr := "some-attr", "some-get-by-attr-value"
 	content := "content of file"
 	attributes := map[string]string{keyAttr: valAttr}
@@ -324,7 +333,7 @@ func getByAttr(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 	checkGetByAttrResponse(t, resp, content, expectedAttr)
 }
 
-func getZip(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
+func getZip(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) {
 	names := []string{"zipfolder/dir/name1.txt", "zipfolder/name2.txt"}
 	contents := []string{"content of file1", "content of file2"}
 	attributes1 := map[string]string{object.AttributeFilePath: names[0]}
@@ -389,7 +398,7 @@ func checkZip(t *testing.T, data []byte, length int64, names, contents []string)
 	}
 }
 
-func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
+func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) {
 	content := "content of file"
 	attributes := map[string]string{
 		"some-attr": "some-get-value",
@@ -425,11 +434,13 @@ func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, o
 
 func createDockerContainer(ctx context.Context, t *testing.T, image string) testcontainers.Container {
 	req := testcontainers.ContainerRequest{
-		Image:       image,
-		WaitingFor:  wait.NewLogStrategy("aio container started").WithStartupTimeout(30 * time.Second),
-		Name:        "aio",
-		Hostname:    "aio",
-		NetworkMode: "host",
+		Image:      image,
+		WaitingFor: wait.NewLogStrategy("aio container started").WithStartupTimeout(2 * time.Minute),
+		Name:       "aio",
+		Hostname:   "aio",
+		HostConfigModifier: func(hc *docker.HostConfig) {
+			hc.NetworkMode = "host"
+		},
 	}
 	aioC, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
 		ContainerRequest: req,
@@ -440,14 +451,14 @@ func createDockerContainer(ctx context.Context, t *testing.T, image string) test
 	return aioC
 }
 
-func getDefaultConfig() *viper.Viper {
+func getDefaultConfig() *appCfg {
 	v := settings()
-	v.SetDefault(cfgPeers+".0.address", "localhost:8080")
-	v.SetDefault(cfgPeers+".0.weight", 1)
-	v.SetDefault(cfgPeers+".0.priority", 1)
+	v.config().SetDefault(cfgPeers+".0.address", "localhost:8080")
+	v.config().SetDefault(cfgPeers+".0.weight", 1)
+	v.config().SetDefault(cfgPeers+".0.priority", 1)
 
-	v.SetDefault(cfgRPCEndpoint, "http://localhost:30333")
-	v.SetDefault("server.0.address", testListenAddress)
+	v.config().SetDefault(cfgRPCEndpoint, "http://localhost:30333")
+	v.config().SetDefault("server.0.address", testListenAddress)
 
 	return v
 }
@@ -466,7 +477,7 @@ func getPool(ctx context.Context, t *testing.T, key *keys.PrivateKey) *pool.Pool
 	return clientPool
 }
 
-func createContainer(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, version string) (cid.ID, error) {
+func createContainer(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID) (cid.ID, error) {
 	var policy netmap.PlacementPolicy
 	err := policy.DecodeString("REP 1")
 	require.NoError(t, err)
@@ -526,7 +537,19 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 	return id.ObjectID
 }
 
-func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {
+func registerUser(t *testing.T, ctx context.Context, aioContainer testcontainers.Container, pathToWallet string) {
+	err := aioContainer.CopyFileToContainer(ctx, pathToWallet, "/usr/wallet.json", 644)
+	require.NoError(t, err)
+
+	_, _, err = aioContainer.Exec(ctx, []string{
+		"/usr/bin/frostfs-s3-authmate", "register-user",
+		"--wallet", "/usr/wallet.json",
+		"--rpc-endpoint", "http://localhost:30333",
+		"--contract-wallet", "/config/s3-gw-wallet.json"})
+	require.NoError(t, err)
+}
+
+func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) (jsonTokenBase64, binaryTokenBase64 string) {
 	tkn := new(bearer.Token)
 	tkn.ForUser(ownerID)
 	tkn.SetExp(10000)
@@ -540,10 +563,16 @@ func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, versio
 	err := tkn.Sign(key.PrivateKey)
 	require.NoError(t, err)
 
-	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
-	require.NotEmpty(t, t64)
+	jsonToken, err := tkn.MarshalJSON()
+	require.NoError(t, err)
 
-	return t64
+	jsonTokenBase64 = base64.StdEncoding.EncodeToString(jsonToken)
+	binaryTokenBase64 = base64.StdEncoding.EncodeToString(tkn.Marshal())
+
+	require.NotEmpty(t, jsonTokenBase64)
+	require.NotEmpty(t, binaryTokenBase64)
+
+	return
 }
 
 func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {

cmd/http-gw/logger.go

@@ -0,0 +1,174 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/zapjournald"
+	"github.com/spf13/viper"
+	"github.com/ssgreg/journald"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+
+func getLogLevel(v *viper.Viper) (zapcore.Level, error) {
+	var lvl zapcore.Level
+	lvlStr := v.GetString(cfgLoggerLevel)
+	err := lvl.UnmarshalText([]byte(lvlStr))
+	if err != nil {
+		return lvl, fmt.Errorf("incorrect logger level configuration %s (%v), "+
+			"value should be one of %v", lvlStr, err, [...]zapcore.Level{
+			zapcore.DebugLevel,
+			zapcore.InfoLevel,
+			zapcore.WarnLevel,
+			zapcore.ErrorLevel,
+			zapcore.DPanicLevel,
+			zapcore.PanicLevel,
+			zapcore.FatalLevel,
+		})
+	}
+	return lvl, nil
+}
+
+var _ zapcore.Core = (*zapCoreTagFilterWrapper)(nil)
+
+type zapCoreTagFilterWrapper struct {
+	core     zapcore.Core
+	settings TagFilterSettings
+	extra    []zap.Field
+}
+
+type TagFilterSettings interface {
+	LevelEnabled(tag string, lvl zapcore.Level) bool
+}
+
+func (c *zapCoreTagFilterWrapper) Enabled(level zapcore.Level) bool {
+	return c.core.Enabled(level)
+}
+
+func (c *zapCoreTagFilterWrapper) With(fields []zapcore.Field) zapcore.Core {
+	return &zapCoreTagFilterWrapper{
+		core:     c.core.With(fields),
+		settings: c.settings,
+		extra:    append(c.extra, fields...),
+	}
+}
+
+func (c *zapCoreTagFilterWrapper) Check(entry zapcore.Entry, checked *zapcore.CheckedEntry) *zapcore.CheckedEntry {
+	if c.core.Enabled(entry.Level) {
+		return checked.AddCore(entry, c)
+	}
+	return checked
+}
+
+func (c *zapCoreTagFilterWrapper) Write(entry zapcore.Entry, fields []zapcore.Field) error {
+	if c.shouldSkip(entry, fields) || c.shouldSkip(entry, c.extra) {
+		return nil
+	}
+
+	return c.core.Write(entry, fields)
+}
+
+func (c *zapCoreTagFilterWrapper) shouldSkip(entry zapcore.Entry, fields []zap.Field) bool {
+	for _, field := range fields {
+		if field.Key == logs.TagFieldName && field.Type == zapcore.StringType {
+			if !c.settings.LevelEnabled(field.String, entry.Level) {
+				return true
+			}
+			break
+		}
+	}
+
+	return false
+}
+
+func (c *zapCoreTagFilterWrapper) Sync() error {
+	return c.core.Sync()
+}
+
+func applyZapCoreMiddlewares(core zapcore.Core, v *viper.Viper, loggerSettings LoggerAppSettings, tagSetting TagFilterSettings) zapcore.Core {
+	core = &zapCoreTagFilterWrapper{
+		core:     core,
+		settings: tagSetting,
+	}
+
+	if v.GetBool(cfgLoggerSamplingEnabled) {
+		core = zapcore.NewSamplerWithOptions(core,
+			v.GetDuration(cfgLoggerSamplingInterval),
+			v.GetInt(cfgLoggerSamplingInitial),
+			v.GetInt(cfgLoggerSamplingThereafter),
+			zapcore.SamplerHook(func(_ zapcore.Entry, dec zapcore.SamplingDecision) {
+				if dec&zapcore.LogDropped > 0 {
+					loggerSettings.DroppedLogsInc()
+				}
+			}))
+	}
+
+	return core
+}
+
+func newLogEncoder() zapcore.Encoder {
+	c := zap.NewProductionEncoderConfig()
+	c.EncodeTime = zapcore.ISO8601TimeEncoder
+
+	return zapcore.NewConsoleEncoder(c)
+}
+
+// newStdoutLogger constructs a zap.Logger instance for current application.
+// Panics on failure.
+//
+// Logger is built from zap's production logging configuration with:
+//   - parameterized level (debug by default)
+//   - console encoding
+//   - ISO8601 time encoding
+//
+// Logger records a stack trace for all messages at or above fatal level.
+//
+// See also zapcore.Level, zap.NewProductionConfig, zap.AddStacktrace.
+func newStdoutLogger(v *viper.Viper, lvl zap.AtomicLevel, loggerSettings LoggerAppSettings, tagSetting TagFilterSettings) *Logger {
+	stdout := zapcore.AddSync(os.Stderr)
+
+	consoleOutCore := zapcore.NewCore(newLogEncoder(), stdout, lvl)
+	consoleOutCore = applyZapCoreMiddlewares(consoleOutCore, v, loggerSettings, tagSetting)
+
+	return &Logger{
+		logger: zap.New(consoleOutCore, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel))),
+		lvl:    lvl,
+	}
+}
+
+func newJournaldLogger(v *viper.Viper, lvl zap.AtomicLevel, loggerSettings LoggerAppSettings, tagSetting TagFilterSettings) *Logger {
+	encoder := zapjournald.NewPartialEncoder(newLogEncoder(), zapjournald.SyslogFields)
+
+	core := zapjournald.NewCore(lvl, encoder, &journald.Journal{}, zapjournald.SyslogFields)
+	coreWithContext := core.With([]zapcore.Field{
+		zapjournald.SyslogFacility(zapjournald.LogDaemon),
+		zapjournald.SyslogIdentifier(),
+		zapjournald.SyslogPid(),
+	})
+
+	coreWithContext = applyZapCoreMiddlewares(coreWithContext, v, loggerSettings, tagSetting)
+
+	return &Logger{
+		logger: zap.New(coreWithContext, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel))),
+		lvl:    lvl,
+	}
+}
+
+type LoggerAppSettings interface {
+	DroppedLogsInc()
+}
+
+func pickLogger(v *viper.Viper, lvl zap.AtomicLevel, loggerSettings LoggerAppSettings, tagSettings TagFilterSettings) *Logger {
+	dest := v.GetString(cfgLoggerDestination)
+
+	switch dest {
+	case destinationStdout:
+		return newStdoutLogger(v, lvl, loggerSettings, tagSettings)
+	case destinationJournald:
+		return newJournaldLogger(v, lvl, loggerSettings, tagSettings)
+	default:
+		panic(fmt.Sprintf("wrong destination for logger: %s", dest))
+	}
+}

cmd/http-gw/main.go

@@ -8,9 +8,9 @@ import (
 
 func main() {
 	globalContext, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
-	v := settings()
+	cfg := settings()
 
-	application := newApp(globalContext, v)
+	application := newApp(globalContext, cfg)
 	go application.Serve()
 	application.Wait()
 }

cmd/http-gw/server.go

@@ -74,7 +74,6 @@ func newServer(ctx context.Context, serverInfo ServerInfo) (*server, error) {
 
 		ln = tls.NewListener(ln, &tls.Config{
 			GetCertificate: tlsProvider.GetCertificate,
-			NextProtos:     []string{"h2"}, // required to enable HTTP/2 requests in `http.Serve`
 		})
 	}
 

cmd/http-gw/server_test.go

@@ -18,7 +18,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/require"
-	"golang.org/x/net/http2"
+	"github.com/valyala/fasthttp"
 )
 
 const (
@@ -26,14 +26,10 @@ const (
 	expHeaderValue = "Bar"
 )
 
-func TestHTTP2TLS(t *testing.T) {
+func TestHTTP_TLS(t *testing.T) {
 	ctx := context.Background()
 	certPath, keyPath := prepareTestCerts(t)
 
-	srv := &http.Server{
-		Handler: http.HandlerFunc(testHandler),
-	}
-
 	tlsListener, err := newServer(ctx, ServerInfo{
 		Address: ":0",
 		TLS: ServerTLSInfo{
@@ -47,37 +43,34 @@ func TestHTTP2TLS(t *testing.T) {
 	addr := fmt.Sprintf("https://localhost:%d", port)
 
 	go func() {
-		_ = srv.Serve(tlsListener.Listener())
+		_ = fasthttp.Serve(tlsListener.Listener(), testHandler)
 	}()
 
-	// Server is running, now send HTTP/2 request
-
 	tlsClientConfig := &tls.Config{
 		InsecureSkipVerify: true,
 	}
 
-	cliHTTP1 := http.Client{Transport: &http.Transport{TLSClientConfig: tlsClientConfig}}
-	cliHTTP2 := http.Client{Transport: &http2.Transport{TLSClientConfig: tlsClientConfig}}
+	cliHTTP := http.Client{Transport: &http.Transport{}}
+	cliHTTPS := http.Client{Transport: &http.Transport{TLSClientConfig: tlsClientConfig}}
 
 	req, err := http.NewRequest("GET", addr, nil)
 	require.NoError(t, err)
 	req.Header[expHeaderKey] = []string{expHeaderValue}
 
-	resp, err := cliHTTP1.Do(req)
+	resp, err := cliHTTPS.Do(req)
 	require.NoError(t, err)
 	require.Equal(t, http.StatusOK, resp.StatusCode)
 
-	resp, err = cliHTTP2.Do(req)
-	require.NoError(t, err)
-	require.Equal(t, http.StatusOK, resp.StatusCode)
+	_, err = cliHTTP.Do(req)
+	require.ErrorContains(t, err, "failed to verify certificate")
 }
 
-func testHandler(resp http.ResponseWriter, req *http.Request) {
-	hdr, ok := req.Header[expHeaderKey]
-	if !ok || len(hdr) != 1 || hdr[0] != expHeaderValue {
-		resp.WriteHeader(http.StatusBadRequest)
+func testHandler(ctx *fasthttp.RequestCtx) {
+	hdr := ctx.Request.Header.Peek(expHeaderKey)
+	if len(hdr) == 0 || string(hdr) != expHeaderValue {
+		ctx.Response.SetStatusCode(http.StatusBadRequest)
 	} else {
-		resp.WriteHeader(http.StatusOK)
+		ctx.Response.SetStatusCode(http.StatusOK)
 	}
 }
 

cmd/http-gw/settings.go

@@ -12,20 +12,20 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 	internalnet "git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/net"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/service/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	grpctracing "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing/grpc"
+	qostagging "git.frostfs.info/TrueCloudLab/frostfs-qos/tagging"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
-	"git.frostfs.info/TrueCloudLab/zapjournald"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
-	"github.com/ssgreg/journald"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
@@ -110,6 +110,11 @@ const (
 	cfgLoggerSamplingThereafter = "logger.sampling.thereafter"
 	cfgLoggerSamplingInterval   = "logger.sampling.interval"
 
+	cfgLoggerTags           = "logger.tags"
+	cfgLoggerTagsPrefixTmpl = cfgLoggerTags + ".%d."
+	cfgLoggerTagsNameTmpl   = cfgLoggerTagsPrefixTmpl + "name"
+	cfgLoggerTagsLevelTmpl  = cfgLoggerTagsPrefixTmpl + "level"
+
 	// Wallet.
 	cfgWalletPassphrase = "wallet.passphrase"
 	cfgWalletPath       = "wallet.path"
@@ -128,8 +133,13 @@ const (
 	cfgResolveOrder = "resolve_order"
 
 	// Zip compression.
+	//
+	// Deprecated: Use cfgArchiveCompression instead.
 	cfgZipCompression = "zip.compression"
 
+	// Archive compression.
+	cfgArchiveCompression = "archive.compression"
+
 	// Runtime.
 	cfgSoftMemoryLimit = "runtime.soft_memory_limit"
 
@@ -144,6 +154,7 @@ const (
 	// Caching.
 	cfgBucketsCacheLifetime = "cache.buckets.lifetime"
 	cfgBucketsCacheSize     = "cache.buckets.size"
+	cfgNetmapCacheLifetime  = "cache.netmap.lifetime"
 
 	// Bucket resolving options.
 	cfgResolveNamespaceHeader   = "resolve_bucket.namespace_header"
@@ -166,6 +177,7 @@ const (
 
 	// Feature.
 	cfgFeaturesEnableFilepathFallback = "features.enable_filepath_fallback"
+	cfgFeaturesTreePoolNetmapSupport  = "features.tree_pool_netmap_support"
 
 	// Command line args.
 	cmdHelp          = "help"
@@ -185,19 +197,79 @@ var ignore = map[string]struct{}{
 	cmdVersion: {},
 }
 
+var defaultTags = []string{logs.TagApp, logs.TagDatapath, logs.TagExternalStorage, logs.TagExternalStorageTree}
+
 type Logger struct {
 	logger *zap.Logger
 	lvl    zap.AtomicLevel
 }
 
-func settings() *viper.Viper {
+type appCfg struct {
+	flags *pflag.FlagSet
+
+	mu       sync.RWMutex
+	settings *viper.Viper
+}
+
+func (a *appCfg) reload() error {
+	old := a.config()
+
+	v, err := newViper(a.flags)
+	if err != nil {
+		return err
+	}
+
+	if old.IsSet(cmdConfig) {
+		v.Set(cmdConfig, old.Get(cmdConfig))
+	}
+	if old.IsSet(cmdConfigDir) {
+		v.Set(cmdConfigDir, old.Get(cmdConfigDir))
+	}
+
+	if err = readInConfig(v); err != nil {
+		return err
+	}
+
+	a.setConfig(v)
+	return nil
+}
+
+func (a *appCfg) config() *viper.Viper {
+	a.mu.RLock()
+	defer a.mu.RUnlock()
+
+	return a.settings
+}
+
+func (a *appCfg) setConfig(v *viper.Viper) {
+	a.mu.Lock()
+	a.settings = v
+	a.mu.Unlock()
+}
+
+func newViper(flags *pflag.FlagSet) (*viper.Viper, error) {
 	v := viper.New()
+
 	v.AutomaticEnv()
 	v.SetEnvPrefix(Prefix)
 	v.AllowEmptyEnv(true)
 	v.SetConfigType("yaml")
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 
+	if err := bindFlags(v, flags); err != nil {
+		return nil, err
+	}
+
+	setDefaults(v, flags)
+
+	if v.IsSet(cfgServer+".0."+cfgTLSKeyFile) && v.IsSet(cfgServer+".0."+cfgTLSCertFile) {
+		v.Set(cfgServer+".0."+cfgTLSEnabled, true)
+	}
+
+	return v, nil
+}
+
+func settings() *appCfg {
 	// flags setup:
 	flags := pflag.NewFlagSet("commandline", pflag.ExitOnError)
 	flags.SetOutput(os.Stdout)
@@ -221,92 +293,17 @@ func settings() *viper.Viper {
 	flags.String(cmdListenAddress, "0.0.0.0:8080", "addresses to listen")
 	flags.String(cfgTLSCertFile, "", "TLS certificate path")
 	flags.String(cfgTLSKeyFile, "", "TLS key path")
-	peers := flags.StringArrayP(cfgPeers, "p", nil, "FrostFS nodes")
+	flags.StringArrayP(cfgPeers, "p", nil, "FrostFS nodes")
 
