From 8377372a40a699a029f185be6e355748931e8234 Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Fri, 26 Jul 2024 16:37:05 +0300
Subject: [PATCH] [#1276] go.mod: Update api-go

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 cmd/frostfs-cli/internal/client/client.go     |  23 ----
 cmd/frostfs-cli/modules/container/root.go     |   3 -
 cmd/frostfs-cli/modules/container/set_eacl.go | 108 ------------------
 cmd/frostfs-cli/modules/container/util.go     |   5 +-
 go.mod                                        |   6 +-
 go.sum                                        | Bin 39512 -> 39512 bytes
 pkg/core/client/client.go                     |   1 -
 pkg/morph/client/container/load.go            |  40 -------
 pkg/network/cache/multi.go                    |   9 --
 .../transport/container/grpc/service.go       |  30 -----
 pkg/services/container/ape.go                 |  21 ----
 pkg/services/container/ape_test.go            |  90 ---------------
 pkg/services/container/audit.go               |  30 -----
 pkg/services/container/executor.go            |  19 ---
 pkg/services/container/morph/executor.go      |   6 -
 pkg/services/container/server.go              |   2 -
 pkg/services/container/sign.go                |  18 ---
 17 files changed, 5 insertions(+), 406 deletions(-)
 delete mode 100644 cmd/frostfs-cli/modules/container/set_eacl.go

diff --git a/cmd/frostfs-cli/internal/client/client.go b/cmd/frostfs-cli/internal/client/client.go
index a6d9968c5..215490dbe 100644
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@@ -214,29 +214,6 @@ func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
 	return
 }
 
-// SetEACLPrm groups parameters of SetEACL operation.
-type SetEACLPrm struct {
-	Client       *client.Client
-	ClientParams client.PrmContainerSetEACL
-}
-
-// SetEACLRes groups the resulting values of SetEACL operation.
-type SetEACLRes struct{}
-
-// SetEACL requests to save an eACL table in FrostFS.
-//
-// Operation is asynchronous and no guaranteed even in the absence of errors.
-// The required time is also not predictable.
-//
-// Success can be verified by reading by container identifier.
-//
-// Returns any error which prevented the operation from completing correctly in error return.
-func SetEACL(ctx context.Context, prm SetEACLPrm) (res SetEACLRes, err error) {
-	_, err = prm.Client.ContainerSetEACL(ctx, prm.ClientParams)
-
-	return
-}
-
 // NetworkInfoPrm groups parameters of NetworkInfo operation.
 type NetworkInfoPrm struct {
 	Client       *client.Client
diff --git a/cmd/frostfs-cli/modules/container/root.go b/cmd/frostfs-cli/modules/container/root.go
index 99d1a4231..d5f0fd776 100644
--- a/cmd/frostfs-cli/modules/container/root.go
+++ b/cmd/frostfs-cli/modules/container/root.go
@@ -26,7 +26,6 @@ func init() {
 		listContainerObjectsCmd,
 		getContainerInfoCmd,
 		getExtendedACLCmd,
-		setExtendedACLCmd,
 		containerNodesCmd,
 		policyPlaygroundCmd,
 	}
@@ -39,7 +38,6 @@ func init() {
 	initContainerListObjectsCmd()
 	initContainerInfoCmd()
 	initContainerGetEACLCmd()
-	initContainerSetEACLCmd()
 	initContainerNodesCmd()
 	initContainerPolicyPlaygroundCmd()
 