-	resolveMethods := flags.StringSlice(cfgResolveOrder, []string{resolver.NNSResolver, resolver.DNSResolver}, "set container name resolve order")
-
-	// set defaults:
-
-	// logger:
-	v.SetDefault(cfgLoggerLevel, "debug")
-	v.SetDefault(cfgLoggerDestination, "stdout")
-	v.SetDefault(cfgLoggerSamplingEnabled, false)
-	v.SetDefault(cfgLoggerSamplingThereafter, 100)
-	v.SetDefault(cfgLoggerSamplingInitial, 100)
-	v.SetDefault(cfgLoggerSamplingInterval, defaultLoggerSamplerInterval)
-
-	// pool:
-	v.SetDefault(cfgPoolErrorThreshold, defaultPoolErrorThreshold)
-
-	// frostfs:
-	v.SetDefault(cfgBufferMaxSizeForPut, defaultBufferMaxSizeForPut)
-
-	// web-server:
-	v.SetDefault(cfgWebReadBufferSize, 4096)
-	v.SetDefault(cfgWebWriteBufferSize, 4096)
-	v.SetDefault(cfgWebReadTimeout, time.Minute*10)
-	v.SetDefault(cfgWebWriteTimeout, time.Minute*5)
-	v.SetDefault(cfgWebStreamRequestBody, true)
-	v.SetDefault(cfgWebMaxRequestBodySize, fasthttp.DefaultMaxRequestBodySize)
-
-	v.SetDefault(cfgWorkerPoolSize, 1000)
-	// upload header
-	v.SetDefault(cfgUploaderHeaderEnableDefaultTimestamp, false)
-
-	// zip:
-	v.SetDefault(cfgZipCompression, false)
-
-	// metrics
-	v.SetDefault(cfgPprofAddress, "localhost:8083")
-	v.SetDefault(cfgPrometheusAddress, "localhost:8084")
-
-	// resolve bucket
-	v.SetDefault(cfgResolveNamespaceHeader, defaultNamespaceHeader)
-	v.SetDefault(cfgResolveDefaultNamespaces, []string{"", "root"})
-
-	// multinet
-	v.SetDefault(cfgMultinetFallbackDelay, defaultMultinetFallbackDelay)
-
-	// Binding flags
-	if err := v.BindPFlag(cfgPprofEnabled, flags.Lookup(cmdPprof)); err != nil {
-		panic(err)
-	}
-	if err := v.BindPFlag(cfgPrometheusEnabled, flags.Lookup(cmdMetrics)); err != nil {
-		panic(err)
-	}
-
-	if err := v.BindPFlag(cfgWalletPath, flags.Lookup(cmdWallet)); err != nil {
-		panic(err)
-	}
-
-	if err := v.BindPFlag(cfgWalletAddress, flags.Lookup(cmdAddress)); err != nil {
-		panic(err)
-	}
-
-	if err := v.BindPFlags(flags); err != nil {
-		panic(err)
-	}
-
-	if err := v.BindPFlag(cfgServer+".0.address", flags.Lookup(cmdListenAddress)); err != nil {
-		panic(err)
-	}
-	if err := v.BindPFlag(cfgServer+".0."+cfgTLSKeyFile, flags.Lookup(cfgTLSKeyFile)); err != nil {
-		panic(err)
-	}
-	if err := v.BindPFlag(cfgServer+".0."+cfgTLSCertFile, flags.Lookup(cfgTLSCertFile)); err != nil {
-		panic(err)
-	}
+	flags.StringSlice(cfgResolveOrder, []string{resolver.NNSResolver, resolver.DNSResolver}, "set container name resolve order")
 
 	if err := flags.Parse(os.Args); err != nil {
 		panic(err)
 	}
 
-	if v.IsSet(cfgServer+".0."+cfgTLSKeyFile) && v.IsSet(cfgServer+".0."+cfgTLSCertFile) {
-		v.Set(cfgServer+".0."+cfgTLSEnabled, true)
-	}
-
-	if resolveMethods != nil {
-		v.SetDefault(cfgResolveOrder, *resolveMethods)
+	v, err := newViper(flags)
+	if err != nil {
+		panic(fmt.Errorf("bind flags: %w", err))
 	}
 
 	switch {
@@ -351,15 +348,97 @@ func settings() *viper.Viper {
 		panic(err)
 	}
 
-	if peers != nil && len(*peers) > 0 {
-		for i := range *peers {
-			v.SetDefault(cfgPeers+"."+strconv.Itoa(i)+".address", (*peers)[i])
+	return &appCfg{
+		flags:    flags,
+		settings: v,
+	}
+}
+
+func setDefaults(v *viper.Viper, flags *pflag.FlagSet) {
+	// set defaults:
+
+	// logger:
+	v.SetDefault(cfgLoggerLevel, "debug")
+	v.SetDefault(cfgLoggerDestination, "stdout")
+	v.SetDefault(cfgLoggerSamplingEnabled, false)
+	v.SetDefault(cfgLoggerSamplingThereafter, 100)
+	v.SetDefault(cfgLoggerSamplingInitial, 100)
+	v.SetDefault(cfgLoggerSamplingInterval, defaultLoggerSamplerInterval)
+
+	// pool:
+	v.SetDefault(cfgPoolErrorThreshold, defaultPoolErrorThreshold)
+
+	// frostfs:
+	v.SetDefault(cfgBufferMaxSizeForPut, defaultBufferMaxSizeForPut)
+
+	// web-server:
+	v.SetDefault(cfgWebReadBufferSize, 4096)
+	v.SetDefault(cfgWebWriteBufferSize, 4096)
+	v.SetDefault(cfgWebReadTimeout, time.Minute*10)
+	v.SetDefault(cfgWebWriteTimeout, time.Minute*5)
+	v.SetDefault(cfgWebStreamRequestBody, true)
+	v.SetDefault(cfgWebMaxRequestBodySize, fasthttp.DefaultMaxRequestBodySize)
+
+	v.SetDefault(cfgWorkerPoolSize, 1000)
+	// upload header
+	v.SetDefault(cfgUploaderHeaderEnableDefaultTimestamp, false)
+
+	// metrics
+	v.SetDefault(cfgPprofAddress, "localhost:8083")
+	v.SetDefault(cfgPrometheusAddress, "localhost:8084")
+
+	// resolve bucket
+	v.SetDefault(cfgResolveNamespaceHeader, defaultNamespaceHeader)
+	v.SetDefault(cfgResolveDefaultNamespaces, []string{"", "root"})
+
+	// multinet
+	v.SetDefault(cfgMultinetFallbackDelay, defaultMultinetFallbackDelay)
+
+	if resolveMethods, err := flags.GetStringSlice(cfgResolveOrder); err == nil {
+		v.SetDefault(cfgResolveOrder, resolveMethods)
+	}
+
+	if peers, err := flags.GetStringArray(cfgPeers); err == nil {
+		for i := range peers {
+			v.SetDefault(cfgPeers+"."+strconv.Itoa(i)+".address", peers[i])
 			v.SetDefault(cfgPeers+"."+strconv.Itoa(i)+".weight", 1)
 			v.SetDefault(cfgPeers+"."+strconv.Itoa(i)+".priority", 1)
 		}
 	}
+}
 
-	return v
+func bindFlags(v *viper.Viper, flags *pflag.FlagSet) error {
+	// Binding flags
+	if err := v.BindPFlag(cfgPprofEnabled, flags.Lookup(cmdPprof)); err != nil {
+		return err
+	}
+	if err := v.BindPFlag(cfgPrometheusEnabled, flags.Lookup(cmdMetrics)); err != nil {
+		return err
+	}
+
+	if err := v.BindPFlag(cfgWalletPath, flags.Lookup(cmdWallet)); err != nil {
+		return err
+	}
+
+	if err := v.BindPFlag(cfgWalletAddress, flags.Lookup(cmdAddress)); err != nil {
+		return err
+	}
+
+	if err := v.BindPFlags(flags); err != nil {
+		return err
+	}
+
+	if err := v.BindPFlag(cfgServer+".0.address", flags.Lookup(cmdListenAddress)); err != nil {
+		return err
+	}
+	if err := v.BindPFlag(cfgServer+".0."+cfgTLSKeyFile, flags.Lookup(cfgTLSKeyFile)); err != nil {
+		return err
+	}
+	if err := v.BindPFlag(cfgServer+".0."+cfgTLSCertFile, flags.Lookup(cfgTLSCertFile)); err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func readInConfig(v *viper.Viper) error {
@@ -426,112 +505,33 @@ func mergeConfig(v *viper.Viper, fileName string) error {
 	return v.MergeConfig(cfgFile)
 }
 
-type LoggerAppSettings interface {
-	DroppedLogsInc()
-}
+func fetchLogTagsConfig(v *viper.Viper, defaultLvl zapcore.Level) (map[string]zapcore.Level, error) {
+	res := make(map[string]zapcore.Level)
 
-func pickLogger(v *viper.Viper, settings LoggerAppSettings) *Logger {
-	lvl, err := getLogLevel(v)
-	if err != nil {
-		panic(err)
+	for i := 0; ; i++ {
+		name := v.GetString(fmt.Sprintf(cfgLoggerTagsNameTmpl, i))
+		if name == "" {
+			break
+		}
+
+		lvl := defaultLvl
+		level := v.GetString(fmt.Sprintf(cfgLoggerTagsLevelTmpl, i))
+		if level != "" {
+			if err := lvl.Set(level); err != nil {
+				return nil, fmt.Errorf("failed to parse log tags config, unknown level: '%s'", level)
+			}
+		}
+
+		res[name] = lvl
 	}
 
-	dest := v.GetString(cfgLoggerDestination)
-
-	switch dest {
-	case destinationStdout:
-		return newStdoutLogger(v, lvl, settings)
-	case destinationJournald:
-		return newJournaldLogger(v, lvl, settings)
-	default:
-		panic(fmt.Sprintf("wrong destination for logger: %s", dest))
-	}
-}
-
-// newStdoutLogger constructs a zap.Logger instance for current application.
-// Panics on failure.
-//
-// Logger is built from zap's production logging configuration with:
-//   - parameterized level (debug by default)
-//   - console encoding
-//   - ISO8601 time encoding
-//
-// Logger records a stack trace for all messages at or above fatal level.
-//
-// See also zapcore.Level, zap.NewProductionConfig, zap.AddStacktrace.
-func newStdoutLogger(v *viper.Viper, lvl zapcore.Level, settings LoggerAppSettings) *Logger {
-	stdout := zapcore.AddSync(os.Stderr)
-	level := zap.NewAtomicLevelAt(lvl)
-
-	consoleOutCore := zapcore.NewCore(newLogEncoder(), stdout, level)
-	consoleOutCore = applyZapCoreMiddlewares(consoleOutCore, v, settings)
-
-	return &Logger{
-		logger: zap.New(consoleOutCore, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel))),
-		lvl:    level,
-	}
-}
-
-func newJournaldLogger(v *viper.Viper, lvl zapcore.Level, settings LoggerAppSettings) *Logger {
-	level := zap.NewAtomicLevelAt(lvl)
-
-	encoder := zapjournald.NewPartialEncoder(newLogEncoder(), zapjournald.SyslogFields)
-
-	core := zapjournald.NewCore(level, encoder, &journald.Journal{}, zapjournald.SyslogFields)
-	coreWithContext := core.With([]zapcore.Field{
-		zapjournald.SyslogFacility(zapjournald.LogDaemon),
-		zapjournald.SyslogIdentifier(),
-		zapjournald.SyslogPid(),
-	})
-
-	coreWithContext = applyZapCoreMiddlewares(coreWithContext, v, settings)
-
-	return &Logger{
-		logger: zap.New(coreWithContext, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel))),
-		lvl:    level,
-	}
-}
-
-func newLogEncoder() zapcore.Encoder {
-	c := zap.NewProductionEncoderConfig()
-	c.EncodeTime = zapcore.ISO8601TimeEncoder
-
-	return zapcore.NewConsoleEncoder(c)
-}
-
-func applyZapCoreMiddlewares(core zapcore.Core, v *viper.Viper, settings LoggerAppSettings) zapcore.Core {
-	if v.GetBool(cfgLoggerSamplingEnabled) {
-		core = zapcore.NewSamplerWithOptions(core,
-			v.GetDuration(cfgLoggerSamplingInterval),
-			v.GetInt(cfgLoggerSamplingInitial),
-			v.GetInt(cfgLoggerSamplingThereafter),
-			zapcore.SamplerHook(func(_ zapcore.Entry, dec zapcore.SamplingDecision) {
-				if dec&zapcore.LogDropped > 0 {
-					settings.DroppedLogsInc()
-				}
-			}))
+	if len(res) == 0 && !v.IsSet(cfgLoggerTags) {
+		for _, tag := range defaultTags {
+			res[tag] = defaultLvl
+		}
 	}
 
-	return core
-}
-
-func getLogLevel(v *viper.Viper) (zapcore.Level, error) {
-	var lvl zapcore.Level
-	lvlStr := v.GetString(cfgLoggerLevel)
-	err := lvl.UnmarshalText([]byte(lvlStr))
-	if err != nil {
-		return lvl, fmt.Errorf("incorrect logger level configuration %s (%v), "+
-			"value should be one of %v", lvlStr, err, [...]zapcore.Level{
-			zapcore.DebugLevel,
-			zapcore.InfoLevel,
-			zapcore.WarnLevel,
-			zapcore.ErrorLevel,
-			zapcore.DPanicLevel,
-			zapcore.PanicLevel,
-			zapcore.FatalLevel,
-		})
-	}
-	return lvl, nil
+	return res, nil
 }
 
 func fetchReconnectInterval(cfg *viper.Viper) time.Duration {
@@ -547,20 +547,19 @@ func fetchIndexPageTemplate(v *viper.Viper, l *zap.Logger) (string, bool) {
 	if !v.GetBool(cfgIndexPageEnabled) {
 		return "", false
 	}
-
 	reader, err := os.Open(v.GetString(cfgIndexPageTemplatePath))
 	if err != nil {
-		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
+		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err), logs.TagField(logs.TagApp))
 		return "", true
 	}
 
 	tmpl, err := io.ReadAll(reader)
 	if err != nil {
-		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err))
+		l.Warn(logs.FailedToReadIndexPageTemplate, zap.Error(err), logs.TagField(logs.TagApp))
 		return "", true
 	}
 
-	l.Info(logs.SetCustomIndexPageTemplate)
+	l.Info(logs.SetCustomIndexPageTemplate, logs.TagField(logs.TagApp))
 	return string(tmpl), true
 }
 
@@ -601,7 +600,7 @@ func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 		}
 
 		if _, ok := seen[serverInfo.Address]; ok {
-			log.Warn(logs.WarnDuplicateAddress, zap.String("address", serverInfo.Address))
+			log.Warn(logs.WarnDuplicateAddress, zap.String("address", serverInfo.Address), logs.TagField(logs.TagApp))
 			continue
 		}
 		seen[serverInfo.Address] = struct{}{}
@@ -611,10 +610,10 @@ func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 	return servers
 }
 
-func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper, dialSource *internalnet.DialerSource) (*pool.Pool, *treepool.Pool, *keys.PrivateKey) {
-	key, err := getFrostFSKey(cfg, logger)
+func (a *app) initPools(ctx context.Context) {
+	key, err := getFrostFSKey(a.config(), a.log)
 	if err != nil {
-		logger.Fatal(logs.CouldNotLoadFrostFSPrivateKey, zap.Error(err))
+		a.log.Fatal(logs.CouldNotLoadFrostFSPrivateKey, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 
 	var prm pool.InitParameters
@@ -622,77 +621,86 @@ func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper, dialSou
 
 	prm.SetKey(&key.PrivateKey)
 	prmTree.SetKey(key)
-	logger.Info(logs.UsingCredentials, zap.String("FrostFS", hex.EncodeToString(key.PublicKey().Bytes())))
+	a.log.Info(logs.UsingCredentials, zap.String("FrostFS", hex.EncodeToString(key.PublicKey().Bytes())),
+		logs.TagField(logs.TagApp))
 
-	for _, peer := range fetchPeers(logger, cfg) {
+	for _, peer := range fetchPeers(a.log, a.config()) {
 		prm.AddNode(peer)
 		prmTree.AddNode(peer)
 	}
 
-	connTimeout := cfg.GetDuration(cfgConTimeout)
+	connTimeout := a.config().GetDuration(cfgConTimeout)
 	if connTimeout <= 0 {
 		connTimeout = defaultConnectTimeout
 	}
 	prm.SetNodeDialTimeout(connTimeout)
 	prmTree.SetNodeDialTimeout(connTimeout)
 
-	streamTimeout := cfg.GetDuration(cfgStreamTimeout)
+	streamTimeout := a.config().GetDuration(cfgStreamTimeout)
 	if streamTimeout <= 0 {
 		streamTimeout = defaultStreamTimeout
 	}
 	prm.SetNodeStreamTimeout(streamTimeout)
 	prmTree.SetNodeStreamTimeout(streamTimeout)
 
-	healthCheckTimeout := cfg.GetDuration(cfgReqTimeout)
+	healthCheckTimeout := a.config().GetDuration(cfgReqTimeout)
 	if healthCheckTimeout <= 0 {
 		healthCheckTimeout = defaultRequestTimeout
 	}
 	prm.SetHealthcheckTimeout(healthCheckTimeout)
 	prmTree.SetHealthcheckTimeout(healthCheckTimeout)
 
-	rebalanceInterval := cfg.GetDuration(cfgRebalance)
+	rebalanceInterval := a.config().GetDuration(cfgRebalance)
 	if rebalanceInterval <= 0 {
 		rebalanceInterval = defaultRebalanceTimer
 	}
 	prm.SetClientRebalanceInterval(rebalanceInterval)
 	prmTree.SetClientRebalanceInterval(rebalanceInterval)
 
-	errorThreshold := cfg.GetUint32(cfgPoolErrorThreshold)
+	errorThreshold := a.config().GetUint32(cfgPoolErrorThreshold)
 	if errorThreshold <= 0 {
 		errorThreshold = defaultPoolErrorThreshold
 	}
 	prm.SetErrorThreshold(errorThreshold)
-	prm.SetLogger(logger)
-	prmTree.SetLogger(logger)
+	prm.SetLogger(a.log.With(logs.TagField(logs.TagDatapath)))
+	prmTree.SetLogger(a.log.With(logs.TagField(logs.TagDatapath)))
 
-	prmTree.SetMaxRequestAttempts(cfg.GetInt(cfgTreePoolMaxAttempts))
+	prmTree.SetMaxRequestAttempts(a.config().GetInt(cfgTreePoolMaxAttempts))
 
 	interceptors := []grpc.DialOption{
 		grpc.WithUnaryInterceptor(grpctracing.NewUnaryClientInteceptor()),
 		grpc.WithStreamInterceptor(grpctracing.NewStreamClientInterceptor()),
-		grpc.WithContextDialer(dialSource.GrpcContextDialer()),
+		grpc.WithContextDialer(a.settings.dialerSource.GrpcContextDialer()),
+		grpc.WithChainUnaryInterceptor(qostagging.NewUnaryClientInteceptor()),
+		grpc.WithChainStreamInterceptor(qostagging.NewStreamClientInterceptor()),
 	}
 	prm.SetGRPCDialOptions(interceptors...)
 	prmTree.SetGRPCDialOptions(interceptors...)
 
 	p, err := pool.NewPool(prm)
 	if err != nil {
-		logger.Fatal(logs.FailedToCreateConnectionPool, zap.Error(err))
+		a.log.Fatal(logs.FailedToCreateConnectionPool, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 
 	if err = p.Dial(ctx); err != nil {
-		logger.Fatal(logs.FailedToDialConnectionPool, zap.Error(err))
+		a.log.Fatal(logs.FailedToDialConnectionPool, zap.Error(err), logs.TagField(logs.TagApp))
+	}
+
+	if a.config().GetBool(cfgFeaturesTreePoolNetmapSupport) {
+		prmTree.SetNetMapInfoSource(frostfs.NewSource(frostfs.NewFrostFS(p), cache.NewNetmapCache(getNetmapCacheOptions(a.config(), a.log)), a.bucketCache, a.log))
 	}
 
 	treePool, err := treepool.NewPool(prmTree)
 	if err != nil {
-		logger.Fatal(logs.FailedToCreateTreePool, zap.Error(err))
+		a.log.Fatal(logs.FailedToCreateTreePool, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 	if err = treePool.Dial(ctx); err != nil {
-		logger.Fatal(logs.FailedToDialTreePool, zap.Error(err))
+		a.log.Fatal(logs.FailedToDialTreePool, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 
-	return p, treePool, key
+	a.pool = p
+	a.treePool = treePool
+	a.key = key
 }
 
 func fetchPeers(l *zap.Logger, v *viper.Viper) []pool.NodeParam {
@@ -718,7 +726,8 @@ func fetchPeers(l *zap.Logger, v *viper.Viper) []pool.NodeParam {
 		l.Info(logs.AddedStoragePeer,
 			zap.Int("priority", priority),
 			zap.String("address", address),
-			zap.Float64("weight", weight))
+			zap.Float64("weight", weight),
+			logs.TagField(logs.TagApp))
 	}
 
 	return nodes
@@ -733,7 +742,7 @@ func fetchSoftMemoryLimit(cfg *viper.Viper) int64 {
 	return int64(softMemoryLimit)
 }
 
-func getCacheOptions(v *viper.Viper, l *zap.Logger) *cache.Config {
+func getBucketCacheOptions(v *viper.Viper, l *zap.Logger) *cache.Config {
 	cacheCfg := cache.DefaultBucketConfig(l)
 
 	cacheCfg.Lifetime = fetchCacheLifetime(v, l, cfgBucketsCacheLifetime, cacheCfg.Lifetime)
@@ -742,6 +751,14 @@ func getCacheOptions(v *viper.Viper, l *zap.Logger) *cache.Config {
 	return cacheCfg
 }
 