@@ -53,7 +51,6 @@ func init() {
 	}{
 		{createContainerCmd, "PUT"},
 		{deleteContainerCmd, "DELETE"},
-		{setExtendedACLCmd, "SETEACL"},
 	} {
 		commonflags.InitSession(el.cmd, "container "+el.verb)
 	}
diff --git a/cmd/frostfs-cli/modules/container/set_eacl.go b/cmd/frostfs-cli/modules/container/set_eacl.go
deleted file mode 100644
index 86aa50a57..000000000
--- a/cmd/frostfs-cli/modules/container/set_eacl.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package container
-
-import (
-	"bytes"
-	"errors"
-	"time"
-
-	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	"github.com/spf13/cobra"
-)
-
-var flagVarsSetEACL struct {
-	noPreCheck bool
-
-	srcPath string
-}
-
-var setExtendedACLCmd = &cobra.Command{
-	Use:   "set-eacl",
-	Short: "Set new extended ACL table for container",
-	Long: `Set new extended ACL table for container.
-Container ID in EACL table will be substituted with ID from the CLI.`,
-	Run: func(cmd *cobra.Command, _ []string) {
-		id := parseContainerID(cmd)
-		eaclTable := common.ReadEACL(cmd, flagVarsSetEACL.srcPath)
-
-		tok := getSession(cmd)
-
-		eaclTable.SetCID(id)
-
-		pk := key.GetOrGenerate(cmd)
-		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
-
-		if !flagVarsSetEACL.noPreCheck {
-			cmd.Println("Checking the ability to modify access rights in the container...")
-
-			extendable, err := internalclient.IsACLExtendable(cmd.Context(), cli, id)
-			commonCmd.ExitOnErr(cmd, "Extensibility check failure: %w", err)
-
-			if !extendable {
-				commonCmd.ExitOnErr(cmd, "", errors.New("container ACL is immutable"))
-			}
-
-			cmd.Println("ACL extension is enabled in the container, continue processing.")
-		}
-
-		setEACLPrm := internalclient.SetEACLPrm{
-			Client: cli,
-			ClientParams: client.PrmContainerSetEACL{
-				Table:   eaclTable,
-				Session: tok,
-			},
-		}
-
-		_, err := internalclient.SetEACL(cmd.Context(), setEACLPrm)
-		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
-		if containerAwait {
-			exp, err := eaclTable.Marshal()
-			commonCmd.ExitOnErr(cmd, "broken EACL table: %w", err)
-
-			cmd.Println("awaiting...")
-
-			getEACLPrm := internalclient.EACLPrm{
-				Client: cli,
-				ClientParams: client.PrmContainerEACL{
-					ContainerID: &id,
-				},
-			}
-
-			for i := 0; i < awaitTimeout; i++ {
-				time.Sleep(1 * time.Second)
-
-				res, err := internalclient.EACL(cmd.Context(), getEACLPrm)
-				if err == nil {
-					// compare binary values because EACL could have been set already
-					table := res.EACL()
-					got, err := table.Marshal()
-					if err != nil {
-						continue
-					}
-
-					if bytes.Equal(exp, got) {
-						cmd.Println("EACL has been persisted on sidechain")
-						return
-					}
-				}
-			}
-
-			commonCmd.ExitOnErr(cmd, "", errSetEACLTimeout)
-		}
-	},
-}
-
-func initContainerSetEACLCmd() {
-	commonflags.Init(setExtendedACLCmd)
-
-	flags := setExtendedACLCmd.Flags()
-	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
-	flags.StringVar(&flagVarsSetEACL.srcPath, "table", "", "path to file with JSON or binary encoded EACL table")
-	flags.BoolVar(&containerAwait, "await", false, "block execution until EACL is persisted")
-	flags.BoolVar(&flagVarsSetEACL.noPreCheck, "no-precheck", false, "do not pre-check the extensibility of the container ACL")
-}
diff --git a/cmd/frostfs-cli/modules/container/util.go b/cmd/frostfs-cli/modules/container/util.go
index 48265f785..4cb268ec5 100644
--- a/cmd/frostfs-cli/modules/container/util.go
+++ b/cmd/frostfs-cli/modules/container/util.go
@@ -18,9 +18,8 @@ const (
 )
 
 var (
-	errCreateTimeout  = errors.New("timeout: container has not been persisted on sidechain")
-	errDeleteTimeout  = errors.New("timeout: container has not been removed from sidechain")
-	errSetEACLTimeout = errors.New("timeout: EACL has not been persisted on sidechain")
+	errCreateTimeout = errors.New("timeout: container has not been persisted on sidechain")
+	errDeleteTimeout = errors.New("timeout: container has not been removed from sidechain")
 )
 
 func parseContainerID(cmd *cobra.Command) cid.ID {
diff --git a/go.mod b/go.mod
index c63eabe0d..09a098502 100644
--- a/go.mod
+++ b/go.mod
@@ -4,12 +4,12 @@ go 1.21
 
 require (
 	code.gitea.io/sdk/gitea v0.17.1
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240530152826-2f6d3209e1d3
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240726072425-3dfa2f4fd65e
 	git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
 	git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240617140730-1a5886e776de
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240726111349-9da46f566fec
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1
 	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240712081403-2628f6184984
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0
@@ -24,7 +24,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mr-tron/base58 v1.2.0
 	github.com/multiformats/go-multiaddr v0.12.1
-	github.com/nspcc-dev/neo-go v0.106.0
+	github.com/nspcc-dev/neo-go v0.106.2
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/panjf2000/ants/v2 v2.9.0
 	github.com/prometheus/client_golang v1.19.0
diff --git a/go.sum b/go.sum
index 965bffd2d8907399761cc6bd29ae8a50eff42086..1034ff61fe818a58da31dd01d20510fac1cbf80a 100644
GIT binary patch
delta 281
zcmcbyh3Uo?rU}nn&5g_q%#BQpOm&S@(h`l*Owv-!Oj8vy46V{#!$Y*q4P5nu%G|Rn
zN`lL@19B=u{fx>=yuvDTGXfJ0b1MtViXuw0eJ2~RYD_#UDTdv!%}tEuEFg;v4GoP=
zEOjkY5>3p~OwG*FQj<XzIT~07muHw)=BMZ8W;!~BrkQ(`nE8eTMtB*R`&PPFm}pmJ
zh6ehj=A<TrESmg`RoDl+Y5M8;db#;2AVXbpymHgSO!N!0-Lfl;5|gwe!>jUgd^58$
i-Ha-uJo1XXip#zHoy;TLi-CqJOtxd^+Wej^b20!L`dKgl

delta 281
zcmcbyh3Uo?rU}nnO^po<O^qy!%yf;?%u<Yv3@lR(Q;Zcd46Qs&-OGx?a`MYPeZ$kL
z3Inq<A`J=*ax3%my($6?i+zK_g5A<063ffO(<d9SYD_#UDTdv!%}tEuEUspT=7uH)
z=EerPhKZ&Y7G|mD=4L6WAdCF7io+ufvI^Y2!VF6+%p=mvee{h3id`zq)4a@b()@fQ
zN+K;nGx9@|d_fjXe#R>7gWWX!^nAVC{1lL(CXW6|zGmiOp@rEIfnGWOE+K9q8E$!{
kzV5E2-WC~_E=7(J9xhRZWzL~MLlq|5v2$&H&z3nE01L2IqyPW_

diff --git a/pkg/core/client/client.go b/pkg/core/client/client.go
index 8c92901f2..854fbc49f 100644
--- a/pkg/core/client/client.go
+++ b/pkg/core/client/client.go
@@ -11,7 +11,6 @@ import (
 // Client is an interface of FrostFS storage
 // node's client.
 type Client interface {
-	ContainerAnnounceUsedSpace(context.Context, client.PrmAnnounceSpace) (*client.ResAnnounceSpace, error)
 	ObjectPutInit(context.Context, client.PrmObjectPutInit) (client.ObjectWriter, error)
 	ObjectPutSingle(context.Context, client.PrmObjectPutSingle) (*client.ResObjectPutSingle, error)
 	ObjectDelete(context.Context, client.PrmObjectDelete) (*client.ResObjectDelete, error)
diff --git a/pkg/morph/client/container/load.go b/pkg/morph/client/container/load.go
index b5263d7a6..5e2c3c2c3 100644
--- a/pkg/morph/client/container/load.go
+++ b/pkg/morph/client/container/load.go
@@ -1,53 +1,13 @@
 package container
 
 import (
-	"crypto/sha256"
 	"fmt"
 
 	v2refs "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 )
 