+func getNetmapCacheOptions(v *viper.Viper, l *zap.Logger) *cache.NetmapCacheConfig {
+	cacheCfg := cache.DefaultNetmapConfig(l)
+
+	cacheCfg.Lifetime = fetchCacheLifetime(v, l, cfgNetmapCacheLifetime, cacheCfg.Lifetime)
+
+	return cacheCfg
+}
+
 func fetchCacheLifetime(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue time.Duration) time.Duration {
 	if v.IsSet(cfgEntry) {
 		lifetime := v.GetDuration(cfgEntry)
@@ -749,7 +766,8 @@ func fetchCacheLifetime(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultV
 			l.Error(logs.InvalidLifetimeUsingDefaultValue,
 				zap.String("parameter", cfgEntry),
 				zap.Duration("value in config", lifetime),
-				zap.Duration("default", defaultValue))
+				zap.Duration("default", defaultValue),
+				logs.TagField(logs.TagApp))
 		} else {
 			return lifetime
 		}
@@ -765,7 +783,8 @@ func fetchCacheSize(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue
 			l.Error(logs.InvalidCacheSizeUsingDefaultValue,
 				zap.String("parameter", cfgEntry),
 				zap.Int("value in config", size),
-				zap.Int("default", defaultValue))
+				zap.Int("default", defaultValue),
+				logs.TagField(logs.TagApp))
 		} else {
 			return size
 		}
@@ -777,7 +796,7 @@ func fetchCacheSize(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue
 func getDialerSource(logger *zap.Logger, cfg *viper.Viper) *internalnet.DialerSource {
 	source, err := internalnet.NewDialerSource(fetchMultinetConfig(cfg, logger))
 	if err != nil {
-		logger.Fatal(logs.FailedToLoadMultinetConfig, zap.Error(err))
+		logger.Fatal(logs.FailedToLoadMultinetConfig, zap.Error(err), logs.TagField(logs.TagApp))
 	}
 	return source
 }
@@ -828,3 +847,10 @@ func fetchTracingAttributes(v *viper.Viper) (map[string]string, error) {
 
 	return attributes, nil
 }
+
+func fetchArchiveCompression(v *viper.Viper) bool {
+	if v.IsSet(cfgZipCompression) {
+		return v.GetBool(cfgZipCompression)
+	}
+	return v.GetBool(cfgArchiveCompression)
+}

cmd/http-gw/settings_test.go

@@ -0,0 +1,60 @@
+package main
+
+import (
+	"os"
+	"testing"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
+	"github.com/stretchr/testify/require"
+)
+
+func TestConfigReload(t *testing.T) {
+	f, err := os.CreateTemp("", "conf")
+	require.NoError(t, err)
+	defer func() {
+		require.NoError(t, os.Remove(f.Name()))
+	}()
+
+	confData := `
+pprof:
+  enabled: true
+
+resolve_bucket:
+  default_namespaces: [""]
+
+resolve_order:
+  - nns
+`
+
+	_, err = f.WriteString(confData)
+	require.NoError(t, err)
+	require.NoError(t, f.Close())
+
+	cfg := settings()
+
+	require.NoError(t, cfg.flags.Parse([]string{"--config", f.Name(), "--connect_timeout", "15s"}))
+	require.NoError(t, cfg.reload())
+
+	require.True(t, cfg.config().GetBool(cfgPprofEnabled))
+	require.Equal(t, []string{""}, cfg.config().GetStringSlice(cfgResolveDefaultNamespaces))
+	require.Equal(t, []string{resolver.NNSResolver}, cfg.config().GetStringSlice(cfgResolveOrder))
+	require.Equal(t, 15*time.Second, cfg.config().GetDuration(cfgConTimeout))
+
+	require.NoError(t, os.Truncate(f.Name(), 0))
+	require.NoError(t, cfg.reload())
+
+	require.False(t, cfg.config().GetBool(cfgPprofEnabled))
+	require.Equal(t, []string{"", "root"}, cfg.config().GetStringSlice(cfgResolveDefaultNamespaces))
+	require.Equal(t, []string{resolver.NNSResolver, resolver.DNSResolver}, cfg.config().GetStringSlice(cfgResolveOrder))
+	require.Equal(t, 15*time.Second, cfg.config().GetDuration(cfgConTimeout))
+}
+
+func TestSetTLSEnabled(t *testing.T) {
+	cfg := settings()
+
+	require.NoError(t, cfg.flags.Parse([]string{"--" + cfgTLSCertFile, "tls.crt", "--" + cfgTLSKeyFile, "tls.key"}))
+	require.NoError(t, cfg.reload())
+
+	require.True(t, cfg.config().GetBool(cfgServer+".0."+cfgTLSEnabled))
+}

config/config.env

@@ -20,6 +20,8 @@ HTTP_GW_LOGGER_SAMPLING_ENABLED=false
 HTTP_GW_LOGGER_SAMPLING_INITIAL=100
 HTTP_GW_LOGGER_SAMPLING_THEREAFTER=100
 HTTP_GW_LOGGER_SAMPLING_INTERVAL=1s
+HTTP_GW_LOGGER_TAGS_0_NAME=app
+HTTP_GW_LOGGER_TAGS_1_NAME=datapath
 
 HTTP_GW_SERVER_0_ADDRESS=0.0.0.0:443
 HTTP_GW_SERVER_0_TLS_ENABLED=false
@@ -97,9 +99,13 @@ HTTP_GW_REBALANCE_TIMER=30s
 # The number of errors on connection after which node is considered as unhealthy
 HTTP_GW_POOL_ERROR_THRESHOLD=100
 
-# Enable zip compression to download files by common prefix.
+# Enable archive compression to download files by common prefix.
+# DEPRECATED: Use HTTP_GW_ARCHIVE_COMPRESSION instead.
 HTTP_GW_ZIP_COMPRESSION=false
 
+# Enable archive compression to download files by common prefix.
+HTTP_GW_ARCHIVE_COMPRESSION=false
+
 HTTP_GW_TRACING_ENABLED=true
 HTTP_GW_TRACING_ENDPOINT="localhost:4317"
 HTTP_GW_TRACING_EXPORTER="otlp_grpc"
@@ -121,6 +127,8 @@ HTTP_GW_FROSTFS_BUFFER_MAX_SIZE_FOR_PUT=1048576
 # Cache which contains mapping of bucket name to bucket info
 HTTP_GW_CACHE_BUCKETS_LIFETIME=1m
 HTTP_GW_CACHE_BUCKETS_SIZE=1000
+# Cache which stores netmap
+HTTP_GW_CACHE_NETMAP_LIFETIME=1m
 
 # Header to determine zone to resolve bucket name
 HTTP_GW_RESOLVE_BUCKET_NAMESPACE_HEADER=X-Frostfs-Namespace
@@ -162,3 +170,5 @@ HTTP_GW_INDEX_PAGE_TEMPLATE_PATH=internal/handler/templates/index.gotmpl
 
 # Enable using fallback path to search for a object by attribute
 HTTP_GW_FEATURES_ENABLE_FILEPATH_FALLBACK=false
+# Enable using new version of tree pool, which uses netmap to select nodes, for requests to tree service
+HTTP_GW_FEATURES_TREE_POOL_NETMAP_SUPPORT=true

config/config.yaml

@@ -29,6 +29,10 @@ logger:
     initial: 100
     thereafter: 100
     interval: 1s
+  tags:
+    - name: app
+    - name: datapath
+      level: debug
 
 server:
   - address: 0.0.0.0:8080
@@ -116,13 +120,19 @@ pool_error_threshold: 100 # The number of errors on connection after which node
 # Number of workers in handler's worker pool
 worker_pool_size: 1000
 
-# Enable index page to see objects list for specified container and prefix
+# Enables index page to see objects list for specified container and prefix
 index_page:
   enabled: false
   template_path: internal/handler/templates/index.gotmpl
 
+# Deprecated: Use archive.compression instead
 zip:
-  compression: false # Enable zip compression to download files by common prefix.
+  # Enables zip compression to download files by common prefix.
+  compression: false
+
+archive:
+  # Enables archive compression to download files by common prefix.
+  compression: false
 
 runtime:
   soft_memory_limit: 1gb
@@ -143,6 +153,9 @@ cache:
   buckets:
     lifetime: 1m
     size: 1000
+  # Cache which stores netmap
+  netmap:
+    lifetime: 1m
 
 resolve_bucket:
   namespace_header: X-Frostfs-Namespace
@@ -176,3 +189,5 @@ multinet:
 features:
   # Enable using fallback path to search for a object by attribute
   enable_filepath_fallback: false
+  # Enable using new version of tree pool, which uses netmap to select nodes, for requests to tree service
+  tree_pool_netmap_support: true

docs/api.md

@@ -1,11 +1,11 @@
 # HTTP Gateway Specification
 
-| Route                                           | Description                                  |
-|-------------------------------------------------|----------------------------------------------|
-| `/upload/{cid}`                                 | [Put object](#put-object)                    |
-| `/get/{cid}/{oid}`                              | [Get object](#get-object)                    |
-| `/get_by_attribute/{cid}/{attr_key}/{attr_val}` | [Search object](#search-object)              |
-| `/zip/{cid}/{prefix}`                           | [Download objects in archive](#download-zip) |
+| Route                                           | Description                                      |
+|-------------------------------------------------|--------------------------------------------------|
+| `/upload/{cid}`                                 | [Put object](#put-object)                        |
+| `/get/{cid}/{oid}`                              | [Get object](#get-object)                        |
+| `/get_by_attribute/{cid}/{attr_key}/{attr_val}` | [Search object](#search-object)                  |
+| `/zip/{cid}/{prefix}`, `/tar/{cid}/{prefix}`    | [Download objects in archive](#download-archive) |
 
 **Note:** `cid` parameter can be base58 encoded container ID or container name
 (the name must be registered in NNS, see appropriate section in [nns.md](./nns.md)).
@@ -56,12 +56,14 @@ Upload file as object with attributes to FrostFS.
 
 ###### Headers
 
-| Header                 | Description                                                                                                                                        |
-|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|
-| Common headers         | See [bearer token](#bearer-token).                                                                                                                 |
-| `X-Attribute-System-*` | Used to set system FrostFS object attributes <br/> (e.g. use "X-Attribute-System-Expiration-Epoch" to set `__SYSTEM__EXPIRATION_EPOCH` attribute). |
-| `X-Attribute-*`        | Used to set regular object attributes <br/> (e.g. use "X-Attribute-My-Tag" to set `My-Tag` attribute).                                             |
-| `Date`                 | This header is used to calculate the right `__SYSTEM__EXPIRATION` attribute for object. If the header is missing, the current server time is used. |
+| Header                 | Description                                                                                                                                                                                                                                                                                                                 |
+|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Common headers         | See [bearer token](#bearer-token).                                                                                                                                                                                                                                                                                          |
+| `X-Attribute-System-*` | Used to set system FrostFS object attributes <br/> (e.g. use "X-Attribute-System-Expiration-Epoch" to set `__SYSTEM__EXPIRATION_EPOCH` attribute).                                                                                                                                                                          |
+| `X-Attribute-*`        | Used to set regular object attributes <br/> (e.g. use "X-Attribute-My-Tag" to set `My-Tag` attribute).                                                                                                                                                                                                                      |
+| `X-Explode-Archive`    | If set, gate tries to read files from uploading `tar` archive and creates an object for each file in it. Uploading `tar` could be compressed via Gzip by setting a `Content-Encoding` header. Sets a `FilePath` attribute as a relative path from archive root and a `FileName` as the last path element of the `FilePath`. |
+| `Content-Encoding`     | If set and value is `gzip`, gate will handle uploading file as a `Gzip` compressed `tar` file.                                                                                                                                                                                                                              |
+| `Date`                 | This header is used to calculate the right `__SYSTEM__EXPIRATION` attribute for object. If the header is missing, the current server time is used.                                                                                                                                                                          |
 
 There are some reserved headers type of `X-Attribute-FROSTFS-*` (headers are arranged in descending order of priority):
 
@@ -269,9 +271,9 @@ If more than one object is found, an arbitrary one will be used to get attribute
 | 400    | Some error occurred during operation. |
 | 404    | Container or object not found.        |
 
-## Download zip
+## Download archive
 
-Route: `/zip/{cid}/{prefix}`
+Route: `/zip/{cid}/{prefix}`, `/tar/{cid}/{prefix}`
 
 | Route parameter | Type      | Description                                             |
 |-----------------|-----------|---------------------------------------------------------|
@@ -282,12 +284,13 @@ Route: `/zip/{cid}/{prefix}`
 
 #### GET
 
-Find objects by prefix for `FilePath` attributes. Return found objects in zip archive.
+Find objects by prefix for `FilePath` attributes. Return found objects in zip or tar archive.
 Name of files in archive sets to `FilePath` attribute of objects.
 Time of files sets to time when object has started downloading.
-You can download all files in container that have `FilePath` attribute by `/zip/{cid}/` route.
+You can download all files in container that have `FilePath` attribute by `/zip/{cid}/` or
+`/tar/{cid}/` route.
 
-Archive can be compressed (see http-gw [configuration](gate-configuration.md#zip-section)).
+Archive can be compressed (see http-gw [configuration](gate-configuration.md#archive-section)).
 
 ##### Request
 

docs/gate-configuration.md

@@ -174,6 +174,11 @@ logger:
     initial: 100
     thereafter: 100
     interval: 1s
+  tags:
+    - name: "app"
+      level: info        
+    - name: "datapath"
+    - name: "external_storage_tree"
 ```
 
 | Parameter             | Type       | SIGHUP reload | Default value | Description                                                                                        |
@@ -184,6 +189,30 @@ logger:
 | `sampling.initial`    | `int`      | no            | '100'         | Sampling count of first log entries.                                                               |
 | `sampling.thereafter` | `int`      | no            | '100'         | Sampling count of entries after an `interval`.                                                     |
 | `sampling.interval`   | `duration` | no            | '1s'          | Sampling interval of messaging similar entries.                                                    |
+| `sampling.tags`       | `[]Tag`    | yes           |               | Tagged log entries that should be additionally logged (available tags see in the next section).    |
+
+## Tags
+
+There are additional log entries that can hurt performance and can be additionally logged by using `logger.tags`
+parameter. Available tags:
+
+```yaml
+tags:
+  - name: "app"
+    level: info
+```
+
+| Parameter             | Type       | SIGHUP reload | Default value             | Description                                                                                           |
+|-----------------------|------------|---------------|---------------------------|-------------------------------------------------------------------------------------------------------|
+| `name`                | `string`   | yes           |                           | Tag name. Possible values see below in `Tag values` section.                                          |
+| `level`               | `string`   | yes           | Value from `logger.level` | Logging level for specific tag. Possible values: `debug`, `info`, `warn`, `dpanic`, `panic`, `fatal`. |
+
+### Tag values
+
+* `app` - common application logs (enabled by default).
+* `datapath` - main logic of application (enabled by default).
+* `external_storage` - external interaction with storage node (enabled by default).
+* `external_storage_tree` - external interaction with tree service in storage node (enabled by default).
 
 # `web` section
 
@@ -218,9 +247,10 @@ upload_header:
 |-------------------------|--------|---------------|---------------|-------------------------------------------------------------|
 | `use_default_timestamp` | `bool` | yes           | `false`       | Create timestamp for object if it isn't provided by header. |
 
-
 # `zip` section
 
+> **_DEPRECATED:_**  Use archive section instead
+
 ```yaml
 zip:
   compression: false
@@ -230,6 +260,17 @@ zip:
 |---------------|--------|---------------|---------------|--------------------------------------------------------------|
 | `compression` | `bool` | yes           | `false`       | Enable zip compression when download files by common prefix. |
 
+# `archive` section
+
+```yaml
+archive:
+  compression: false
+```
+
+| Parameter     | Type   | SIGHUP reload | Default value | Description                                                      |
+|---------------|--------|---------------|---------------|------------------------------------------------------------------|
+| `compression` | `bool` | yes           | `false`       | Enable archive compression when download files by common prefix. |
+
 