-// AnnounceLoadPrm groups parameters of AnnounceLoad operation.
-type AnnounceLoadPrm struct {
-	a   container.SizeEstimation
-	key []byte
-
-	client.InvokePrmOptional
-}
-
-// SetAnnouncement sets announcement.
-func (a2 *AnnounceLoadPrm) SetAnnouncement(a container.SizeEstimation) {
-	a2.a = a
-}
-
-// SetReporter sets public key of the reporter.
-func (a2 *AnnounceLoadPrm) SetReporter(key []byte) {
-	a2.key = key
-}
-
-// AnnounceLoad saves container size estimation calculated by storage node
-// with key in FrostFS system through Container contract call.
-//
-// Returns any error encountered that caused the saving to interrupt.
-func (c *Client) AnnounceLoad(p AnnounceLoadPrm) error {
-	binCnr := make([]byte, sha256.Size)
-	p.a.Container().Encode(binCnr)
-
-	prm := client.InvokePrm{}
-	prm.SetMethod(putSizeMethod)
-	prm.SetArgs(p.a.Epoch(), binCnr, p.a.Value(), p.key)
-	prm.InvokePrmOptional = p.InvokePrmOptional
-
-	_, err := c.client.Invoke(prm)
-	if err != nil {
-		return fmt.Errorf("could not invoke method (%s): %w", putSizeMethod, err)
-	}
-	return nil
-}
-
 // EstimationID is an identity of container load estimation inside Container contract.
 type EstimationID []byte
 
diff --git a/pkg/network/cache/multi.go b/pkg/network/cache/multi.go
index f19510d76..9305c143b 100644
--- a/pkg/network/cache/multi.go
+++ b/pkg/network/cache/multi.go
@@ -239,15 +239,6 @@ func (x *multiClient) ObjectPutSingle(ctx context.Context, p client.PrmObjectPut
 	return
 }
 
-func (x *multiClient) ContainerAnnounceUsedSpace(ctx context.Context, prm client.PrmAnnounceSpace) (res *client.ResAnnounceSpace, err error) {
-	err = x.iterateClients(ctx, func(c clientcore.Client) error {
-		res, err = c.ContainerAnnounceUsedSpace(ctx, prm)
-		return err
-	})
-
-	return
-}
-
 func (x *multiClient) ObjectDelete(ctx context.Context, p client.PrmObjectDelete) (res *client.ResObjectDelete, err error) {
 	err = x.iterateClients(ctx, func(c clientcore.Client) error {
 		res, err = c.ObjectDelete(ctx, p)
diff --git a/pkg/network/transport/container/grpc/service.go b/pkg/network/transport/container/grpc/service.go
index ed514d6d4..f0206dd5c 100644
--- a/pkg/network/transport/container/grpc/service.go
+++ b/pkg/network/transport/container/grpc/service.go
@@ -81,21 +81,6 @@ func (s *Server) List(ctx context.Context, req *containerGRPC.ListRequest) (*con
 	return resp.ToGRPCMessage().(*containerGRPC.ListResponse), nil
 }
 