 # `pprof` section
 
@@ -339,12 +380,14 @@ cache:
   buckets:
     lifetime: 1m
     size: 1000
-
+  netmap:
+    lifetime: 1m
 ```
 
-| Parameter       | Type                              | Default value                     | Description                                                                            |
-|-----------------|-----------------------------------|-----------------------------------|----------------------------------------------------------------------------------------|
-| `buckets`       | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 1000`   | Cache which contains mapping of bucket name to bucket info.                            |
+| Parameter | Type                              | Default value                   | Description                                                               |
+|-----------|-----------------------------------|---------------------------------|---------------------------------------------------------------------------|
+| `buckets` | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 1000` | Cache which contains mapping of bucket name to bucket info.               |
+| `netmap`  | [Cache config](#cache-subsection) | `lifetime: 1m`                  | Cache which stores netmap. `netmap.size` isn't applicable for this cache. |
 
 
 #### `cache` subsection
@@ -465,8 +508,10 @@ Contains parameters for enabling features.
 ```yaml
 features:
   enable_filepath_fallback: true
+  tree_pool_netmap_support: true
 ```
 
 | Parameter                           | Type   | SIGHUP reload | Default value | Description                                                                                                                                                                                                                                                                              |
-| ----------------------------------- | ------ | ------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|-------------------------------------|--------|---------------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `features.enable_filepath_fallback` | `bool` | yes           | `false`       | Enable using fallback path to search for a object by attribute. If the value of the `FilePath` attribute in the request contains no `/` symbols or single leading `/` symbol and the object was not found, then an attempt is made to search for the object by the attribute `FileName`. |
+| `features.tree_pool_netmap_support` | `bool` | no            | `false`       | Enable using new version of tree pool, which uses netmap to select nodes, for requests to tree service.                                                                                                                                                                                  |

go.mod

@@ -3,12 +3,14 @@ module git.frostfs.info/TrueCloudLab/frostfs-http-gw
 go 1.22
 
 require (
-	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20241112082307-f17779933e88
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241206094944-81c423e7094d
+	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20241125133852-37bd75821121
+	git.frostfs.info/TrueCloudLab/frostfs-qos v0.0.0-20250128150313-cfbca7fa1dfe
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20250130095343-593dd77d841a
 	git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972
 	git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02
 	github.com/bluele/gcache v0.0.2
-	github.com/docker/go-units v0.4.0
+	github.com/docker/docker v27.1.1+incompatible
+	github.com/docker/go-units v0.5.0
 	github.com/fasthttp/router v1.4.1
 	github.com/nspcc-dev/neo-go v0.106.2
 	github.com/panjf2000/ants/v2 v2.5.0
@@ -18,102 +20,120 @@ require (
 	github.com/spf13/viper v1.15.0
 	github.com/ssgreg/journald v1.0.0
 	github.com/stretchr/testify v1.9.0
-	github.com/testcontainers/testcontainers-go v0.13.0
+	github.com/testcontainers/testcontainers-go v0.35.0
 	github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4
 	github.com/valyala/fasthttp v1.34.0
-	go.opentelemetry.io/otel v1.28.0
-	go.opentelemetry.io/otel/trace v1.28.0
+	go.opentelemetry.io/otel v1.31.0
+	go.opentelemetry.io/otel/trace v1.31.0
 	go.uber.org/zap v1.27.0
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
-	golang.org/x/net v0.26.0
-	golang.org/x/sys v0.22.0
-	google.golang.org/grpc v1.66.2
+	golang.org/x/sys v0.28.0
+	google.golang.org/grpc v1.69.2
 )
 
 require (
+	dario.cat/mergo v1.0.0 // indirect
 	git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e // indirect
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 // indirect
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1 // indirect
 	git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/Microsoft/hcsshim v0.9.2 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/VictoriaMetrics/easyproto v0.1.4 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/containerd/cgroups v1.0.3 // indirect
-	github.com/containerd/containerd v1.6.2 // indirect
+	github.com/containerd/containerd v1.7.18 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
+	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.14+incompatible // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/klauspost/compress v1.16.4 // indirect
+	github.com/ipfs/go-cid v0.0.7 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/moby/sys/mount v0.3.2 // indirect
-	github.com/moby/sys/mountinfo v0.6.1 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/user v0.1.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
+	github.com/multiformats/go-base32 v0.1.0 // indirect
+	github.com/multiformats/go-base36 v0.2.0 // indirect
+	github.com/multiformats/go-multiaddr v0.14.0 // indirect
+	github.com/multiformats/go-multibase v0.2.0 // indirect
+	github.com/multiformats/go-multihash v0.2.3 // indirect
+	github.com/multiformats/go-varint v0.0.7 // indirect
 	github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 // indirect
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d // indirect
 	github.com/nspcc-dev/rfc6979 v0.2.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.2 // indirect
-	github.com/opencontainers/runc v1.1.1 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873 // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/shirou/gopsutil/v3 v3.23.12 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/twmb/murmur3 v1.1.8 // indirect
-	github.com/urfave/cli v1.22.5 // indirect
+	github.com/urfave/cli v1.22.12 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	go.etcd.io/bbolt v1.3.9 // indirect
-	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.28.0 // indirect
-	go.opentelemetry.io/otel/metric v1.28.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
+	go.opentelemetry.io/otel/metric v1.31.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.31.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/protobuf v1.36.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	lukechampine.com/blake3 v1.2.1 // indirect
 )

internal/cache/buckets.go

@@ -6,14 +6,16 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/bluele/gcache"
 	"go.uber.org/zap"
 )
 
 // BucketCache contains cache with objects and the lifetime of cache entries.
 type BucketCache struct {
-	cache  gcache.Cache
-	logger *zap.Logger
+	cache    gcache.Cache
+	cidCache gcache.Cache
+	logger   *zap.Logger
 }
 
 // Config stores expiration params for cache.
@@ -40,14 +42,45 @@ func DefaultBucketConfig(logger *zap.Logger) *Config {
 }
 
 // NewBucketCache creates an object of BucketCache.
-func NewBucketCache(config *Config) *BucketCache {
-	gc := gcache.New(config.Size).LRU().Expiration(config.Lifetime).Build()
-	return &BucketCache{cache: gc, logger: config.Logger}
+func NewBucketCache(config *Config, cidCache bool) *BucketCache {
+	cache := &BucketCache{
+		cache:  gcache.New(config.Size).LRU().Expiration(config.Lifetime).Build(),
+		logger: config.Logger,
+	}
+
+	if cidCache {
+		cache.cidCache = gcache.New(config.Size).LRU().Expiration(config.Lifetime).Build()
+	}
+	return cache
 }
 
 // Get returns a cached object.
 func (o *BucketCache) Get(ns, bktName string) *data.BucketInfo {
-	entry, err := o.cache.Get(formKey(ns, bktName))
+	return o.get(formKey(ns, bktName))
+}
+
+func (o *BucketCache) GetByCID(cnrID cid.ID) *data.BucketInfo {
+	if o.cidCache == nil {
+		return nil
+	}
+
+	entry, err := o.cidCache.Get(cnrID)
+	if err != nil {
+		return nil
+	}
+
+	key, ok := entry.(string)
+	if !ok {
+		o.logger.Warn(logs.InvalidCacheEntryType, zap.String("actual", fmt.Sprintf("%T", entry)),
+			zap.String("expected", fmt.Sprintf("%T", key)), logs.TagField(logs.TagDatapath))
+		return nil
+	}
+
+	return o.get(key)
+}
+
+func (o *BucketCache) get(key string) *data.BucketInfo {
+	entry, err := o.cache.Get(key)
 	if err != nil {
 		return nil
 	}
@@ -55,7 +88,7 @@ func (o *BucketCache) Get(ns, bktName string) *data.BucketInfo {
 	result, ok := entry.(*data.BucketInfo)
 	if !ok {
 		o.logger.Warn(logs.InvalidCacheEntryType, zap.String("actual", fmt.Sprintf("%T", entry)),
-			zap.String("expected", fmt.Sprintf("%T", result)))
+			zap.String("expected", fmt.Sprintf("%T", result)), logs.TagField(logs.TagDatapath))
 		return nil
 	}
 
@@ -64,6 +97,12 @@ func (o *BucketCache) Get(ns, bktName string) *data.BucketInfo {
 
 // Put puts an object to cache.
 func (o *BucketCache) Put(bkt *data.BucketInfo) error {
+	if o.cidCache != nil {
+		if err := o.cidCache.Set(bkt.CID, formKey(bkt.Zone, bkt.Name)); err != nil {
+			return err
+		}
+	}
+
 	return o.cache.Set(formKey(bkt.Zone, bkt.Name), bkt)
 }
 

internal/cache/netmap.go

@@ -0,0 +1,65 @@
+package cache
+
+import (
+	"fmt"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"github.com/bluele/gcache"
+	"go.uber.org/zap"
+)
+
+type (
+	// NetmapCache provides cache for netmap.
+	NetmapCache struct {
+		cache  gcache.Cache
+		logger *zap.Logger
+	}
+
+	// NetmapCacheConfig stores expiration params for cache.
+	NetmapCacheConfig struct {
+		Lifetime time.Duration
+		Logger   *zap.Logger
+	}
+)
+
+const (
+	DefaultNetmapCacheLifetime = time.Minute
+	netmapCacheSize            = 1
+	netmapKey                  = "netmap"
+)
+
+// DefaultNetmapConfig returns new default cache expiration values.
+func DefaultNetmapConfig(logger *zap.Logger) *NetmapCacheConfig {
+	return &NetmapCacheConfig{
+		Lifetime: DefaultNetmapCacheLifetime,
+		Logger:   logger,
+	}
+}
+
+// NewNetmapCache creates an object of NetmapCache.
+func NewNetmapCache(config *NetmapCacheConfig) *NetmapCache {
+	gc := gcache.New(netmapCacheSize).LRU().Expiration(config.Lifetime).Build()
+	return &NetmapCache{cache: gc, logger: config.Logger}
+}
+
+func (c *NetmapCache) Get() *netmap.NetMap {
+	entry, err := c.cache.Get(netmapKey)
+	if err != nil {
+		return nil
+	}
+
+	result, ok := entry.(netmap.NetMap)
+	if !ok {
+		c.logger.Warn(logs.InvalidCacheEntryType, zap.String("actual", fmt.Sprintf("%T", entry)),
+			zap.String("expected", fmt.Sprintf("%T", result)), logs.TagField(logs.TagDatapath))
+		return nil
+	}
+
+	return &result
+}
+
+func (c *NetmapCache) Put(nm netmap.NetMap) error {
+	return c.cache.Set(netmapKey, nm)
+}

internal/data/info.go

@@ -2,6 +2,7 @@ package data
 
 import (
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 )
 
 type BucketInfo struct {
@@ -9,4 +10,5 @@ type BucketInfo struct {
 	Zone                    string // container zone from system attribute
 	CID                     cid.ID
 	HomomorphicHashDisabled bool
+	PlacementPolicy         netmap.PlacementPolicy
 }

internal/handler/browse.go

@@ -230,7 +230,7 @@ func (h *Handler) getDirObjectsNative(ctx context.Context, bucketInfo *data.Buck
 	}
 	for objExt := range resp {
 		if objExt.Error != nil {
-			log.Error(logs.FailedToHeadObject, zap.Error(objExt.Error))
+			log.Error(logs.FailedToHeadObject, zap.Error(objExt.Error), logs.TagField(logs.TagExternalStorage))
 			result.hasErrors = true
 			continue
 		}
@@ -273,7 +273,7 @@ func (h *Handler) headDirObjects(ctx context.Context, cnrID cid.ID, objectIDs Re
 			})
 			if err != nil {
 				wg.Done()
-				log.Warn(logs.FailedToSumbitTaskToPool, zap.Error(err))
+				log.Warn(logs.FailedToSumbitTaskToPool, zap.Error(err), logs.TagField(logs.TagDatapath))
 			}
 			select {
 			case <-ctx.Done():
@@ -283,7 +283,7 @@ func (h *Handler) headDirObjects(ctx context.Context, cnrID cid.ID, objectIDs Re
 			}
 		})
 		if err != nil {
-			log.Error(logs.FailedToIterateOverResponse, zap.Error(err))
+			log.Error(logs.FailedToIterateOverResponse, zap.Error(err), logs.TagField(logs.TagDatapath))
 		}
 		wg.Wait()
 	}()

internal/handler/download.go

@@ -1,21 +1,22 @@
 package handler
 
 import (
+	"archive/tar"
 	"archive/zip"
 	"bufio"
+	"compress/gzip"
 	"context"
 	"errors"
 	"fmt"
 	"io"
-	"net/http"
 	"net/url"
 	"time"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -25,11 +26,14 @@ import (
 
 // DownloadByAddressOrBucketName handles download requests using simple cid/oid or bucketname/key format.
 func (h *Handler) DownloadByAddressOrBucketName(c *fasthttp.RequestCtx) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.DownloadByAddressOrBucketName")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
 	cidParam := c.UserValue("cid").(string)
 	oidParam := c.UserValue("oid").(string)
 	downloadParam := c.QueryArgs().GetBool("download")
 
-	ctx := utils.GetContextFromRequest(c)
 	log := utils.GetReqLogOrDefault(ctx, h.log).With(
 		zap.String("cid", cidParam),
 		zap.String("oid", oidParam),
@@ -43,11 +47,13 @@ func (h *Handler) DownloadByAddressOrBucketName(c *fasthttp.RequestCtx) {
 
 	checkS3Err := h.tree.CheckSettingsNodeExists(ctx, bktInfo)
 	if checkS3Err != nil && !errors.Is(checkS3Err, layer.ErrNodeNotFound) {
+		log.Error(logs.FailedToCheckIfSettingsNodeExist, zap.String("cid", bktInfo.CID.String()),
+			zap.Error(checkS3Err), logs.TagField(logs.TagExternalStorageTree))
 		logAndSendBucketError(c, log, checkS3Err)
 		return
 	}
 
-	req := h.newRequest(c, log)
+	req := newRequest(c, log)
 
 	var objID oid.ID
 	if checkS3Err == nil && shouldDownload(oidParam, downloadParam) {
@@ -63,15 +69,12 @@ func shouldDownload(oidParam string, downloadParam bool) bool {
 	return !isDir(oidParam) || downloadParam
 }
 
-func (h *Handler) newRequest(ctx *fasthttp.RequestCtx, log *zap.Logger) request {
-	return request{
-		RequestCtx: ctx,
-		log:        log,
-	}
-}
-
 // DownloadByAttribute handles attribute-based download requests.
 func (h *Handler) DownloadByAttribute(c *fasthttp.RequestCtx) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.DownloadByAttribute")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
 	h.byAttribute(c, h.receiveFile)
 }
 
@@ -91,13 +94,64 @@ func (h *Handler) search(ctx context.Context, cnrID cid.ID, key, val string, op
 	return h.frostfs.SearchObjects(ctx, prm)
 }
 
-func (h *Handler) addObjectToZip(zw *zip.Writer, obj *object.Object) (io.Writer, error) {
+// DownloadZip handles zip by prefix requests.
+func (h *Handler) DownloadZip(c *fasthttp.RequestCtx) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.DownloadZip")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
+	scid, _ := c.UserValue("cid").(string)
+
+	log := utils.GetReqLogOrDefault(ctx, h.log)
+	bktInfo, err := h.getBucketInfo(ctx, scid, log)
+	if err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+	resSearch, err := h.searchObjectsByPrefix(c, log, bktInfo.CID)
+	if err != nil {
+		return
+	}
+
+	c.Response.Header.Set(fasthttp.HeaderContentType, "application/zip")
+	c.Response.Header.Set(fasthttp.HeaderContentDisposition, "attachment; filename=\"archive.zip\"")
+
+	c.SetBodyStreamWriter(h.getZipResponseWriter(ctx, log, resSearch, bktInfo))
+}
+
+func (h *Handler) getZipResponseWriter(ctx context.Context, log *zap.Logger, resSearch ResObjectSearch, bktInfo *data.BucketInfo) func(w *bufio.Writer) {
+	return func(w *bufio.Writer) {
+		defer resSearch.Close()
+
+		buf := make([]byte, 3<<20)
+		zipWriter := zip.NewWriter(w)
+		var objectsWritten int
+
+		errIter := resSearch.Iterate(h.putObjectToArchive(ctx, log, bktInfo.CID, buf,
+			func(obj *object.Object) (io.Writer, error) {
+				objectsWritten++
+				return h.createZipFile(zipWriter, obj)
+			}),
+		)
+		if errIter != nil {
+			log.Error(logs.IteratingOverSelectedObjectsFailed, zap.Error(errIter), logs.TagField(logs.TagDatapath))
+			return
+		} else if objectsWritten == 0 {
+			log.Warn(logs.ObjectsNotFound, logs.TagField(logs.TagDatapath))
+		}
+		if err := zipWriter.Close(); err != nil {
+			log.Error(logs.CloseZipWriter, zap.Error(err), logs.TagField(logs.TagDatapath))
+		}
+	}
+}
+
+func (h *Handler) createZipFile(zw *zip.Writer, obj *object.Object) (io.Writer, error) {
 	method := zip.Store
-	if h.config.ZipCompression() {
+	if h.config.ArchiveCompression() {
 		method = zip.Deflate
 	}
 
-	filePath := getZipFilePath(obj)
+	filePath := getFilePath(obj)
 	if len(filePath) == 0 || filePath[len(filePath)-1] == '/' {
 		return nil, fmt.Errorf("invalid filepath '%s'", filePath)
 	}
@@ -109,99 +163,143 @@ func (h *Handler) addObjectToZip(zw *zip.Writer, obj *object.Object) (io.Writer,
 	})
 }
 
-// DownloadZipped handles zip by prefix requests.
-func (h *Handler) DownloadZipped(c *fasthttp.RequestCtx) {
+// DownloadTar forms tar.gz from objects by prefix.
+func (h *Handler) DownloadTar(c *fasthttp.RequestCtx) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.DownloadTar")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
 	scid, _ := c.UserValue("cid").(string)
-	prefix, _ := c.UserValue("prefix").(string)
 
-	ctx := utils.GetContextFromRequest(c)
 	log := utils.GetReqLogOrDefault(ctx, h.log)
-
-	prefix, err := url.QueryUnescape(prefix)
-	if err != nil {
-		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("prefix", prefix), zap.Error(err))
-		response.Error(c, "could not unescape prefix: "+err.Error(), fasthttp.StatusBadRequest)
-		return
-	}
-
-	log = log.With(zap.String("cid", scid), zap.String("prefix", prefix))
-
 	bktInfo, err := h.getBucketInfo(ctx, scid, log)
 	if err != nil {
 		logAndSendBucketError(c, log, err)
 		return
 	}
-
-	resSearch, err := h.search(ctx, bktInfo.CID, object.AttributeFilePath, prefix, object.MatchCommonPrefix)
+	resSearch, err := h.searchObjectsByPrefix(c, log, bktInfo.CID)
 	if err != nil {
-		log.Error(logs.CouldNotSearchForObjects, zap.Error(err))
-		response.Error(c, "could not search for objects: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
-	c.Response.Header.Set(fasthttp.HeaderContentType, "application/zip")
-	c.Response.Header.Set(fasthttp.HeaderContentDisposition, "attachment; filename=\"archive.zip\"")
-	c.Response.SetStatusCode(http.StatusOK)
+	c.Response.Header.Set(fasthttp.HeaderContentType, "application/gzip")
+	c.Response.Header.Set(fasthttp.HeaderContentDisposition, "attachment; filename=\"archive.tar.gz\"")
 
-	c.SetBodyStreamWriter(func(w *bufio.Writer) {
+	c.SetBodyStreamWriter(h.getTarResponseWriter(ctx, log, resSearch, bktInfo))
+}
+
+func (h *Handler) getTarResponseWriter(ctx context.Context, log *zap.Logger, resSearch ResObjectSearch, bktInfo *data.BucketInfo) func(w *bufio.Writer) {
+	return func(w *bufio.Writer) {
 		defer resSearch.Close()
 
-		zipWriter := zip.NewWriter(w)
+		compressionLevel := gzip.NoCompression
+		if h.config.ArchiveCompression() {
+			compressionLevel = gzip.DefaultCompression
+		}
 
-		var bufZip []byte
-		var addr oid.Address
+		// ignore error because it's not nil only if compressionLevel argument is invalid
+		gzipWriter, _ := gzip.NewWriterLevel(w, compressionLevel)
+		tarWriter := tar.NewWriter(gzipWriter)
 
-		empty := true
-		called := false
-		btoken := bearerToken(ctx)
-		addr.SetContainer(bktInfo.CID)
-
-		errIter := resSearch.Iterate(func(id oid.ID) bool {
-			called = true
-
-			if empty {
-				bufZip = make([]byte, 3<<20) // the same as for upload
+		defer func() {
+			if err := tarWriter.Close(); err != nil {
+				log.Error(logs.CloseTarWriter, zap.Error(err), logs.TagField(logs.TagDatapath))
 			}
-			empty = false
-
-			addr.SetObject(id)
-			if err = h.zipObject(ctx, zipWriter, addr, btoken, bufZip); err != nil {
-				log.Error(logs.FailedToAddObjectToArchive, zap.String("oid", id.EncodeToString()), zap.Error(err))
+			if err := gzipWriter.Close(); err != nil {
+				log.Error(logs.CloseGzipWriter, zap.Error(err), logs.TagField(logs.TagDatapath))
 			}
+		}()
 
-			return false
-		})
+		var objectsWritten int
+		buf := make([]byte, 3<<20) // the same as for upload
+
+		errIter := resSearch.Iterate(h.putObjectToArchive(ctx, log, bktInfo.CID, buf,
+			func(obj *object.Object) (io.Writer, error) {
+				objectsWritten++
+				return h.createTarFile(tarWriter, obj)
+			}),
+		)
 		if errIter != nil {
-			log.Error(logs.IteratingOverSelectedObjectsFailed, zap.Error(errIter))
-		} else if !called {
-			log.Error(logs.ObjectsNotFound)
+			log.Error(logs.IteratingOverSelectedObjectsFailed, zap.Error(errIter), logs.TagField(logs.TagDatapath))
+		} else if objectsWritten == 0 {
+			log.Warn(logs.ObjectsNotFound, logs.TagField(logs.TagDatapath))
 		}
+	}
+}
 
-		if err = zipWriter.Close(); err != nil {
-			log.Error(logs.CloseZipWriter, zap.Error(err))
-		}
+func (h *Handler) createTarFile(tw *tar.Writer, obj *object.Object) (io.Writer, error) {
+	filePath := getFilePath(obj)
+	if len(filePath) == 0 || filePath[len(filePath)-1] == '/' {
+		return nil, fmt.Errorf("invalid filepath '%s'", filePath)
+	}
+
+	return tw, tw.WriteHeader(&tar.Header{
+		Name: filePath,
+		Mode: 0655,
+		Size: int64(obj.PayloadSize()),
 	})
 }
 
-func (h *Handler) zipObject(ctx context.Context, zipWriter *zip.Writer, addr oid.Address, btoken *bearer.Token, bufZip []byte) error {
-	prm := PrmObjectGet{
-		PrmAuth: PrmAuth{
-			BearerToken: btoken,
-		},
-		Address: addr,
-	}
+func (h *Handler) putObjectToArchive(ctx context.Context, log *zap.Logger, cnrID cid.ID, buf []byte, createArchiveHeader func(obj *object.Object) (io.Writer, error)) func(id oid.ID) bool {
+	return func(id oid.ID) bool {
+		log = log.With(zap.String("oid", id.EncodeToString()))
 
-	resGet, err := h.frostfs.GetObject(ctx, prm)
+		prm := PrmObjectGet{
+			PrmAuth: PrmAuth{
+				BearerToken: bearerToken(ctx),
+			},
+			Address: newAddress(cnrID, id),
+		}
+
+		resGet, err := h.frostfs.GetObject(ctx, prm)
+		if err != nil {
+			log.Error(logs.FailedToGetObject, zap.Error(err), logs.TagField(logs.TagExternalStorage))
+			return false
+		}
+
+		fileWriter, err := createArchiveHeader(&resGet.Header)
+		if err != nil {
+			log.Error(logs.FailedToAddObjectToArchive, zap.Error(err), logs.TagField(logs.TagDatapath))
+			return false
+		}
+
+		if err = writeToArchive(resGet, fileWriter, buf); err != nil {
+			log.Error(logs.FailedToAddObjectToArchive, zap.Error(err), logs.TagField(logs.TagDatapath))
+			return false
+		}
+
+		return false
+	}
+}
+
+func (h *Handler) searchObjectsByPrefix(c *fasthttp.RequestCtx, log *zap.Logger, cnrID cid.ID) (ResObjectSearch, error) {
+	scid, _ := c.UserValue("cid").(string)
+	prefix, _ := c.UserValue("prefix").(string)
+
+	ctx := utils.GetContextFromRequest(c)
+
+	prefix, err := url.QueryUnescape(prefix)
 	if err != nil {
-		return fmt.Errorf("get FrostFS object: %v", err)
+		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("prefix", prefix),
+			zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not unescape prefix: "+err.Error(), fasthttp.StatusBadRequest)
+		return nil, err
 	}
 
-	objWriter, err := h.addObjectToZip(zipWriter, &resGet.Header)
+	log = log.With(zap.String("cid", scid), zap.String("prefix", prefix))
+
+	resSearch, err := h.search(ctx, cnrID, object.AttributeFilePath, prefix, object.MatchCommonPrefix)
 	if err != nil {
-		return fmt.Errorf("zip create header: %v", err)
+		log.Error(logs.CouldNotSearchForObjects, zap.Error(err), logs.TagField(logs.TagExternalStorage))
+		ResponseError(c, "could not search for objects: "+err.Error(), fasthttp.StatusBadRequest)
+		return nil, err
 	}
+	return resSearch, nil
+}
 
-	if _, err = io.CopyBuffer(objWriter, resGet.Payload, bufZip); err != nil {
+func writeToArchive(resGet *Object, objWriter io.Writer, buf []byte) error {
+	var err error
+	if _, err = io.CopyBuffer(objWriter, resGet.Payload, buf); err != nil {
 		return fmt.Errorf("copy object payload to zip file: %v", err)
 	}
 
@@ -209,14 +307,10 @@ func (h *Handler) zipObject(ctx context.Context, zipWriter *zip.Writer, addr oid
 		return fmt.Errorf("object body close error: %w", err)
 	}
 
-	if err = zipWriter.Flush(); err != nil {
-		return fmt.Errorf("flush zip writer: %v", err)
-	}
-
 	return nil
 }
 
-func getZipFilePath(obj *object.Object) string {
+func getFilePath(obj *object.Object) string {
 	for _, attr := range obj.Attributes() {
 		if attr.Key() == object.AttributeFilePath {
 			return attr.Value()

internal/handler/filter.go

@@ -50,7 +50,8 @@ func filterHeaders(l *zap.Logger, header *fasthttp.RequestHeader) (map[string]st
 
 		l.Debug(logs.AddAttributeToResultObject,
 			zap.String("key", k),
-			zap.String("val", v))
+			zap.String("val", v),
+			logs.TagField(logs.TagDatapath))
 	})
 
 	return result, err

internal/handler/handler.go

@@ -13,8 +13,8 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
@@ -29,7 +29,7 @@ import (
 
 type Config interface {
 	DefaultTimestamp() bool
-	ZipCompression() bool
+	ArchiveCompression() bool
 	ClientCut() bool
 	IndexPageEnabled() bool
 	IndexPageTemplate() string
@@ -140,6 +140,8 @@ var (
 	ErrAccessDenied = errors.New("access denied")
 	// ErrGatewayTimeout is returned from FrostFS in case of timeout, deadline exceeded etc.
 	ErrGatewayTimeout = errors.New("gateway timeout")
+	// ErrQuotaLimitReached is returned from FrostFS in case of quota exceeded.
+	ErrQuotaLimitReached = errors.New("quota limit reached")
 )
 
 // FrostFS represents virtual connection to FrostFS network.
@@ -194,6 +196,9 @@ func New(params *AppParams, config Config, tree layer.TreeService, workerPool *a
 // byNativeAddress is a wrapper for function (e.g. request.headObject, request.receiveFile) that
 // prepares request and object address to it.
 func (h *Handler) byNativeAddress(ctx context.Context, req request, cnrID cid.ID, objID oid.ID, handler func(context.Context, request, oid.Address)) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "handler.byNativeAddress")
+	defer span.End()
+
 	addr := newAddress(cnrID, objID)
 	handler(ctx, req, addr)
 }
@@ -201,21 +206,26 @@ func (h *Handler) byNativeAddress(ctx context.Context, req request, cnrID cid.ID
 // byS3Path is a wrapper for function (e.g. request.headObject, request.receiveFile) that
 // resolves object address from S3-like path <bucket name>/<object key>.
 func (h *Handler) byS3Path(ctx context.Context, req request, cnrID cid.ID, path string, handler func(context.Context, request, oid.Address)) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "handler.byS3Path")
+	defer span.End()
+
 	c, log := req.RequestCtx, req.log
 
 	foundOID, err := h.tree.GetLatestVersion(ctx, &cnrID, path)
 	if err != nil {
+		log.Error(logs.FailedToGetLatestVersionOfObject, zap.Error(err), zap.String("cid", cnrID.String()),
+			zap.String("path", path), logs.TagField(logs.TagExternalStorageTree))
 		logAndSendBucketError(c, log, err)
 		return
 	}
 	if foundOID.IsDeleteMarker {
-		log.Error(logs.ObjectWasDeleted)
-		response.Error(c, "object deleted", fasthttp.StatusNotFound)
+		log.Error(logs.ObjectWasDeleted, logs.TagField(logs.TagExternalStorageTree))
+		ResponseError(c, "object deleted", fasthttp.StatusNotFound)
 		return
 	}
 
 	addr := newAddress(cnrID, foundOID.OID)
-	handler(ctx, h.newRequest(c, log), addr)
+	handler(ctx, newRequest(c, log), addr)
 }
 
 // byAttribute is a wrapper similar to byNativeAddress.
@@ -229,18 +239,22 @@ func (h *Handler) byAttribute(c *fasthttp.RequestCtx, handler func(context.Conte
 
 	key, err := url.QueryUnescape(key)
 	if err != nil {
-		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", cidParam), zap.String("attr_key", key), zap.Error(err))
-		response.Error(c, "could not unescape attr_key: "+err.Error(), fasthttp.StatusBadRequest)
+		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", cidParam), zap.String("attr_key", key),
+			zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not unescape attr_key: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
 	val, err = url.QueryUnescape(val)
 	if err != nil {
-		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", cidParam), zap.String("attr_val", val), zap.Error(err))
-		response.Error(c, "could not unescape attr_val: "+err.Error(), fasthttp.StatusBadRequest)
+		log.Error(logs.FailedToUnescapeQuery, zap.String("cid", cidParam), zap.String("attr_val", val),
+			zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not unescape attr_val: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
+	val = prepareAtribute(key, val)
+
 	log = log.With(zap.String("cid", cidParam), zap.String("attr_key", key), zap.String("attr_val", val))
 
 	bktInfo, err := h.getBucketInfo(ctx, cidParam, log)
@@ -252,11 +266,11 @@ func (h *Handler) byAttribute(c *fasthttp.RequestCtx, handler func(context.Conte
 	objID, err := h.findObjectByAttribute(ctx, log, bktInfo.CID, key, val)
 	if err != nil {
 		if errors.Is(err, io.EOF) {
-			response.Error(c, err.Error(), fasthttp.StatusNotFound)
+			ResponseError(c, err.Error(), fasthttp.StatusNotFound)
 			return
 		}
 
-		response.Error(c, err.Error(), fasthttp.StatusBadRequest)
+		ResponseError(c, err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
@@ -264,13 +278,13 @@ func (h *Handler) byAttribute(c *fasthttp.RequestCtx, handler func(context.Conte
 	addr.SetContainer(bktInfo.CID)
 	addr.SetObject(objID)
 
-	handler(ctx, h.newRequest(c, log), addr)
+	handler(ctx, newRequest(c, log), addr)
 }
 
 func (h *Handler) findObjectByAttribute(ctx context.Context, log *zap.Logger, cnrID cid.ID, attrKey, attrVal string) (oid.ID, error) {
 	res, err := h.search(ctx, cnrID, attrKey, attrVal, object.MatchStringEqual)
 	if err != nil {
-		log.Error(logs.CouldNotSearchForObjects, zap.Error(err))
+		log.Error(logs.CouldNotSearchForObjects, zap.Error(err), logs.TagField(logs.TagExternalStorage))
 		return oid.ID{}, fmt.Errorf("could not search for objects: %w", err)
 	}
 	defer res.Close()
@@ -281,13 +295,14 @@ func (h *Handler) findObjectByAttribute(ctx context.Context, log *zap.Logger, cn
 	if n == 0 {
 		switch {
 		case errors.Is(err, io.EOF) && h.needSearchByFileName(attrKey, attrVal):
-			log.Debug(logs.ObjectNotFoundByFilePathTrySearchByFileName)
+			log.Debug(logs.ObjectNotFoundByFilePathTrySearchByFileName, logs.TagField(logs.TagExternalStorage))
+			attrVal = prepareAtribute(attrFileName, attrVal)
 			return h.findObjectByAttribute(ctx, log, cnrID, attrFileName, attrVal)
 		case errors.Is(err, io.EOF):
-			log.Error(logs.ObjectNotFound, zap.Error(err))
+			log.Error(logs.ObjectNotFound, zap.Error(err), logs.TagField(logs.TagExternalStorage))
 			return oid.ID{}, fmt.Errorf("object not found: %w", err)
 		default:
-			log.Error(logs.ReadObjectListFailed, zap.Error(err))
+			log.Error(logs.ReadObjectListFailed, zap.Error(err), logs.TagField(logs.TagExternalStorage))
 			return oid.ID{}, fmt.Errorf("read object list failed: %w", err)
 		}
 	}
@@ -303,6 +318,34 @@ func (h *Handler) needSearchByFileName(key, val string) bool {
 	return strings.HasPrefix(val, "/") && strings.Count(val, "/") == 1 || !strings.Contains(val, "/")
 }
 
+func prepareAtribute(attrKey, attrVal string) string {
+	if attrKey == attrFileName {
+		return prepareFileName(attrVal)
+	}
+
+	if attrKey == attrFilePath {
+		return prepareFilePath(attrVal)
+	}
+
+	return attrVal
+}
+
+func prepareFileName(fileName string) string {
+	if strings.HasPrefix(fileName, "/") {
+		return fileName[1:]
+	}
+
+	return fileName
+}
+
+func prepareFilePath(filePath string) string {
+	if !strings.HasPrefix(filePath, "/") {
+		return "/" + filePath
+	}
+
+	return filePath
+}
+
 // resolveContainer decode container id, if it's not a valid container id
 // then trey to resolve name using provided resolver.
 func (h *Handler) resolveContainer(ctx context.Context, containerID string) (*cid.ID, error) {
@@ -329,11 +372,16 @@ func (h *Handler) getBucketInfo(ctx context.Context, containerName string, log *
 
 	cnrID, err := h.resolveContainer(ctx, containerName)
 	if err != nil {
+		log.Error(logs.CouldNotResolveContainerID, zap.Error(err), zap.String("cnrName", containerName),
+			logs.TagField(logs.TagDatapath))
 		return nil, err
 	}
 
 	bktInfo, err := h.readContainer(ctx, *cnrID)
 	if err != nil {
+		log.Error(logs.CouldNotGetContainerInfo, zap.Error(err), zap.String("cnrName", containerName),
+			zap.String("cnrName", cnrID.String()),
+			logs.TagField(logs.TagExternalStorage))
 		return nil, err
 	}
 
@@ -341,7 +389,8 @@ func (h *Handler) getBucketInfo(ctx context.Context, containerName string, log *
 		log.Warn(logs.CouldntPutBucketIntoCache,
 			zap.String("bucket name", bktInfo.Name),
 			zap.Stringer("bucket cid", bktInfo.CID),
-			zap.Error(err))
+			zap.Error(err),
+			logs.TagField(logs.TagDatapath))
 	}
 
 	return bktInfo, nil
@@ -365,11 +414,16 @@ func (h *Handler) readContainer(ctx context.Context, cnrID cid.ID) (*data.Bucket
 	}
 
 	bktInfo.HomomorphicHashDisabled = container.IsHomomorphicHashingDisabled(*res)
+	bktInfo.PlacementPolicy = res.PlacementPolicy()
 
 	return bktInfo, err
 }
 
 func (h *Handler) browseIndex(c *fasthttp.RequestCtx, isNativeList bool) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.browseIndex")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
 	if !h.config.IndexPageEnabled() {
 		c.SetStatusCode(fasthttp.StatusNotFound)
 		return
@@ -378,7 +432,6 @@ func (h *Handler) browseIndex(c *fasthttp.RequestCtx, isNativeList bool) {
 	cidURLParam := c.UserValue("cid").(string)
 	oidURLParam := c.UserValue("oid").(string)
 
-	ctx := utils.GetContextFromRequest(c)
 	reqLog := utils.GetReqLogOrDefault(ctx, h.log)
 	log := reqLog.With(zap.String("cid", cidURLParam), zap.String("oid", oidURLParam))
 

internal/handler/handler_fuzz_test.go

@@ -21,6 +21,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	go_fuzz_utils "github.com/trailofbits/go-fuzz-utils"
 	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
 )
 
 const (
@@ -125,7 +126,7 @@ func maybeFillRandom(tp *go_fuzz_utils.TypeProvider, initValue string) (string,
 }
 
 func upload(tp *go_fuzz_utils.TypeProvider) (context.Context, *handlerContext, cid.ID, *fasthttp.RequestCtx, string, string, string, error) {
-	hc, err := prepareHandlerContext()
+	hc, err := prepareHandlerContextBase(zap.NewExample())
 	if err != nil {
 		return nil, nil, cid.ID{}, nil, "", "", "", err
 	}
@@ -517,7 +518,7 @@ func DoFuzzDownloadZipped(input []byte) int {
 	r.SetUserValue("cid", cid)
 	r.SetUserValue("prefix", prefix)
 
-	hc.Handler().DownloadZipped(r)
+	hc.Handler().DownloadZip(r)
 
 	return fuzzSuccessExitCode
 }

internal/handler/handler_test.go

@@ -30,6 +30,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
+	"go.uber.org/zap/zaptest"
 )
 
 type treeServiceMock struct {
@@ -66,7 +67,7 @@ func (c *configMock) DefaultTimestamp() bool {
 	return false
 }
 
-func (c *configMock) ZipCompression() bool {
+func (c *configMock) ArchiveCompression() bool {
 	return false
 }
 
@@ -112,12 +113,13 @@ func (hc *handlerContext) Handler() *Handler {
 	return hc.h
 }
 
-func prepareHandlerContext() (*handlerContext, error) {
-	logger, err := zap.NewDevelopment()
-	if err != nil {
-		return nil, err
-	}
+func prepareHandlerContext(t *testing.T) *handlerContext {
+	hc, err := prepareHandlerContextBase(zaptest.NewLogger(t))
+	require.NoError(t, err)
+	return hc
+}
 
+func prepareHandlerContextBase(logger *zap.Logger) (*handlerContext, error) {
 	key, err := keys.NewPrivateKey()
 	if err != nil {
 		return nil, err
@@ -142,7 +144,7 @@ func prepareHandlerContext() (*handlerContext, error) {
 			Size:     1,
 			Lifetime: 1,
 			Logger:   logger,
-		}),
+		}, false),
 	}
 
 	treeMock := newTreeService()
@@ -196,8 +198,7 @@ func (hc *handlerContext) prepareContainer(name string, basicACL acl.Basic) (cid
 }
 
 func TestBasic(t *testing.T) {
-	hc, err := prepareHandlerContext()
-	require.NoError(t, err)
+	hc := prepareHandlerContext(t)
 
 	bktName := "bucket"
 	cnrID, cnr, err := hc.prepareContainer(bktName, acl.PublicRWExtended)
@@ -219,8 +220,10 @@ func TestBasic(t *testing.T) {
 	require.NoError(t, err)
 
 	obj := hc.frostfs.objects[putRes.ContainerID+"/"+putRes.ObjectID]
-	attr := prepareObjectAttributes(object.AttributeFilePath, objFileName)
-	obj.SetAttributes(append(obj.Attributes(), attr)...)
+	fileName := prepareObjectAttributes(object.AttributeFileName, objFileName)
+	filePath := prepareObjectAttributes(object.AttributeFilePath, objFilePath)
+	obj.SetAttributes(append(obj.Attributes(), fileName)...)
+	obj.SetAttributes(append(obj.Attributes(), filePath)...)
 
 	t.Run("get", func(t *testing.T) {
 		r = prepareGetRequest(ctx, cnrID.EncodeToString(), putRes.ObjectID)
@@ -239,6 +242,14 @@ func TestBasic(t *testing.T) {
 		r = prepareGetByAttributeRequest(ctx, bktName, keyAttr, valAttr)
 		hc.Handler().DownloadByAttribute(r)
 		require.Equal(t, content, string(r.Response.Body()))
+
+		r = prepareGetByAttributeRequest(ctx, bktName, attrFileName, objFilePath)
+		hc.Handler().DownloadByAttribute(r)
+		require.Equal(t, content, string(r.Response.Body()))
+
+		r = prepareGetByAttributeRequest(ctx, bktName, attrFilePath, objFileName)
+		hc.Handler().DownloadByAttribute(r)
+		require.Equal(t, content, string(r.Response.Body()))
 	})
 
 	t.Run("head by attribute", func(t *testing.T) {
@@ -246,17 +257,27 @@ func TestBasic(t *testing.T) {
 		hc.Handler().HeadByAttribute(r)
 		require.Equal(t, putRes.ObjectID, string(r.Response.Header.Peek(hdrObjectID)))
 		require.Equal(t, putRes.ContainerID, string(r.Response.Header.Peek(hdrContainerID)))
+
+		r = prepareGetByAttributeRequest(ctx, bktName, attrFileName, objFilePath)
+		hc.Handler().HeadByAttribute(r)
+		require.Equal(t, putRes.ObjectID, string(r.Response.Header.Peek(hdrObjectID)))
+		require.Equal(t, putRes.ContainerID, string(r.Response.Header.Peek(hdrContainerID)))
+
+		r = prepareGetByAttributeRequest(ctx, bktName, attrFilePath, objFileName)
+		hc.Handler().HeadByAttribute(r)
+		require.Equal(t, putRes.ObjectID, string(r.Response.Header.Peek(hdrObjectID)))
+		require.Equal(t, putRes.ContainerID, string(r.Response.Header.Peek(hdrContainerID)))
 	})
 
 	t.Run("zip", func(t *testing.T) {
 		r = prepareGetZipped(ctx, bktName, "")
-		hc.Handler().DownloadZipped(r)
+		hc.Handler().DownloadZip(r)
 
 		readerAt := bytes.NewReader(r.Response.Body())
 		zipReader, err := zip.NewReader(readerAt, int64(len(r.Response.Body())))
 		require.NoError(t, err)
 		require.Len(t, zipReader.File, 1)
-		require.Equal(t, objFileName, zipReader.File[0].Name)
+		require.Equal(t, objFilePath, zipReader.File[0].Name)
 		f, err := zipReader.File[0].Open()
 		require.NoError(t, err)
 		defer func() {
@@ -270,8 +291,7 @@ func TestBasic(t *testing.T) {
 }
 
 func TestFindObjectByAttribute(t *testing.T) {
-	hc, err := prepareHandlerContext()
-	require.NoError(t, err)
+	hc := prepareHandlerContext(t)
 	hc.cfg.additionalSearch = true
 
 	bktName := "bucket"
@@ -293,8 +313,8 @@ func TestFindObjectByAttribute(t *testing.T) {
 	err = json.Unmarshal(r.Response.Body(), &putRes)
 	require.NoError(t, err)
 
-	testAttrVal1 := "test-attr-val1"
-	testAttrVal2 := "test-attr-val2"
+	testAttrVal1 := "/folder/cat.jpg"
+	testAttrVal2 := "cat.jpg"
 	testAttrVal3 := "test-attr-val3"
 
 	for _, tc := range []struct {
@@ -340,6 +360,14 @@ func TestFindObjectByAttribute(t *testing.T) {
 			err:              "not found",
 			additionalSearch: true,
 		},
+		{
+			name:             "success search by FilePath with leading slash (with additional search)",
+			firstAttr:        prepareObjectAttributes(attrFilePath, testAttrVal1),
+			secondAttr:       prepareObjectAttributes(attrFileName, testAttrVal2),
+			reqAttrKey:       attrFilePath,
+			reqAttrValue:     "/cat.jpg",
+			additionalSearch: true,
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			obj := hc.frostfs.objects[putRes.ContainerID+"/"+putRes.ObjectID]
@@ -360,8 +388,7 @@ func TestFindObjectByAttribute(t *testing.T) {
 }
 
 func TestNeedSearchByFileName(t *testing.T) {
-	hc, err := prepareHandlerContext()
-	require.NoError(t, err)
+	hc := prepareHandlerContext(t)
 
 	for _, tc := range []struct {
 		name             string
@@ -422,6 +449,28 @@ func TestNeedSearchByFileName(t *testing.T) {
 	}
 }
 
+func TestPrepareFileName(t *testing.T) {
+	fileName := "/cat.jpg"
+	expected := "cat.jpg"
+	actual := prepareFileName(fileName)
+	require.Equal(t, expected, actual)
+
+	fileName = "cat.jpg"
+	actual = prepareFileName(fileName)
+	require.Equal(t, expected, actual)
+}
+
+func TestPrepareFilePath(t *testing.T) {
+	filePath := "cat.jpg"
+	expected := "/cat.jpg"
+	actual := prepareFilePath(filePath)
+	require.Equal(t, expected, actual)
+
+	filePath = "/cat.jpg"
+	actual = prepareFilePath(filePath)
+	require.Equal(t, expected, actual)
+}
+
 func prepareUploadRequest(ctx context.Context, bucket, content string) (*fasthttp.RequestCtx, error) {
 	r := new(fasthttp.RequestCtx)
 	utils.SetContextToRequest(ctx, r)
@@ -465,6 +514,7 @@ const (
 	keyAttr     = "User-Attribute"
 	valAttr     = "user value"
 	objFileName = "newFile.txt"
+	objFilePath = "/newFile.txt"
 )
 
 func fillMultipartBody(r *fasthttp.RequestCtx, content string) error {

internal/handler/head.go

@@ -11,6 +11,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/valyala/fasthttp"
@@ -45,7 +46,11 @@ func (h *Handler) headObject(ctx context.Context, req request, objectAddress oid
 	}
 
 	req.Response.Header.Set(fasthttp.HeaderContentLength, strconv.FormatUint(obj.PayloadSize(), 10))
-	var contentType string
+	var (
+		contentType string
+		filename    string
+		filepath    string
+	)
 	for _, attr := range obj.Attributes() {
 		key := attr.Key()
 		val := attr.Value()
@@ -63,14 +68,22 @@ func (h *Handler) headObject(ctx context.Context, req request, objectAddress oid
 				req.log.Info(logs.CouldntParseCreationDate,
 					zap.String("key", key),
 					zap.String("val", val),
-					zap.Error(err))
+					zap.Error(err),
+					logs.TagField(logs.TagDatapath))
 				continue
 			}
 			req.Response.Header.Set(fasthttp.HeaderLastModified, time.Unix(value, 0).UTC().Format(http.TimeFormat))
 		case object.AttributeContentType:
 			contentType = val
+		case object.AttributeFilePath:
+			filepath = val
+		case object.AttributeFileName:
+			filename = val
 		}
 	}
+	if filename == "" {
+		filename = filepath
+	}
 
 	idsToResponse(&req.Response, obj)
 
@@ -85,7 +98,7 @@ func (h *Handler) headObject(ctx context.Context, req request, objectAddress oid
 			}
 
 			return h.frostfs.RangeObject(ctx, prmRange)
-		})
+		}, filename)
 		if err != nil && err != io.EOF {
 			req.handleFrostFSErr(err, start)
 			return
@@ -104,10 +117,12 @@ func idsToResponse(resp *fasthttp.Response, obj *object.Object) {
 
 // HeadByAddressOrBucketName handles head requests using simple cid/oid or bucketname/key format.
 func (h *Handler) HeadByAddressOrBucketName(c *fasthttp.RequestCtx) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.HeadByAddressOrBucketName")
+	defer span.End()
+
 	cidParam, _ := c.UserValue("cid").(string)
 	oidParam, _ := c.UserValue("oid").(string)
 
-	ctx := utils.GetContextFromRequest(c)
 	log := utils.GetReqLogOrDefault(ctx, h.log).With(
 		zap.String("cid", cidParam),
 		zap.String("oid", oidParam),
@@ -120,11 +135,13 @@ func (h *Handler) HeadByAddressOrBucketName(c *fasthttp.RequestCtx) {
 	}
 	checkS3Err := h.tree.CheckSettingsNodeExists(ctx, bktInfo)
 	if checkS3Err != nil && !errors.Is(checkS3Err, layer.ErrNodeNotFound) {
+		log.Error(logs.FailedToCheckIfSettingsNodeExist, zap.String("cid", bktInfo.CID.String()),
+			zap.Error(checkS3Err), logs.TagField(logs.TagExternalStorageTree))
 		logAndSendBucketError(c, log, checkS3Err)
 		return
 	}
 
-	req := h.newRequest(c, log)
+	req := newRequest(c, log)
 
 	var objID oid.ID
 	if checkS3Err == nil {
@@ -133,11 +150,14 @@ func (h *Handler) HeadByAddressOrBucketName(c *fasthttp.RequestCtx) {
 		h.byNativeAddress(ctx, req, bktInfo.CID, objID, h.headObject)
 	} else {
 		logAndSendBucketError(c, log, checkS3Err)
-		return
 	}
 }
 
 // HeadByAttribute handles attribute-based head requests.
 func (h *Handler) HeadByAttribute(c *fasthttp.RequestCtx) {
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.HeadByAttribute")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
 	h.byAttribute(c, h.headObject)
 }

internal/handler/multipart.go

@@ -33,7 +33,7 @@ func fetchMultipartFile(l *zap.Logger, r io.Reader, boundary string) (MultipartF
 
 		name := part.FormName()
 		if name == "" {
-			l.Debug(logs.IgnorePartEmptyFormName)
+			l.Debug(logs.IgnorePartEmptyFormName, logs.TagField(logs.TagDatapath))
 			continue
 		}
 
@@ -41,8 +41,10 @@ func fetchMultipartFile(l *zap.Logger, r io.Reader, boundary string) (MultipartF
 
 		// ignore multipart/form-data values
 		if filename == "" {
-			l.Debug(logs.IgnorePartEmptyFilename, zap.String("form", name))
-
+			l.Debug(logs.IgnorePartEmptyFilename, zap.String("form", name), logs.TagField(logs.TagDatapath))
+			if err = part.Close(); err != nil {
+				l.Warn(logs.FailedToCloseReader, zap.Error(err), logs.TagField(logs.TagDatapath))
+			}
 			continue
 		}
 

internal/handler/multipart_test.go

@@ -60,12 +60,7 @@ func BenchmarkAll(b *testing.B) {
 func defaultMultipart(filename string) error {
 	r, bound := multipartFile(filename)
 
-	logger, err := zap.NewProduction()
-	if err != nil {
-		return err
-	}
-
-	file, err := fetchMultipartFileDefault(logger, r, bound)
+	file, err := fetchMultipartFileDefault(zap.NewNop(), r, bound)
 	if err != nil {
 		return err
 	}
@@ -87,12 +82,7 @@ func TestName(t *testing.T) {
 func customMultipart(filename string) error {
 	r, bound := multipartFile(filename)
 