-// SetExtendedACL converts gRPC SetExtendedACLRequest message and passes it to internal Container service.
-func (s *Server) SetExtendedACL(ctx context.Context, req *containerGRPC.SetExtendedACLRequest) (*containerGRPC.SetExtendedACLResponse, error) {
-	setEACLReq := new(container.SetExtendedACLRequest)
-	if err := setEACLReq.FromGRPCMessage(req); err != nil {
-		return nil, err
-	}
-
-	resp, err := s.srv.SetExtendedACL(ctx, setEACLReq)
-	if err != nil {
-		return nil, err
-	}
-
-	return resp.ToGRPCMessage().(*containerGRPC.SetExtendedACLResponse), nil
-}
-
 // GetExtendedACL converts gRPC GetExtendedACLRequest message and passes it to internal Container service.
 func (s *Server) GetExtendedACL(ctx context.Context, req *containerGRPC.GetExtendedACLRequest) (*containerGRPC.GetExtendedACLResponse, error) {
 	getEACLReq := new(container.GetExtendedACLRequest)
@@ -110,18 +95,3 @@ func (s *Server) GetExtendedACL(ctx context.Context, req *containerGRPC.GetExten
 
 	return resp.ToGRPCMessage().(*containerGRPC.GetExtendedACLResponse), nil
 }
-
-// AnnounceUsedSpace converts gRPC AnnounceUsedSpaceRequest message and passes it to internal Container service.
-func (s *Server) AnnounceUsedSpace(ctx context.Context, req *containerGRPC.AnnounceUsedSpaceRequest) (*containerGRPC.AnnounceUsedSpaceResponse, error) {
-	announceReq := new(container.AnnounceUsedSpaceRequest)
-	if err := announceReq.FromGRPCMessage(req); err != nil {
-		return nil, err
-	}
-
-	resp, err := s.srv.AnnounceUsedSpace(ctx, announceReq)
-	if err != nil {
-		return nil, err
-	}
-
-	return resp.ToGRPCMessage().(*containerGRPC.AnnounceUsedSpaceResponse), nil
-}
diff --git a/pkg/services/container/ape.go b/pkg/services/container/ape.go
index 3ea591c6a..8fe4dd2d9 100644
--- a/pkg/services/container/ape.go
+++ b/pkg/services/container/ape.go
@@ -78,15 +78,6 @@ func NewAPEServer(router policyengine.ChainRouter, reader containers, ir ir, nm
 	}
 }
 
-func (ac *apeChecker) AnnounceUsedSpace(ctx context.Context, req *container.AnnounceUsedSpaceRequest) (*container.AnnounceUsedSpaceResponse, error) {
-	ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.AnnounceUsedSpace")
-	defer span.End()
-
-	// this method is not used, so not checked
-
-	return ac.next.AnnounceUsedSpace(ctx, req)
-}
-
 func (ac *apeChecker) Delete(ctx context.Context, req *container.DeleteRequest) (*container.DeleteResponse, error) {
 	ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.Delete")
 	defer span.End()
@@ -303,18 +294,6 @@ func (ac *apeChecker) getRoleWithoutContainerID(oID *refs.OwnerID, mh *session.R
 	return nativeschema.PropertyValueContainerRoleOthers, pk, nil
 }
 
-func (ac *apeChecker) SetExtendedACL(ctx context.Context, req *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error) {
-	ctx, span := tracing.StartSpanFromContext(ctx, "apeChecker.SetExtendedACL")
-	defer span.End()
-
-	if err := ac.validateContainerBoundedOperation(ctx, req.GetBody().GetEACL().GetContainerID(), req.GetMetaHeader(), req.GetVerificationHeader(),
-		nativeschema.MethodSetContainerEACL); err != nil {
-		return nil, err
-	}
-
-	return ac.next.SetExtendedACL(ctx, req)
-}
-
 func (ac *apeChecker) validateContainerBoundedOperation(ctx context.Context, containerID *refs.ContainerID, mh *session.RequestMetaHeader, vh *session.RequestVerificationHeader, op string) error {
 	if vh == nil {
 		return errMissingVerificationHeader
diff --git a/pkg/services/container/ape_test.go b/pkg/services/container/ape_test.go
index a6f0fb222..9eed469ca 100644
--- a/pkg/services/container/ape_test.go
+++ b/pkg/services/container/ape_test.go
@@ -9,7 +9,6 @@ import (
 	"net"
 	"testing"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
@@ -50,7 +49,6 @@ func TestAPE(t *testing.T) {
 	t.Run("deny get container by user claim tag", testDenyGetContainerByUserClaimTag)
 	t.Run("deny get container by IP", testDenyGetContainerByIP)
 	t.Run("deny get container by group id", testDenyGetContainerByGroupID)
-	t.Run("deny set container eACL for IR", testDenySetContainerEACLForIR)
 	t.Run("deny get container eACL for IR with session token", testDenyGetContainerEACLForIRSessionToken)
 	t.Run("deny put container for others with session token", testDenyPutContainerForOthersSessionToken)
 	t.Run("deny put container, read namespace from frostfsID", testDenyPutContainerReadNamespaceFromFrostfsID)
@@ -665,84 +663,6 @@ func testDenyGetContainerByGroupID(t *testing.T) {
 	require.ErrorAs(t, err, &errAccessDenied)
 }
 
-func testDenySetContainerEACLForIR(t *testing.T) {
-	t.Parallel()
-	srv := &srvStub{
-		calls: map[string]int{},
-	}
-	router := inmemory.NewInMemory()
-	contRdr := &containerStub{
-		c: map[cid.ID]*containercore.Container{},
-	}
-	ir := &irStub{
-		keys: [][]byte{},
-	}
-	nm := &netmapStub{}
-	frostfsIDSubjectReader := &frostfsidStub{
-		subjects: map[util.Uint160]*client.Subject{},
-	}
-	apeSrv := NewAPEServer(router, contRdr, ir, nm, frostfsIDSubjectReader, srv)
-
-	contID := cidtest.ID()
-	testContainer := containertest.Container()
-	pp := netmap.PlacementPolicy{}
-	require.NoError(t, pp.DecodeString("REP 1"))
-	testContainer.SetPlacementPolicy(pp)
-	contRdr.c[contID] = &containercore.Container{Value: testContainer}
-
-	nm.currentEpoch = 100
-	nm.netmaps = map[uint64]*netmap.NetMap{}
-	var testNetmap netmap.NetMap
-	testNetmap.SetEpoch(nm.currentEpoch)
-	testNetmap.SetNodes([]netmap.NodeInfo{{}})
-	nm.netmaps[nm.currentEpoch] = &testNetmap
-	nm.netmaps[nm.currentEpoch-1] = &testNetmap
-
-	_, _, err := router.MorphRuleChainStorage().AddMorphRuleChain(chain.Ingress, engine.ContainerTarget(contID.EncodeToString()), &chain.Chain{
-		Rules: []chain.Rule{
-			{
-				Status: chain.AccessDenied,
-				Actions: chain.Actions{
-					Names: []string{
-						nativeschema.MethodSetContainerEACL,
-					},
-				},
-				Resources: chain.Resources{
-					Names: []string{
-						fmt.Sprintf(nativeschema.ResourceFormatRootContainer, contID.EncodeToString()),
-					},
-				},
-				Condition: []chain.Condition{
-					{
-						Kind:  chain.KindRequest,
-						Key:   nativeschema.PropertyKeyActorRole,
-						Value: nativeschema.PropertyValueContainerRoleIR,
-						Op:    chain.CondStringEquals,
-					},
-				},
-			},
-		},
-	})
-	require.NoError(t, err)
-
-	req := &container.SetExtendedACLRequest{}
-	req.SetBody(&container.SetExtendedACLRequestBody{})
-	var refContID refs.ContainerID
-	contID.WriteToV2(&refContID)
-	req.GetBody().SetEACL(&acl.Table{})
-	req.GetBody().GetEACL().SetContainerID(&refContID)
-
-	pk, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	require.NoError(t, signature.SignServiceMessage(&pk.PrivateKey, req))
-	ir.keys = append(ir.keys, pk.PublicKey().Bytes())
-
-	resp, err := apeSrv.SetExtendedACL(context.Background(), req)
-	require.Nil(t, resp)
-	var errAccessDenied *apistatus.ObjectAccessDenied
-	require.ErrorAs(t, err, &errAccessDenied)
-}
-
 func testDenyGetContainerEACLForIRSessionToken(t *testing.T) {
 	t.Parallel()
 	srv := &srvStub{
@@ -1229,11 +1149,6 @@ type srvStub struct {
 	calls map[string]int
 }
 