-	logger, err := zap.NewProduction()
-	if err != nil {
-		return err
-	}
-
-	file, err := fetchMultipartFile(logger, r, bound)
+	file, err := fetchMultipartFile(zap.NewNop(), r, bound)
 	if err != nil {
 		return err
 	}
@@ -112,7 +102,7 @@ func fetchMultipartFileDefault(l *zap.Logger, r io.Reader, boundary string) (Mul
 
 		name := part.FormName()
 		if name == "" {
-			l.Debug(logs.IgnorePartEmptyFormName)
+			l.Debug(logs.IgnorePartEmptyFormName, logs.TagField(logs.TagDatapath))
 			continue
 		}
 
@@ -120,8 +110,7 @@ func fetchMultipartFileDefault(l *zap.Logger, r io.Reader, boundary string) (Mul
 
 		// ignore multipart/form-data values
 		if filename == "" {
-			l.Debug(logs.IgnorePartEmptyFilename, zap.String("form", name))
-
+			l.Debug(logs.IgnorePartEmptyFilename, zap.String("form", name), logs.TagField(logs.TagDatapath))
 			continue
 		}
 

internal/handler/reader.go

@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"context"
 	"io"
+	"mime"
 	"net/http"
 	"path"
 	"strconv"
+	"strings"
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -25,7 +26,7 @@ type readCloser struct {
 
 // initializes io.Reader with the limited size and detects Content-Type from it.
 // Returns r's error directly. Also returns the processed data.
-func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (string, []byte, error) {
+func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error), filename string) (string, []byte, error) {
 	if maxSize > sizeToDetectType {
 		maxSize = sizeToDetectType
 	}
@@ -44,7 +45,20 @@ func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (str
 
 	buf = buf[:n]
 
-	return http.DetectContentType(buf), buf, err // to not lose io.EOF
+	contentType := http.DetectContentType(buf)
+
+	// Since the detector detects the "text/plain" content type for various types of text files,
+	// including CSS, JavaScript, and CSV files,
+	// we'll determine the final content type based on the file's extension.
+	if strings.HasPrefix(contentType, "text/plain") {
+		ext := path.Ext(filename)
+		// If the file doesn't have a file extension, we'll keep the content type as is.
+		if len(ext) > 0 {
+			contentType = mime.TypeByExtension(ext)
+		}
+	}
+
+	return contentType, buf, err // to not lose io.EOF
 }
 
 type getMultiobjectBodyParams struct {
@@ -96,7 +110,8 @@ func (h *Handler) receiveFile(ctx context.Context, req request, objAddress oid.A
 			if err = req.setTimestamp(val); err != nil {
 				req.log.Error(logs.CouldntParseCreationDate,
 					zap.String("val", val),
-					zap.Error(err))
+					zap.Error(err),
+					logs.TagField(logs.TagDatapath))
 			}
 		case object.AttributeContentType:
 			contentType = val
@@ -128,10 +143,10 @@ func (h *Handler) receiveFile(ctx context.Context, req request, objAddress oid.A
 
 		contentType, payloadHead, err = readContentType(payloadSize, func(uint64) (io.Reader, error) {
 			return payload, nil
-		})
+		}, filename)
 		if err != nil && err != io.EOF {
-			req.log.Error(logs.CouldNotDetectContentTypeFromPayload, zap.Error(err))
-			response.Error(req.RequestCtx, "could not detect Content-Type from payload: "+err.Error(), fasthttp.StatusBadRequest)
+			req.log.Error(logs.CouldNotDetectContentTypeFromPayload, zap.Error(err), logs.TagField(logs.TagDatapath))
+			ResponseError(req.RequestCtx, "could not detect Content-Type from payload: "+err.Error(), fasthttp.StatusBadRequest)
 			return
 		}
 

internal/handler/reader_test.go

@@ -10,39 +10,80 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+const (
+	txtContentType        = "text/plain; charset=utf-8"
+	cssContentType        = "text/css; charset=utf-8"
+	htmlContentType       = "text/html; charset=utf-8"
+	javascriptContentType = "text/javascript; charset=utf-8"
+
+	htmlBody = "<!DOCTYPE html><html ><head><meta charset=\"utf-8\"><title>Test Html</title>"
+)
+
 func TestDetector(t *testing.T) {
-	txtContentType := "text/plain; charset=utf-8"
 	sb := strings.Builder{}
 	for i := 0; i < 10; i++ {
 		sb.WriteString("Some txt content. Content-Type must be detected properly by detector.")
 	}
 
 	for _, tc := range []struct {
-		Name        string
-		ContentType string
-		Expected    string
+		Name                string
+		ExpectedContentType string
+		Content             string
+		FileName            string
 	}{
 		{
-			Name:        "less than 512b",
-			ContentType: txtContentType,
-			Expected:    sb.String()[:256],
+			Name:                "less than 512b",
+			ExpectedContentType: txtContentType,
+			Content:             sb.String()[:256],
+			FileName:            "test.txt",
 		},
 		{
-			Name:        "more than 512b",
-			ContentType: txtContentType,
-			Expected:    sb.String(),
+			Name:                "more than 512b",
+			ExpectedContentType: txtContentType,
+			Content:             sb.String(),
+			FileName:            "test.txt",
+		},
+		{
+			Name:                "css content type",
+			ExpectedContentType: cssContentType,
+			Content:             sb.String(),
+			FileName:            "test.css",
+		},
+		{
+			Name:                "javascript content type",
+			ExpectedContentType: javascriptContentType,
+			Content:             sb.String(),
+			FileName:            "test.js",
+		},
+		{
+			Name:                "html content type by file content",
+			ExpectedContentType: htmlContentType,
+			Content:             htmlBody,
+			FileName:            "test.detect-by-content",
+		},
+		{
+			Name:                "html content type by file extension",
+			ExpectedContentType: htmlContentType,
+			Content:             sb.String(),
+			FileName:            "test.html",
+		},
+		{
+			Name:                "empty file extension",
+			ExpectedContentType: txtContentType,
+			Content:             sb.String(),
+			FileName:            "test",
 		},
 	} {
 		t.Run(tc.Name, func(t *testing.T) {
-			contentType, data, err := readContentType(uint64(len(tc.Expected)),
+			contentType, data, err := readContentType(uint64(len(tc.Content)),
 				func(uint64) (io.Reader, error) {
-					return strings.NewReader(tc.Expected), nil
-				},
+					return strings.NewReader(tc.Content), nil
+				}, tc.FileName,
 			)
 
 			require.NoError(t, err)
-			require.Equal(t, tc.ContentType, contentType)
-			require.True(t, strings.HasPrefix(tc.Expected, string(data)))
+			require.Equal(t, tc.ExpectedContentType, contentType)
+			require.True(t, strings.HasPrefix(tc.Content, string(data)))
 		})
 	}
 }

internal/handler/upload.go

@@ -1,17 +1,23 @@
 package handler
 
 import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
 	"context"
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
+	"path/filepath"
 	"strconv"
 	"time"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -20,8 +26,9 @@ import (
 )
 
 const (
-	jsonHeader   = "application/json; charset=UTF-8"
-	drainBufSize = 4096
+	jsonHeader           = "application/json; charset=UTF-8"
+	drainBufSize         = 4096
+	explodeArchiveHeader = "X-Explode-Archive"
 )
 
 type putResponse struct {
@@ -44,17 +51,16 @@ func (pr *putResponse) encode(w io.Writer) error {
 
 // Upload handles multipart upload request.
 func (h *Handler) Upload(c *fasthttp.RequestCtx) {
-	var (
-		file  MultipartFile
-		idObj oid.ID
-		addr  oid.Address
-	)
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.Upload")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
+	var file MultipartFile
 
 	scid, _ := c.UserValue("cid").(string)
 	bodyStream := c.RequestBodyStream()
 	drainBuf := make([]byte, drainBufSize)
 
-	ctx := utils.GetContextFromRequest(c)
 	reqLog := utils.GetReqLogOrDefault(ctx, h.log)
 	log := reqLog.With(zap.String("cid", scid))
 
@@ -64,76 +70,84 @@ func (h *Handler) Upload(c *fasthttp.RequestCtx) {
 		return
 	}
 
-	defer func() {
-		// If the temporary reader can be closed - let's close it.
-		if file == nil {
-			return
-		}
-		err := file.Close()
-		log.Debug(
-			logs.CloseTemporaryMultipartFormFile,
-			zap.Stringer("address", addr),
-			zap.String("filename", file.FileName()),
-			zap.Error(err),
-		)
-	}()
-
 	boundary := string(c.Request.Header.MultipartFormBoundary())
 	if file, err = fetchMultipartFile(log, bodyStream, boundary); err != nil {
-		log.Error(logs.CouldNotReceiveMultipartForm, zap.Error(err))
-		response.Error(c, "could not receive multipart/form: "+err.Error(), fasthttp.StatusBadRequest)
+		log.Error(logs.CouldNotReceiveMultipartForm, zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not receive multipart/form: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
 	filtered, err := filterHeaders(log, &c.Request.Header)
 	if err != nil {
-		log.Error(logs.CouldNotProcessHeaders, zap.Error(err))
-		response.Error(c, err.Error(), fasthttp.StatusBadRequest)
+		log.Error(logs.FailedToFilterHeaders, zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
-	now := time.Now()
-	if rawHeader := c.Request.Header.Peek(fasthttp.HeaderDate); rawHeader != nil {
-		if parsed, err := time.Parse(http.TimeFormat, string(rawHeader)); err != nil {
-			log.Warn(logs.CouldNotParseClientTime, zap.String("Date header", string(rawHeader)), zap.Error(err))
-		} else {
-			now = parsed
+	if c.Request.Header.Peek(explodeArchiveHeader) != nil {
+		h.explodeArchive(request{c, log}, bktInfo, file, filtered)
+	} else {
+		h.uploadSingleObject(request{c, log}, bktInfo, file, filtered)
+	}
+
+	// Multipart is multipart and thus can contain more than one part which
+	// we ignore at the moment. Also, when dealing with chunked encoding
+	// the last zero-length chunk might be left unread (because multipart
+	// reader only cares about its boundary and doesn't look further) and
+	// it will be (erroneously) interpreted as the start of the next
+	// pipelined header. Thus, we need to drain the body buffer.
+	for {
+		_, err = bodyStream.Read(drainBuf)
+		if err == io.EOF || errors.Is(err, io.ErrUnexpectedEOF) {
+			break
 		}
 	}
+}
 
-	if err = utils.PrepareExpirationHeader(c, h.frostfs, filtered, now); err != nil {
-		log.Error(logs.CouldNotPrepareExpirationHeader, zap.Error(err))
-		response.Error(c, "could not prepare expiration header: "+err.Error(), fasthttp.StatusBadRequest)
+func (h *Handler) uploadSingleObject(req request, bkt *data.BucketInfo, file MultipartFile, filtered map[string]string) {
+	c, log := req.RequestCtx, req.log
+
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.uploadSingleObject")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
+	setIfNotExist(filtered, object.AttributeFileName, file.FileName())
+
+	attributes, err := h.extractAttributes(c, log, filtered)
+	if err != nil {
+		log.Error(logs.FailedToGetAttributes, zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not extract attributes: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
 
-	attributes := make([]object.Attribute, 0, len(filtered))
-	// prepares attributes from filtered headers
-	for key, val := range filtered {
-		attribute := object.NewAttribute()
-		attribute.SetKey(key)
-		attribute.SetValue(val)
-		attributes = append(attributes, *attribute)
+	idObj, err := h.uploadObject(c, bkt, attributes, file)
+	if err != nil {
+		h.handlePutFrostFSErr(c, err, log)
+		return
 	}
-	// sets FileName attribute if it wasn't set from header
-	if _, ok := filtered[object.AttributeFileName]; !ok {
-		filename := object.NewAttribute()
-		filename.SetKey(object.AttributeFileName)
-		filename.SetValue(file.FileName())
-		attributes = append(attributes, *filename)
-	}
-	// sets Timestamp attribute if it wasn't set from header and enabled by settings
-	if _, ok := filtered[object.AttributeTimestamp]; !ok && h.config.DefaultTimestamp() {
-		timestamp := object.NewAttribute()
-		timestamp.SetKey(object.AttributeTimestamp)
-		timestamp.SetValue(strconv.FormatInt(time.Now().Unix(), 10))
-		attributes = append(attributes, *timestamp)
+	log.Debug(logs.ObjectUploaded,
+		zap.String("oid", idObj.EncodeToString()),
+		zap.String("FileName", file.FileName()),
+		logs.TagField(logs.TagExternalStorage),
+	)
+
+	addr := newAddress(bkt.CID, idObj)
+	c.Response.Header.SetContentType(jsonHeader)
+	// Try to return the response, otherwise, if something went wrong, throw an error.
+	if err = newPutResponse(addr).encode(c); err != nil {
+		log.Error(logs.CouldNotEncodeResponse, zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not encode response", fasthttp.StatusBadRequest)
+		return
 	}
+}
+
+func (h *Handler) uploadObject(c *fasthttp.RequestCtx, bkt *data.BucketInfo, attrs []object.Attribute, file io.Reader) (oid.ID, error) {
+	ctx := utils.GetContextFromRequest(c)
 
 	obj := object.New()
-	obj.SetContainerID(bktInfo.CID)
+	obj.SetContainerID(bkt.CID)
 	obj.SetOwnerID(*h.ownerID)
-	obj.SetAttributes(attributes...)
+	obj.SetAttributes(attrs...)
 
 	prm := PrmObjectCreate{
 		PrmAuth: PrmAuth{
@@ -142,48 +156,135 @@ func (h *Handler) Upload(c *fasthttp.RequestCtx) {
 		Object:                 obj,
 		Payload:                file,
 		ClientCut:              h.config.ClientCut(),
-		WithoutHomomorphicHash: bktInfo.HomomorphicHashDisabled,
+		WithoutHomomorphicHash: bkt.HomomorphicHashDisabled,
 		BufferMaxSize:          h.config.BufferMaxSizeForPut(),
 	}
 
-	if idObj, err = h.frostfs.CreateObject(ctx, prm); err != nil {
-		h.handlePutFrostFSErr(c, err, log)
-		return
+	idObj, err := h.frostfs.CreateObject(ctx, prm)
+	if err != nil {
+		return oid.ID{}, err
 	}
 
-	addr.SetObject(idObj)
-	addr.SetContainer(bktInfo.CID)
+	return idObj, nil
+}
 
-	// Try to return the response, otherwise, if something went wrong, throw an error.
-	if err = newPutResponse(addr).encode(c); err != nil {
-		log.Error(logs.CouldNotEncodeResponse, zap.Error(err))
-		response.Error(c, "could not encode response", fasthttp.StatusBadRequest)
-
-		return
-	}
-	// Multipart is multipart and thus can contain more than one part which
-	// we ignore at the moment. Also, when dealing with chunked encoding
-	// the last zero-length chunk might be left unread (because multipart
-	// reader only cares about its boundary and doesn't look further) and
-	// it will be (erroneously) interpreted as the start of the next
-	// pipelined header. Thus we need to drain the body buffer.
-	for {
-		_, err = bodyStream.Read(drainBuf)
-		if err == io.EOF || err == io.ErrUnexpectedEOF {
-			break
+func (h *Handler) extractAttributes(c *fasthttp.RequestCtx, log *zap.Logger, filtered map[string]string) ([]object.Attribute, error) {
+	ctx := utils.GetContextFromRequest(c)
+	now := time.Now()
+	if rawHeader := c.Request.Header.Peek(fasthttp.HeaderDate); rawHeader != nil {
+		if parsed, err := time.Parse(http.TimeFormat, string(rawHeader)); err != nil {
+			log.Warn(logs.CouldNotParseClientTime, zap.String("Date header", string(rawHeader)), zap.Error(err),
+				logs.TagField(logs.TagDatapath))
+		} else {
+			now = parsed
 		}
 	}
-	// Report status code and content type.
-	c.Response.SetStatusCode(fasthttp.StatusOK)
-	c.Response.Header.SetContentType(jsonHeader)
+	if err := utils.PrepareExpirationHeader(ctx, h.frostfs, filtered, now); err != nil {
+		log.Error(logs.CouldNotPrepareExpirationHeader, zap.Error(err), logs.TagField(logs.TagDatapath))
+		return nil, err
+	}
+	attributes := make([]object.Attribute, 0, len(filtered))
+	// prepares attributes from filtered headers
+	for key, val := range filtered {
+		attribute := newAttribute(key, val)
+		attributes = append(attributes, attribute)
+	}
+	// sets Timestamp attribute if it wasn't set from header and enabled by settings
+	if _, ok := filtered[object.AttributeTimestamp]; !ok && h.config.DefaultTimestamp() {
+		timestamp := newAttribute(object.AttributeTimestamp, strconv.FormatInt(time.Now().Unix(), 10))
+		attributes = append(attributes, timestamp)
+	}
+
+	return attributes, nil
+}
+
+func newAttribute(key string, val string) object.Attribute {
+	attr := object.NewAttribute()
+	attr.SetKey(key)
+	attr.SetValue(val)
+	return *attr
+}
+
+// explodeArchive read files from archive and creates objects for each of them.
+// Sets FilePath attribute with name from tar.Header.
+func (h *Handler) explodeArchive(req request, bkt *data.BucketInfo, file io.ReadCloser, filtered map[string]string) {
+	c, log := req.RequestCtx, req.log
+
+	ctx, span := tracing.StartSpanFromContext(utils.GetContextFromRequest(c), "handler.explodeArchive")
+	defer span.End()
+	utils.SetContextToRequest(ctx, c)
+
+	// remove user attributes which vary for each file in archive
+	// to guarantee that they won't appear twice
+	delete(filtered, object.AttributeFileName)
+	delete(filtered, object.AttributeFilePath)
+
+	commonAttributes, err := h.extractAttributes(c, log, filtered)
+	if err != nil {
+		log.Error(logs.FailedToGetAttributes, zap.Error(err), logs.TagField(logs.TagDatapath))
+		ResponseError(c, "could not extract attributes: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+	attributes := commonAttributes
+
+	reader := file
+	if bytes.EqualFold(c.Request.Header.Peek(fasthttp.HeaderContentEncoding), []byte("gzip")) {
+		log.Debug(logs.GzipReaderSelected, logs.TagField(logs.TagDatapath))
+		gzipReader, err := gzip.NewReader(file)
+		if err != nil {
+			log.Error(logs.FailedToCreateGzipReader, zap.Error(err), logs.TagField(logs.TagDatapath))
+			ResponseError(c, "could read gzip file: "+err.Error(), fasthttp.StatusBadRequest)
+			return
+		}
+		defer func() {
+			if err := gzipReader.Close(); err != nil {
+				log.Warn(logs.FailedToCloseReader, zap.Error(err), logs.TagField(logs.TagDatapath))
+			}
+		}()
+		reader = gzipReader
+	}
+
+	tarReader := tar.NewReader(reader)
+	for {
+		obj, err := tarReader.Next()
+		if errors.Is(err, io.EOF) {
+			break
+		} else if err != nil {
+			log.Error(logs.FailedToReadFileFromTar, zap.Error(err), logs.TagField(logs.TagDatapath))
+			ResponseError(c, "could not get next entry: "+err.Error(), fasthttp.StatusBadRequest)
+			return
+		}
+
+		if isDir(obj.Name) {
+			continue
+		}
+
+		// set varying attributes
+		attributes = attributes[:len(commonAttributes)]
+		fileName := filepath.Base(obj.Name)
+		attributes = append(attributes, newAttribute(object.AttributeFilePath, obj.Name))
+		attributes = append(attributes, newAttribute(object.AttributeFileName, fileName))
+
+		idObj, err := h.uploadObject(c, bkt, attributes, tarReader)
+		if err != nil {
+			h.handlePutFrostFSErr(c, err, log)
+			return
+		}
+
+		log.Debug(logs.ObjectUploaded,
+			zap.String("oid", idObj.EncodeToString()),
+			zap.String("FileName", fileName),
+			logs.TagField(logs.TagExternalStorage),
+		)
+	}
 }
 
 func (h *Handler) handlePutFrostFSErr(r *fasthttp.RequestCtx, err error, log *zap.Logger) {
-	statusCode, msg, additionalFields := response.FormErrorResponse("could not store file in frostfs", err)
+	statusCode, msg, additionalFields := formErrorResponse("could not store file in frostfs", err)
 	logFields := append([]zap.Field{zap.Error(err)}, additionalFields...)
 
-	log.Error(logs.CouldNotStoreFileInFrostfs, logFields...)
-	response.Error(r, msg, statusCode)
+	log.Error(logs.CouldNotStoreFileInFrostfs, append(logFields, logs.TagField(logs.TagExternalStorage))...)
+	ResponseError(r, msg, statusCode)
 }
 
 func (h *Handler) fetchBearerToken(ctx context.Context) *bearer.Token {

internal/handler/utils.go

@@ -2,14 +2,16 @@ package handler
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"strings"
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	sdkstatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -22,16 +24,23 @@ type request struct {
 	log *zap.Logger
 }
 
+func newRequest(ctx *fasthttp.RequestCtx, log *zap.Logger) request {
+	return request{
+		RequestCtx: ctx,
+		log:        log,
+	}
+}
+
 func (r *request) handleFrostFSErr(err error, start time.Time) {
 	logFields := []zap.Field{
 		zap.Stringer("elapsed", time.Since(start)),
 		zap.Error(err),
 	}
-	statusCode, msg, additionalFields := response.FormErrorResponse("could not receive object", err)
+	statusCode, msg, additionalFields := formErrorResponse("could not receive object", err)
 	logFields = append(logFields, additionalFields...)
 
-	r.log.Error(logs.CouldNotReceiveObject, logFields...)
-	response.Error(r.RequestCtx, msg, statusCode)
+	r.log.Error(logs.CouldNotReceiveObject, append(logFields, logs.TagField(logs.TagExternalStorage))...)
+	ResponseError(r.RequestCtx, msg, statusCode)
 }
 
 func bearerToken(ctx context.Context) *bearer.Token {
@@ -76,13 +85,13 @@ func isValidValue(s string) bool {
 }
 
 func logAndSendBucketError(c *fasthttp.RequestCtx, log *zap.Logger, err error) {
-	log.Error(logs.CouldntGetBucket, zap.Error(err))
+	log.Error(logs.CouldNotGetBucket, zap.Error(err), logs.TagField(logs.TagDatapath))
 
 	if client.IsErrContainerNotFound(err) {
-		response.Error(c, "Not Found", fasthttp.StatusNotFound)
+		ResponseError(c, "Not Found", fasthttp.StatusNotFound)
 		return
 	}
-	response.Error(c, "could not get bucket: "+err.Error(), fasthttp.StatusBadRequest)
+	ResponseError(c, "could not get bucket: "+err.Error(), fasthttp.StatusBadRequest)
 }
 
 func newAddress(cnr cid.ID, obj oid.ID) oid.Address {
@@ -91,3 +100,43 @@ func newAddress(cnr cid.ID, obj oid.ID) oid.Address {
 	addr.SetObject(obj)
 	return addr
 }
+
+// setIfNotExist sets key value to map if key is not present yet.
+func setIfNotExist(m map[string]string, key, value string) {
+	if _, ok := m[key]; !ok {
+		m[key] = value
+	}
+}
+
+func ResponseError(r *fasthttp.RequestCtx, msg string, code int) {
+	r.Error(msg+"\n", code)
+}
+
+func formErrorResponse(message string, err error) (int, string, []zap.Field) {
+	var (
+		msg        string
+		statusCode int
+		logFields  []zap.Field
+	)
+
+	st := new(sdkstatus.ObjectAccessDenied)
+
+	switch {
+	case errors.As(err, &st):
+		statusCode = fasthttp.StatusForbidden
+		reason := st.Reason()
+		msg = fmt.Sprintf("%s: %v: %s", message, err, reason)
+		logFields = append(logFields, zap.String("error_detail", reason))
+	case errors.Is(err, ErrQuotaLimitReached):
+		statusCode = fasthttp.StatusConflict
+		msg = fmt.Sprintf("%s: %v", message, err)
+	case client.IsErrObjectNotFound(err) || client.IsErrContainerNotFound(err):
+		statusCode = fasthttp.StatusNotFound
+		msg = "Not Found"
+	default:
+		statusCode = fasthttp.StatusBadRequest
+		msg = fmt.Sprintf("%s: %v", message, err)
+	}
+
+	return statusCode, msg, logFields
+}

internal/logs/logs.go

@@ -1,96 +1,131 @@
 package logs
 
+import "go.uber.org/zap"
+
 const (
-	CouldntParseCreationDate                                              = "couldn't parse creation date"                                                           // Info in ../../downloader/*
-	CouldNotDetectContentTypeFromPayload                                  = "could not detect Content-Type from payload"                                             // Error in ../../downloader/download.go
-	CouldNotReceiveObject                                                 = "could not receive object"                                                               // Error in ../../downloader/download.go