-func (s *srvStub) AnnounceUsedSpace(context.Context, *container.AnnounceUsedSpaceRequest) (*container.AnnounceUsedSpaceResponse, error) {
-	s.calls["AnnounceUsedSpace"]++
-	return &container.AnnounceUsedSpaceResponse{}, nil
-}
-
 func (s *srvStub) Delete(context.Context, *container.DeleteRequest) (*container.DeleteResponse, error) {
 	s.calls["Delete"]++
 	return &container.DeleteResponse{}, nil
@@ -1259,11 +1174,6 @@ func (s *srvStub) Put(context.Context, *container.PutRequest) (*container.PutRes
 	return &container.PutResponse{}, nil
 }
 
-func (s *srvStub) SetExtendedACL(context.Context, *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error) {
-	s.calls["SetExtendedACL"]++
-	return &container.SetExtendedACLResponse{}, nil
-}
-
 type irStub struct {
 	keys [][]byte
 }
diff --git a/pkg/services/container/audit.go b/pkg/services/container/audit.go
index 7ef432bb1..34fd5923f 100644
--- a/pkg/services/container/audit.go
+++ b/pkg/services/container/audit.go
@@ -6,7 +6,6 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	container_grpc "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container/grpc"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/audit"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
@@ -29,24 +28,6 @@ func NewAuditService(next Server, log *logger.Logger, enabled *atomic.Bool) Serv
 	}
 }
 
-// AnnounceUsedSpace implements Server.
-func (a *auditService) AnnounceUsedSpace(ctx context.Context, req *container.AnnounceUsedSpaceRequest) (*container.AnnounceUsedSpaceResponse, error) {
-	res, err := a.next.AnnounceUsedSpace(ctx, req)
-	if !a.enabled.Load() {
-		return res, err
-	}
-
-	var ids []*refs.ContainerID
-	for _, v := range req.GetBody().GetAnnouncements() {
-		ids = append(ids, v.GetContainerID())
-	}
-
-	audit.LogRequest(a.log, container_grpc.ContainerService_AnnounceUsedSpace_FullMethodName, req,
-		audit.TargetFromRefs(ids, &cid.ID{}), err == nil)
-
-	return res, err
-}
-
 // Delete implements Server.
 func (a *auditService) Delete(ctx context.Context, req *container.DeleteRequest) (*container.DeleteResponse, error) {
 	res, err := a.next.Delete(ctx, req)
@@ -103,14 +84,3 @@ func (a *auditService) Put(ctx context.Context, req *container.PutRequest) (*con
 		audit.TargetFromRef(res.GetBody().GetContainerID(), &cid.ID{}), err == nil)
 	return res, err
 }
-
-// SetExtendedACL implements Server.
-func (a *auditService) SetExtendedACL(ctx context.Context, req *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error) {
-	res, err := a.next.SetExtendedACL(ctx, req)
-	if !a.enabled.Load() {
-		return res, err
-	}
-	audit.LogRequest(a.log, container_grpc.ContainerService_SetExtendedACL_FullMethodName, req,
-		audit.TargetFromRef(req.GetBody().GetEACL().GetContainerID(), &cid.ID{}), err == nil)
-	return res, err
-}
diff --git a/pkg/services/container/executor.go b/pkg/services/container/executor.go
index d4ae11d62..b64963e25 100644
--- a/pkg/services/container/executor.go
+++ b/pkg/services/container/executor.go
@@ -14,7 +14,6 @@ type ServiceExecutor interface {
 	Delete(context.Context, *session.Token, *container.DeleteRequestBody) (*container.DeleteResponseBody, error)
 	Get(context.Context, *container.GetRequestBody) (*container.GetResponseBody, error)
 	List(context.Context, *container.ListRequestBody) (*container.ListResponseBody, error)
-	SetExtendedACL(context.Context, *session.Token, *container.SetExtendedACLRequestBody) (*container.SetExtendedACLResponseBody, error)
 	GetExtendedACL(context.Context, *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error)
 }
 