-	WrongObjectID                                                         = "wrong object id"                                                                        // Error in ../../downloader/download.go
-	GetLatestObjectVersion                                                = "get latest object version"                                                              // Error in ../../downloader/download.go
-	ObjectWasDeleted                                                      = "object was deleted"                                                                     // Error in ../../downloader/download.go
-	CouldNotSearchForObjects                                              = "could not search for objects"                                                           // Error in ../../downloader/download.go
-	ObjectNotFound                                                        = "object not found"                                                                       // Error in ../../downloader/download.go
-	ReadObjectListFailed                                                  = "read object list failed"                                                                // Error in ../../downloader/download.go
-	FailedToAddObjectToArchive                                            = "failed to add object to archive"                                                        // Error in ../../downloader/download.go
-	IteratingOverSelectedObjectsFailed                                    = "iterating over selected objects failed"                                                 // Error in ../../downloader/download.go
-	ObjectsNotFound                                                       = "objects not found"                                                                      // Error in ../../downloader/download.go
-	CloseZipWriter                                                        = "close zip writer"                                                                       // Error in ../../downloader/download.go
-	ServiceIsRunning                                                      = "service is running"                                                                     // Info in ../../metrics/service.go
-	ServiceCouldntStartOnConfiguredPort                                   = "service couldn't start on configured port"                                              // Warn in ../../metrics/service.go
-	ServiceHasntStartedSinceItsDisabled                                   = "service hasn't started since it's disabled"                                             // Info in ../../metrics/service.go
-	ShuttingDownService                                                   = "shutting down service"                                                                  // Info in ../../metrics/service.go
-	CantShutDownService                                                   = "can't shut down service"                                                                // Panic in ../../metrics/service.go
-	CantGracefullyShutDownService                                         = "can't gracefully shut down service, force stop"                                         // Error in ../../metrics/service.go
-	IgnorePartEmptyFormName                                               = "ignore part, empty form name"                                                           // Debug in ../../uploader/upload.go
-	IgnorePartEmptyFilename                                               = "ignore part, empty filename"                                                            // Debug in ../../uploader/upload.go
-	CloseTemporaryMultipartFormFile                                       = "close temporary multipart/form file"                                                    // Debug in ../../uploader/upload.go
-	CouldNotReceiveMultipartForm                                          = "could not receive multipart/form"                                                       // Error in ../../uploader/upload.go
-	CouldNotProcessHeaders                                                = "could not process headers"                                                              // Error in ../../uploader/upload.go
-	CouldNotParseClientTime                                               = "could not parse client time"                                                            // Warn in ../../uploader/upload.go
-	CouldNotPrepareExpirationHeader                                       = "could not prepare expiration header"                                                    // Error in ../../uploader/upload.go
-	CouldNotEncodeResponse                                                = "could not encode response"                                                              // Error in ../../uploader/upload.go
-	CouldNotStoreFileInFrostfs                                            = "could not store file in frostfs"                                                        // Error in ../../uploader/upload.go
-	AddAttributeToResultObject                                            = "add attribute to result object"                                                         // Debug in ../../uploader/filter.go
-	FailedToCreateResolver                                                = "failed to create resolver"                                                              // Fatal in ../../app.go
-	FailedToCreateWorkerPool                                              = "failed to create worker pool"                                                           // Fatal in ../../app.go
-	FailedToReadIndexPageTemplate                                         = "failed to read index page template"                                                     // Error in ../../app.go
-	SetCustomIndexPageTemplate                                            = "set custom index page template"                                                         // Info in ../../app.go
-	ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty = "container resolver will be disabled because of resolvers 'resolver_order' is empty"     // Info in ../../app.go
-	MetricsAreDisabled                                                    = "metrics are disabled"                                                                   // Warn in ../../app.go
-	NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun      = "no wallet path specified, creating ephemeral key automatically for this run"            // Info in ../../app.go
-	StartingApplication                                                   = "starting application"                                                                   // Info in ../../app.go
-	StartingServer                                                        = "starting server"                                                                        // Info in ../../app.go
-	ListenAndServe                                                        = "listen and serve"                                                                       // Fatal in ../../app.go
-	ShuttingDownWebServer                                                 = "shutting down web server"                                                               // Info in ../../app.go
-	FailedToShutdownTracing                                               = "failed to shutdown tracing"                                                             // Warn in ../../app.go
-	SIGHUPConfigReloadStarted                                             = "SIGHUP config reload started"                                                           // Info in ../../app.go
-	FailedToReloadConfigBecauseItsMissed                                  = "failed to reload config because it's missed"                                            // Warn in ../../app.go
-	FailedToReloadConfig                                                  = "failed to reload config"                                                                // Warn in ../../app.go
-	LogLevelWontBeUpdated                                                 = "log level won't be updated"                                                             // Warn in ../../app.go
-	FailedToUpdateResolvers                                               = "failed to update resolvers"                                                             // Warn in ../../app.go
-	FailedToReloadServerParameters                                        = "failed to reload server parameters"                                                     // Warn in ../../app.go
-	SIGHUPConfigReloadCompleted                                           = "SIGHUP config reload completed"                                                         // Info in ../../app.go
-	AddedPathUploadCid                                                    = "added path /upload/{cid}"                                                               // Info in ../../app.go
-	AddedPathGetCidOid                                                    = "added path /get/{cid}/{oid}"                                                            // Info in ../../app.go
-	AddedPathGetByAttributeCidAttrKeyAttrVal                              = "added path /get_by_attribute/{cid}/{attr_key}/{attr_val:*}"                             // Info in ../../app.go
-	AddedPathZipCidPrefix                                                 = "added path /zip/{cid}/{prefix}"                                                         // Info in ../../app.go
-	Request                                                               = "request"                                                                                // Info in ../../app.go
-	CouldNotFetchAndStoreBearerToken                                      = "could not fetch and store bearer token"                                                 // Error in ../../app.go
-	FailedToAddServer                                                     = "failed to add server"                                                                   // Warn in ../../app.go
-	AddServer                                                             = "add server"                                                                             // Info in ../../app.go
-	NoHealthyServers                                                      = "no healthy servers"                                                                     // Fatal in ../../app.go
-	FailedToInitializeTracing                                             = "failed to initialize tracing"                                                           // Warn in ../../app.go
-	TracingConfigUpdated                                                  = "tracing config updated"                                                                 // Info in ../../app.go
-	ResolverNNSWontBeUsedSinceRPCEndpointIsntProvided                     = "resolver nns won't be used since rpc_endpoint isn't provided"                           // Warn in ../../app.go
-	RuntimeSoftMemoryDefinedWithGOMEMLIMIT                                = "soft runtime memory defined with GOMEMLIMIT environment variable, config value skipped" // Warn in ../../app.go
-	RuntimeSoftMemoryLimitUpdated                                         = "soft runtime memory limit value updated"                                                // Info in ../../app.go
-	CouldNotLoadFrostFSPrivateKey                                         = "could not load FrostFS private key"                                                     // Fatal in ../../settings.go
-	UsingCredentials                                                      = "using credentials"                                                                      // Info in ../../settings.go
-	FailedToCreateConnectionPool                                          = "failed to create connection pool"                                                       // Fatal in ../../settings.go
-	FailedToDialConnectionPool                                            = "failed to dial connection pool"                                                         // Fatal in ../../settings.go
-	FailedToCreateTreePool                                                = "failed to create tree pool"                                                             // Fatal in ../../settings.go
-	FailedToDialTreePool                                                  = "failed to dial tree pool"                                                               // Fatal in ../../settings.go
-	AddedStoragePeer                                                      = "added storage peer"                                                                     // Info in ../../settings.go
-	CouldntGetBucket                                                      = "could not get bucket"                                                                   // Error in ../handler/utils.go
-	CouldntPutBucketIntoCache                                             = "couldn't put bucket info into cache"                                                    // Warn in ../handler/handler.go
-	FailedToSumbitTaskToPool                                              = "failed to submit task to pool"                                                          // Error in ../handler/browse.go
-	FailedToHeadObject                                                    = "failed to head object"                                                                  // Error in ../handler/browse.go
-	FailedToIterateOverResponse                                           = "failed to iterate over search response"                                                 // Error in ../handler/browse.go
-	InvalidCacheEntryType                                                 = "invalid cache entry type"                                                               // Warn in ../cache/buckets.go
-	InvalidLifetimeUsingDefaultValue                                      = "invalid lifetime, using default value (in seconds)"                                     // Error in ../../cmd/http-gw/settings.go
-	InvalidCacheSizeUsingDefaultValue                                     = "invalid cache size, using default value"                                                // Error in ../../cmd/http-gw/settings.go
-	FailedToUnescapeQuery                                                 = "failed to unescape query"
-	FailedToParseAddressInTreeNode                                        = "failed to parse object addr in tree node"
-	SettingsNodeInvalidOwnerKey                                           = "settings node: invalid owner key"
-	SystemNodeHasMultipleIDs                                              = "system node has multiple ids"
-	FailedToRemoveOldSystemNode                                           = "failed to remove old system node"
-	BucketSettingsNodeHasMultipleIDs                                      = "bucket settings node has multiple ids"
+	TagFieldName = "tag"
+
+	TagApp                 = "app"
+	TagDatapath            = "datapath"
+	TagExternalStorage     = "external_storage"
+	TagExternalStorageTree = "external_storage_tree"
+)
+
+func TagField(tag string) zap.Field {
+	return zap.String(TagFieldName, tag)
+}
+
+// Log messages with the "app" tag.
+const (
+	ServiceIsRunning                                                      = "service is running"
+	ServiceCouldntStartOnConfiguredPort                                   = "service couldn't start on configured port"
+	ServiceHasntStartedSinceItsDisabled                                   = "service hasn't started since it's disabled"
+	ShuttingDownService                                                   = "shutting down service"
+	CantShutDownService                                                   = "can't shut down service"
+	CantGracefullyShutDownService                                         = "can't gracefully shut down service, force stop"
+	FailedToCreateResolver                                                = "failed to create resolver"
+	FailedToCreateWorkerPool                                              = "failed to create worker pool"
+	StartingApplication                                                   = "starting application"
+	StartingServer                                                        = "starting server"
+	ListenAndServe                                                        = "listen and serve"
+	ShuttingDownWebServer                                                 = "shutting down web server"
+	FailedToShutdownTracing                                               = "failed to shutdown tracing"
+	AddedPathUploadCid                                                    = "added path /upload/{cid}"
+	AddedPathGetCidOid                                                    = "added path /get/{cid}/{oid}"
+	AddedPathGetByAttributeCidAttrKeyAttrVal                              = "added path /get_by_attribute/{cid}/{attr_key}/{attr_val:*}"
+	AddedPathZipCidPrefix                                                 = "added path /zip/{cid}/{prefix}"
+	FailedToAddServer                                                     = "failed to add server"
+	AddServer                                                             = "add server"
+	NoHealthyServers                                                      = "no healthy servers"
+	FailedToInitializeTracing                                             = "failed to initialize tracing"
+	RuntimeSoftMemoryDefinedWithGOMEMLIMIT                                = "soft runtime memory defined with GOMEMLIMIT environment variable, config value skipped"
+	RuntimeSoftMemoryLimitUpdated                                         = "soft runtime memory limit value updated"
+	CouldNotLoadFrostFSPrivateKey                                         = "could not load FrostFS private key"
+	UsingCredentials                                                      = "using credentials"
+	FailedToCreateConnectionPool                                          = "failed to create connection pool"
+	FailedToDialConnectionPool                                            = "failed to dial connection pool"
+	FailedToCreateTreePool                                                = "failed to create tree pool"
+	FailedToDialTreePool                                                  = "failed to dial tree pool"
 	ServerReconnecting                                                    = "reconnecting server..."
 	ServerReconnectedSuccessfully                                         = "server reconnected successfully"
 	ServerReconnectFailed                                                 = "failed to reconnect server"
-	WarnDuplicateAddress                                                  = "duplicate address"
 	MultinetDialSuccess                                                   = "multinet dial successful"
 	MultinetDialFail                                                      = "multinet dial failed"
+	ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty = "container resolver will be disabled because of resolvers 'resolver_order' is empty"
+	MetricsAreDisabled                                                    = "metrics are disabled"
+	NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun      = "no wallet path specified, creating ephemeral key automatically for this run"
+	SIGHUPConfigReloadStarted                                             = "SIGHUP config reload started"
+	FailedToReloadConfigBecauseItsMissed                                  = "failed to reload config because it's missed"
+	FailedToReloadConfig                                                  = "failed to reload config"
+	FailedToUpdateResolvers                                               = "failed to update resolvers"
+	FailedToReloadServerParameters                                        = "failed to reload server parameters"
+	SIGHUPConfigReloadCompleted                                           = "SIGHUP config reload completed"
+	TracingConfigUpdated                                                  = "tracing config updated"
+	ResolverNNSWontBeUsedSinceRPCEndpointIsntProvided                     = "resolver nns won't be used since rpc_endpoint isn't provided"
+	AddedStoragePeer                                                      = "added storage peer"
+	InvalidLifetimeUsingDefaultValue                                      = "invalid lifetime, using default value (in seconds)"
+	InvalidCacheSizeUsingDefaultValue                                     = "invalid cache size, using default value"
+	WarnDuplicateAddress                                                  = "duplicate address"
 	FailedToLoadMultinetConfig                                            = "failed to load multinet config"
 	MultinetConfigWontBeUpdated                                           = "multinet config won't be updated"
-	ObjectNotFoundByFilePathTrySearchByFileName                           = "object not found by filePath attribute, try search by fileName"
+	LogLevelWontBeUpdated                                                 = "log level won't be updated"
+	TagsLogConfigWontBeUpdated                                            = "tags log config won't be updated"
+	FailedToReadIndexPageTemplate                                         = "failed to read index page template"
+	SetCustomIndexPageTemplate                                            = "set custom index page template"
+)
+
+// Log messages with the "datapath" tag.
+const (
+	CouldntParseCreationDate             = "couldn't parse creation date"
+	CouldNotDetectContentTypeFromPayload = "could not detect Content-Type from payload"
+	FailedToAddObjectToArchive           = "failed to add object to archive"
+	CloseZipWriter                       = "close zip writer"
+	IgnorePartEmptyFormName              = "ignore part, empty form name"
+	IgnorePartEmptyFilename              = "ignore part, empty filename"
+	CouldNotParseClientTime              = "could not parse client time"
+	CouldNotPrepareExpirationHeader      = "could not prepare expiration header"
+	CouldNotEncodeResponse               = "could not encode response"
+	AddAttributeToResultObject           = "add attribute to result object"
+	Request                              = "request"
+	CouldNotFetchAndStoreBearerToken     = "could not fetch and store bearer token"
+	CouldntPutBucketIntoCache            = "couldn't put bucket info into cache"
+	FailedToIterateOverResponse          = "failed to iterate over search response"
+	InvalidCacheEntryType                = "invalid cache entry type"
+	FailedToUnescapeQuery                = "failed to unescape query"
+	CouldntCacheNetmap                   = "couldn't cache netmap"
+	FailedToCloseReader                  = "failed to close reader"
+	FailedToFilterHeaders                = "failed to filter headers"
+	FailedToReadFileFromTar              = "failed to read file from tar"
+	FailedToGetAttributes                = "failed to get attributes"
+	CloseGzipWriter                      = "close gzip writer"
+	CloseTarWriter                       = "close tar writer"
+	FailedToCreateGzipReader             = "failed to create gzip reader"
+	GzipReaderSelected                   = "gzip reader selected"
+	CouldNotReceiveMultipartForm         = "could not receive multipart/form"
+	ObjectsNotFound                      = "objects not found"
+	IteratingOverSelectedObjectsFailed   = "iterating over selected objects failed"
+	CouldNotGetBucket                    = "could not get bucket"
+	CouldNotResolveContainerID           = "could not resolve container id"
+	FailedToSumbitTaskToPool             = "failed to submit task to pool"
+)
+
+// Log messages with the "external_storage" tag.
+const (
+	CouldNotReceiveObject                       = "could not receive object"
+	CouldNotSearchForObjects                    = "could not search for objects"
+	ObjectNotFound                              = "object not found"
+	ReadObjectListFailed                        = "read object list failed"
+	CouldNotStoreFileInFrostfs                  = "could not store file in frostfs"
+	FailedToHeadObject                          = "failed to head object"
+	ObjectNotFoundByFilePathTrySearchByFileName = "object not found by filePath attribute, try search by fileName"
+	FailedToGetObject                           = "failed to get object"
+	ObjectUploaded                              = "object uploaded"
+	CouldNotGetContainerInfo                    = "could not get container info"
+)
+
+// Log messages with the "external_storage_tree" tag.
+const (
+	ObjectWasDeleted                 = "object was deleted"
+	FailedToGetLatestVersionOfObject = "failed to get latest version of object"
+	FailedToCheckIfSettingsNodeExist = "Failed to check if settings node exists"
 )

internal/net/event_handler.go

@@ -17,9 +17,11 @@ func (l LogEventHandler) DialPerformed(sourceIP net.Addr, _, address string, err
 		sourceIPString = sourceIP.Network() + "://" + sourceIP.String()
 	}
 	if err == nil {
-		l.logger.Debug(logs.MultinetDialSuccess, zap.String("source", sourceIPString), zap.String("destination", address))
+		l.logger.Debug(logs.MultinetDialSuccess, zap.String("source", sourceIPString),
+			zap.String("destination", address), logs.TagField(logs.TagApp))
 	} else {
-		l.logger.Debug(logs.MultinetDialFail, zap.String("source", sourceIPString), zap.String("destination", address), zap.Error(err))
+		l.logger.Debug(logs.MultinetDialFail, zap.String("source", sourceIPString),
+			zap.String("destination", address), logs.TagField(logs.TagApp))
 	}
 }
 

internal/service/frostfs/frostfs.go

@@ -9,8 +9,11 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
+	qostagging "git.frostfs.info/TrueCloudLab/frostfs-qos/tagging"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
@@ -18,6 +21,8 @@ import (
 	"google.golang.org/grpc/status"
 )
 
+const clientIOTag = "client"
+
 // FrostFS represents virtual connection to the FrostFS network.
 // It is used to provide an interface to dependent packages
 // which work with FrostFS.
@@ -34,6 +39,9 @@ func NewFrostFS(p *pool.Pool) *FrostFS {
 
 // Container implements frostfs.FrostFS interface method.
 func (x *FrostFS) Container(ctx context.Context, containerPrm handler.PrmContainer) (*container.Container, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.Container")
+	defer span.End()
+
 	prm := pool.PrmContainerGet{
 		ContainerID: containerPrm.ContainerID,
 	}
@@ -48,6 +56,9 @@ func (x *FrostFS) Container(ctx context.Context, containerPrm handler.PrmContain
 
 // CreateObject implements frostfs.FrostFS interface method.
 func (x *FrostFS) CreateObject(ctx context.Context, prm handler.PrmObjectCreate) (oid.ID, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.CreateObject")
+	defer span.End()
+
 	var prmPut pool.PrmObjectPut
 	prmPut.SetHeader(*prm.Object)
 	prmPut.SetPayload(prm.Payload)
@@ -59,7 +70,7 @@ func (x *FrostFS) CreateObject(ctx context.Context, prm handler.PrmObjectCreate)
 		prmPut.UseBearer(*prm.BearerToken)
 	}
 
-	idObj, err := x.pool.PutObject(ctx, prmPut)
+	idObj, err := x.pool.PutObject(qostagging.ContextWithIOTag(ctx, clientIOTag), prmPut)
 	if err != nil {
 		return oid.ID{}, handleObjectError("save object via connection pool", err)
 	}
@@ -82,6 +93,9 @@ func (x payloadReader) Read(p []byte) (int, error) {
 
 // HeadObject implements frostfs.FrostFS interface method.
 func (x *FrostFS) HeadObject(ctx context.Context, prm handler.PrmObjectHead) (*object.Object, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.HeadObject")
+	defer span.End()
+
 	var prmHead pool.PrmObjectHead
 	prmHead.SetAddress(prm.Address)
 
@@ -89,7 +103,7 @@ func (x *FrostFS) HeadObject(ctx context.Context, prm handler.PrmObjectHead) (*o
 		prmHead.UseBearer(*prm.BearerToken)
 	}
 
-	res, err := x.pool.HeadObject(ctx, prmHead)
+	res, err := x.pool.HeadObject(qostagging.ContextWithIOTag(ctx, clientIOTag), prmHead)
 	if err != nil {
 		return nil, handleObjectError("read object header via connection pool", err)
 	}
@@ -99,6 +113,9 @@ func (x *FrostFS) HeadObject(ctx context.Context, prm handler.PrmObjectHead) (*o
 
 // GetObject implements frostfs.FrostFS interface method.
 func (x *FrostFS) GetObject(ctx context.Context, prm handler.PrmObjectGet) (*handler.Object, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.GetObject")
+	defer span.End()
+
 	var prmGet pool.PrmObjectGet
 	prmGet.SetAddress(prm.Address)
 
@@ -106,7 +123,7 @@ func (x *FrostFS) GetObject(ctx context.Context, prm handler.PrmObjectGet) (*han
 		prmGet.UseBearer(*prm.BearerToken)
 	}
 
-	res, err := x.pool.GetObject(ctx, prmGet)
+	res, err := x.pool.GetObject(qostagging.ContextWithIOTag(ctx, clientIOTag), prmGet)
 	if err != nil {
 		return nil, handleObjectError("init full object reading via connection pool", err)
 	}
@@ -119,6 +136,9 @@ func (x *FrostFS) GetObject(ctx context.Context, prm handler.PrmObjectGet) (*han
 
 // RangeObject implements frostfs.FrostFS interface method.
 func (x *FrostFS) RangeObject(ctx context.Context, prm handler.PrmObjectRange) (io.ReadCloser, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.RangeObject")
+	defer span.End()
+
 	var prmRange pool.PrmObjectRange
 	prmRange.SetAddress(prm.Address)
 	prmRange.SetOffset(prm.PayloadRange[0])
@@ -128,7 +148,7 @@ func (x *FrostFS) RangeObject(ctx context.Context, prm handler.PrmObjectRange) (
 		prmRange.UseBearer(*prm.BearerToken)
 	}
 
-	res, err := x.pool.ObjectRange(ctx, prmRange)
+	res, err := x.pool.ObjectRange(qostagging.ContextWithIOTag(ctx, clientIOTag), prmRange)
 	if err != nil {
 		return nil, handleObjectError("init payload range reading via connection pool", err)
 	}
@@ -138,6 +158,9 @@ func (x *FrostFS) RangeObject(ctx context.Context, prm handler.PrmObjectRange) (
 
 // SearchObjects implements frostfs.FrostFS interface method.
 func (x *FrostFS) SearchObjects(ctx context.Context, prm handler.PrmObjectSearch) (handler.ResObjectSearch, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.SearchObjects")
+	defer span.End()
+
 	var prmSearch pool.PrmObjectSearch
 	prmSearch.SetContainerID(prm.Container)
 	prmSearch.SetFilters(prm.Filters)
@@ -146,7 +169,7 @@ func (x *FrostFS) SearchObjects(ctx context.Context, prm handler.PrmObjectSearch
 		prmSearch.UseBearer(*prm.BearerToken)
 	}
 
-	res, err := x.pool.SearchObjects(ctx, prmSearch)
+	res, err := x.pool.SearchObjects(qostagging.ContextWithIOTag(ctx, clientIOTag), prmSearch)
 	if err != nil {
 		return nil, handleObjectError("init object search via connection pool", err)
 	}
@@ -156,6 +179,9 @@ func (x *FrostFS) SearchObjects(ctx context.Context, prm handler.PrmObjectSearch
 
 // GetEpochDurations implements frostfs.FrostFS interface method.
 func (x *FrostFS) GetEpochDurations(ctx context.Context) (*utils.EpochDurations, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.GetEpochDurations")
+	defer span.End()
+
 	networkInfo, err := x.pool.NetworkInfo(ctx)
 	if err != nil {
 		return nil, err
@@ -173,6 +199,18 @@ func (x *FrostFS) GetEpochDurations(ctx context.Context) (*utils.EpochDurations,
 	return res, nil
 }
 
+func (x *FrostFS) NetmapSnapshot(ctx context.Context) (netmap.NetMap, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.NetmapSnapshot")
+	defer span.End()
+
+	netmapSnapshot, err := x.pool.NetMapSnapshot(ctx)
+	if err != nil {
+		return netmapSnapshot, handleObjectError("get netmap via connection pool", err)
+	}
+
+	return netmapSnapshot, nil
+}
+
 // ResolverFrostFS represents virtual connection to the FrostFS network.
 // It implements resolver.FrostFS.
 type ResolverFrostFS struct {
@@ -186,6 +224,9 @@ func NewResolverFrostFS(p *pool.Pool) *ResolverFrostFS {
 
 // SystemDNS implements resolver.FrostFS interface method.
 func (x *ResolverFrostFS) SystemDNS(ctx context.Context) (string, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.SystemDNS")
+	defer span.End()
+
 	networkInfo, err := x.pool.NetworkInfo(ctx)
 	if err != nil {
 		return "", handleObjectError("read network info via client", err)
@@ -205,6 +246,10 @@ func handleObjectError(msg string, err error) error {
 	}
 
 	if reason, ok := IsErrObjectAccessDenied(err); ok {
+		if strings.Contains(reason, "limit reached") {
+			return fmt.Errorf("%s: %w: %s", msg, handler.ErrQuotaLimitReached, reason)
+		}
+
 		return fmt.Errorf("%s: %w: %s", msg, handler.ErrAccessDenied, reason)
 	}
 

internal/service/frostfs/frostfs_test.go

@@ -0,0 +1,83 @@
+package frostfs
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"testing"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func TestHandleObjectError(t *testing.T) {
+	msg := "some msg"
+
+	t.Run("nil error", func(t *testing.T) {
+		err := handleObjectError(msg, nil)
+		require.Nil(t, err)
+	})
+
+	t.Run("simple access denied", func(t *testing.T) {
+		reason := "some reason"
+		inputErr := new(apistatus.ObjectAccessDenied)
+		inputErr.WriteReason(reason)
+
+		err := handleObjectError(msg, inputErr)
+		require.ErrorIs(t, err, handler.ErrAccessDenied)
+		require.Contains(t, err.Error(), reason)
+		require.Contains(t, err.Error(), msg)
+	})
+
+	t.Run("access denied - quota reached", func(t *testing.T) {
+		reason := "Quota limit reached"
+		inputErr := new(apistatus.ObjectAccessDenied)
+		inputErr.WriteReason(reason)
+
+		err := handleObjectError(msg, inputErr)
+		require.ErrorIs(t, err, handler.ErrQuotaLimitReached)
+		require.Contains(t, err.Error(), reason)
+		require.Contains(t, err.Error(), msg)
+	})
+
+	t.Run("simple timeout", func(t *testing.T) {
+		inputErr := errors.New("timeout")
+
+		err := handleObjectError(msg, inputErr)
+		require.ErrorIs(t, err, handler.ErrGatewayTimeout)
+		require.Contains(t, err.Error(), inputErr.Error())
+		require.Contains(t, err.Error(), msg)
+	})
+
+	t.Run("deadline exceeded", func(t *testing.T) {
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Millisecond)
+		defer cancel()
+		<-ctx.Done()
+
+		err := handleObjectError(msg, ctx.Err())
+		require.ErrorIs(t, err, handler.ErrGatewayTimeout)
+		require.Contains(t, err.Error(), ctx.Err().Error())
+		require.Contains(t, err.Error(), msg)
+	})
+
+	t.Run("grpc deadline exceeded", func(t *testing.T) {
+		inputErr := fmt.Errorf("wrap grpc error: %w", status.Error(codes.DeadlineExceeded, "error"))
+
+		err := handleObjectError(msg, inputErr)
+		require.ErrorIs(t, err, handler.ErrGatewayTimeout)
+		require.Contains(t, err.Error(), inputErr.Error())
+		require.Contains(t, err.Error(), msg)
+	})
+
+	t.Run("unknown error", func(t *testing.T) {
+		inputErr := errors.New("unknown error")
+
+		err := handleObjectError(msg, inputErr)
+		require.ErrorIs(t, err, inputErr)
+		require.Contains(t, err.Error(), msg)
+	})
+}

internal/service/frostfs/multi_object_reader.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
 
@@ -74,6 +75,9 @@ var (
 )
 
 func (x *FrostFS) InitMultiObjectReader(ctx context.Context, p handler.PrmInitMultiObjectReader) (io.Reader, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.InitMultiObjectReader")
+	defer span.End()
+
 	combinedObj, err := x.GetObject(ctx, handler.PrmObjectGet{
 		PrmAuth: handler.PrmAuth{BearerToken: p.Bearer},
 		Address: p.Addr,
@@ -215,6 +219,9 @@ func (x *MultiObjectReader) Read(p []byte) (n int, err error) {
 // InitFrostFSObjectPayloadReader initializes payload reader of the FrostFS object.
 // Zero range corresponds to full payload (panics if only offset is set).
 func (x *FrostFS) InitFrostFSObjectPayloadReader(ctx context.Context, p GetFrostFSParams) (io.ReadCloser, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.InitFrostFSObjectPayloadReader")
+	defer span.End()
+
 	var prmAuth handler.PrmAuth
 
 	if p.Off+p.Ln != 0 {

internal/service/frostfs/source.go

@@ -0,0 +1,69 @@
+package frostfs
+
+import (
+	"context"
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"go.uber.org/zap"
+)
+
+type Source struct {
+	frostFS     *FrostFS
+	netmapCache *cache.NetmapCache
+	bucketCache *cache.BucketCache
+	log         *zap.Logger
+}
+
+func NewSource(frostFS *FrostFS, netmapCache *cache.NetmapCache, bucketCache *cache.BucketCache, log *zap.Logger) *Source {
+	return &Source{
+		frostFS:     frostFS,
+		netmapCache: netmapCache,
+		bucketCache: bucketCache,
+		log:         log,
+	}
+}
+
+func (s *Source) NetMapSnapshot(ctx context.Context) (netmap.NetMap, error) {
+	cachedNetmap := s.netmapCache.Get()
+	if cachedNetmap != nil {
+		return *cachedNetmap, nil
+	}
+
+	netmapSnapshot, err := s.frostFS.NetmapSnapshot(ctx)
+	if err != nil {
+		return netmap.NetMap{}, fmt.Errorf("get netmap: %w", err)
+	}
+
+	if err = s.netmapCache.Put(netmapSnapshot); err != nil {
+		s.log.Warn(logs.CouldntCacheNetmap, zap.Error(err), logs.TagField(logs.TagDatapath))
+	}
+
+	return netmapSnapshot, nil
+}
+
+func (s *Source) PlacementPolicy(ctx context.Context, cnrID cid.ID) (netmap.PlacementPolicy, error) {
+	info := s.bucketCache.GetByCID(cnrID)
+	if info != nil {
+		return info.PlacementPolicy, nil
+	}
+
+	prm := handler.PrmContainer{
+		ContainerID: cnrID,
+	}
+	res, err := s.frostFS.Container(ctx, prm)
+	if err != nil {
+		return netmap.PlacementPolicy{}, fmt.Errorf("get container: %w", err)
+	}
+
+	// We don't put container back to the cache to keep cache
+	// coherent to the requests made by users. FrostFS Source
+	// is being used by SDK Tree Pool and it should not fill cache
+	// with possibly irrelevant container values.
+
+	return res.PlacementPolicy(), nil
+}

internal/service/frostfs/tree_pool_wrapper.go

@@ -9,6 +9,8 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
+	qostagging "git.frostfs.info/TrueCloudLab/frostfs-qos/tagging"
 	apitree "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/tree"
 	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
 )
@@ -46,6 +48,9 @@ func NewPoolWrapper(p *treepool.Pool) *PoolWrapper {
 }
 
 func (w *PoolWrapper) GetNodes(ctx context.Context, prm *tree.GetNodesParams) ([]tree.NodeResponse, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.GetNodes")
+	defer span.End()
+
 	poolPrm := treepool.GetNodesParams{
 		CID:           prm.CnrID,
 		TreeID:        prm.TreeID,
@@ -57,7 +62,7 @@ func (w *PoolWrapper) GetNodes(ctx context.Context, prm *tree.GetNodesParams) ([
 		BearerToken:   getBearer(ctx),
 	}
 
-	nodes, err := w.p.GetNodes(ctx, poolPrm)
+	nodes, err := w.p.GetNodes(qostagging.ContextWithIOTag(ctx, clientIOTag), poolPrm)
 	if err != nil {
 		return nil, handleError(err)
 	}
@@ -93,6 +98,9 @@ func handleError(err error) error {
 }
 
 func (w *PoolWrapper) GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32, sort bool) ([]tree.NodeResponse, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "frostfs.GetSubTree")
+	defer span.End()
+
 	order := treepool.NoneOrder
 	if sort {
 		order = treepool.AscendingOrder
@@ -113,7 +121,7 @@ func (w *PoolWrapper) GetSubTree(ctx context.Context, bktInfo *data.BucketInfo,
 		poolPrm.RootID = nil
 	}
 
-	subTreeReader, err := w.p.GetSubTree(ctx, poolPrm)
+	subTreeReader, err := w.p.GetSubTree(qostagging.ContextWithIOTag(ctx, clientIOTag), poolPrm)
 	if err != nil {
 		return nil, handleError(err)
 	}

metrics/service.go

@@ -25,24 +25,24 @@ type Config struct {
 // Start runs http service with the exposed endpoint on the configured port.
 func (ms *Service) Start() {
 	if ms.enabled {
-		ms.log.Info(logs.ServiceIsRunning, zap.String("endpoint", ms.Addr))
+		ms.log.Info(logs.ServiceIsRunning, zap.String("endpoint", ms.Addr), logs.TagField(logs.TagApp))
 		err := ms.ListenAndServe()
 		if err != nil && err != http.ErrServerClosed {
-			ms.log.Warn(logs.ServiceCouldntStartOnConfiguredPort)
+			ms.log.Warn(logs.ServiceCouldntStartOnConfiguredPort, logs.TagField(logs.TagApp))
 		}
 	} else {
-		ms.log.Info(logs.ServiceHasntStartedSinceItsDisabled)
+		ms.log.Info(logs.ServiceHasntStartedSinceItsDisabled, logs.TagField(logs.TagApp))
 	}
 }
 
 // ShutDown stops the service.
 func (ms *Service) ShutDown(ctx context.Context) {
-	ms.log.Info(logs.ShuttingDownService, zap.String("endpoint", ms.Addr))
+	ms.log.Info(logs.ShuttingDownService, zap.String("endpoint", ms.Addr), logs.TagField(logs.TagApp))
 	err := ms.Shutdown(ctx)
 	if err != nil {
-		ms.log.Error(logs.CantGracefullyShutDownService, zap.Error(err))
+		ms.log.Error(logs.CantGracefullyShutDownService, zap.Error(err), logs.TagField(logs.TagApp))
 		if err = ms.Close(); err != nil {
-			ms.log.Panic(logs.CantShutDownService, zap.Error(err))
+			ms.log.Panic(logs.CantShutDownService, zap.Error(err), logs.TagField(logs.TagApp))
 		}
 	}
 }

response/utils.go

@@ -1,41 +0,0 @@
-package response
-
-import (
-	"errors"
-	"fmt"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	sdkstatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
-	"github.com/valyala/fasthttp"
-	"go.uber.org/zap"
-)
-
-func Error(r *fasthttp.RequestCtx, msg string, code int) {
-	r.Error(msg+"\n", code)
-}
-
-func FormErrorResponse(message string, err error) (int, string, []zap.Field) {
-	var (
-		msg        string
-		statusCode int
-		logFields  []zap.Field
-	)
-
-	st := new(sdkstatus.ObjectAccessDenied)
-
-	switch {
-	case errors.As(err, &st):
-		statusCode = fasthttp.StatusForbidden
-		reason := st.Reason()
-		msg = fmt.Sprintf("%s: %v: %s", message, err, reason)
-		logFields = append(logFields, zap.String("error_detail", reason))
-	case client.IsErrObjectNotFound(err) || client.IsErrContainerNotFound(err):
-		statusCode = fasthttp.StatusNotFound
-		msg = "Not Found"
-	default:
-		statusCode = fasthttp.StatusBadRequest
-		msg = fmt.Sprintf("%s: %v", message, err)
-	}
-
-	return statusCode, msg, logFields
-}

tokens/bearer-token.go

@@ -82,14 +82,22 @@ func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
 		tkn = new(bearer.Token)
 	)
 	for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
-		if buf = parse(&ctx.Request.Header); buf == nil {
+		buf = parse(&ctx.Request.Header)
+		if buf == nil {
 			continue
-		} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
+		}
+
+		data, err := base64.StdEncoding.DecodeString(string(buf))
+		if err != nil {
 			lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
 			continue
-		} else if err = tkn.Unmarshal(data); err != nil {
-			lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
-			continue
+		}
+
+		if err = tkn.Unmarshal(data); err != nil {
+			if err = tkn.UnmarshalJSON(data); err != nil {
+				lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
+				continue
+			}
 		}
 
 		return tkn, nil

tokens/bearer-token_test.go

@@ -98,8 +98,14 @@ func TestFetchBearerToken(t *testing.T) {
 	tkn := new(bearer.Token)
 	tkn.ForUser(uid)
 
-	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
-	require.NotEmpty(t, t64)
+	jsonToken, err := tkn.MarshalJSON()
+	require.NoError(t, err)
+
+	jsonTokenBase64 := base64.StdEncoding.EncodeToString(jsonToken)
+	binaryTokenBase64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
+
+	require.NotEmpty(t, jsonTokenBase64)
+	require.NotEmpty(t, binaryTokenBase64)
 
 	cases := []struct {
 		name   string
@@ -143,25 +149,47 @@ func TestFetchBearerToken(t *testing.T) {
 			error:  "can't unmarshal bearer token",
 		},
 		{
-			name:   "bad header, but good cookie",
+			name:   "bad header, but good cookie with binary token",
 			header: "dGVzdAo=",
-			cookie: t64,
+			cookie: binaryTokenBase64,
 			expect: tkn,
 		},
 		{
-			name:   "bad cookie, but good header",
-			header: t64,
+			name:   "bad cookie, but good header with binary token",
+			header: binaryTokenBase64,
 			cookie: "dGVzdAo=",
 			expect: tkn,
 		},
 		{
-			name:   "ok for header",
-			header: t64,
+			name:   "bad header, but good cookie with json token",
+			header: "dGVzdAo=",
+			cookie: jsonTokenBase64,
 			expect: tkn,
 		},
 		{
-			name:   "ok for cookie",
-			cookie: t64,
+			name:   "bad cookie, but good header with json token",
+			header: jsonTokenBase64,
+			cookie: "dGVzdAo=",
+			expect: tkn,
+		},
+		{
+			name:   "ok for header with binary token",
+			header: binaryTokenBase64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for cookie with binary token",
+			cookie: binaryTokenBase64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for header with json token",
+			header: jsonTokenBase64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for cookie with json token",
+			cookie: jsonTokenBase64,
 			expect: tkn,
 		},
 	}

tree/tree.go

@@ -8,6 +8,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
@@ -190,6 +191,9 @@ func (m *multiSystemNode) Old() []*treeNode {
 }
 
 func (c *Tree) GetLatestVersion(ctx context.Context, cnrID *cid.ID, objectName string) (*data.NodeVersion, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "tree.GetLatestVersion")
+	defer span.End()
+
 	nodes, err := c.GetVersions(ctx, cnrID, objectName)
 	if err != nil {
 		return nil, err
@@ -204,6 +208,9 @@ func (c *Tree) GetLatestVersion(ctx context.Context, cnrID *cid.ID, objectName s
 }
 
 func (c *Tree) GetVersions(ctx context.Context, cnrID *cid.ID, objectName string) ([]NodeResponse, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "tree.GetVersions")
+	defer span.End()
+
 	meta := []string{oidKV, isDeleteMarkerKV, sizeKV}
 	path := pathFromName(objectName)
 
@@ -220,6 +227,9 @@ func (c *Tree) GetVersions(ctx context.Context, cnrID *cid.ID, objectName string
 }
 
 func (c *Tree) CheckSettingsNodeExists(ctx context.Context, bktInfo *data.BucketInfo) error {
+	ctx, span := tracing.StartSpanFromContext(ctx, "tree.CheckSettingsNodeExists")
+	defer span.End()
+
 	_, err := c.getSystemNode(ctx, bktInfo, settingsFileName)
 	if err != nil {
 		return err
@@ -308,6 +318,9 @@ func pathFromName(objectName string) []string {
 }
 
 func (c *Tree) GetSubTreeByPrefix(ctx context.Context, bktInfo *data.BucketInfo, prefix string, latestOnly bool) ([]data.NodeInfo, string, error) {
+	ctx, span := tracing.StartSpanFromContext(ctx, "tree.GetSubTreeByPrefix")
+	defer span.End()
+
 	rootID, tailPrefix, err := c.determinePrefixNode(ctx, bktInfo, versionTree, prefix)
 	if err != nil {
 		return nil, "", err