@@ -96,24 +95,6 @@ func (s *executorSvc) List(ctx context.Context, req *container.ListRequest) (*co
 	return resp, nil
 }
 
-func (s *executorSvc) SetExtendedACL(ctx context.Context, req *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error) {
-	meta := req.GetMetaHeader()
-	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
-		meta = origin
-	}
-
-	respBody, err := s.exec.SetExtendedACL(ctx, meta.GetSessionToken(), req.GetBody())
-	if err != nil {
-		return nil, fmt.Errorf("could not execute SetEACL request: %w", err)
-	}
-
-	resp := new(container.SetExtendedACLResponse)
-	resp.SetBody(respBody)
-
-	s.respSvc.SetMeta(resp)
-	return resp, nil
-}
-
 func (s *executorSvc) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
 	respBody, err := s.exec.GetExtendedACL(ctx, req.GetBody())
 	if err != nil {
diff --git a/pkg/services/container/morph/executor.go b/pkg/services/container/morph/executor.go
index e2e79f3d2..57dac32f0 100644
--- a/pkg/services/container/morph/executor.go
+++ b/pkg/services/container/morph/executor.go
@@ -13,8 +13,6 @@ import (
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 var errMissingUserID = errors.New("missing user ID")
@@ -204,10 +202,6 @@ func (s *morphExecutor) List(_ context.Context, body *container.ListRequestBody)
 	return res, nil
 }
 
-func (s *morphExecutor) SetExtendedACL(_ context.Context, _ *sessionV2.Token, _ *container.SetExtendedACLRequestBody) (*container.SetExtendedACLResponseBody, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SetExtendedACL not implemented")
-}
-
 func (s *morphExecutor) GetExtendedACL(_ context.Context, body *container.GetExtendedACLRequestBody) (*container.GetExtendedACLResponseBody, error) {
 	idV2 := body.GetContainerID()
 	if idV2 == nil {
diff --git a/pkg/services/container/server.go b/pkg/services/container/server.go
index 052a8c945..d714d7f02 100644
--- a/pkg/services/container/server.go
+++ b/pkg/services/container/server.go
@@ -12,7 +12,5 @@ type Server interface {
 	Get(context.Context, *container.GetRequest) (*container.GetResponse, error)
 	Delete(context.Context, *container.DeleteRequest) (*container.DeleteResponse, error)
 	List(context.Context, *container.ListRequest) (*container.ListResponse, error)
-	SetExtendedACL(context.Context, *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error)
 	GetExtendedACL(context.Context, *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error)
-	AnnounceUsedSpace(context.Context, *container.AnnounceUsedSpaceRequest) (*container.AnnounceUsedSpaceResponse, error)
 }
diff --git a/pkg/services/container/sign.go b/pkg/services/container/sign.go
index bba717f60..62aa3fe27 100644
--- a/pkg/services/container/sign.go
+++ b/pkg/services/container/sign.go
@@ -57,15 +57,6 @@ func (s *signService) List(ctx context.Context, req *container.ListRequest) (*co
 	return resp, s.sigSvc.SignResponse(resp, err)
 }
 
-func (s *signService) SetExtendedACL(ctx context.Context, req *container.SetExtendedACLRequest) (*container.SetExtendedACLResponse, error) {
-	if err := s.sigSvc.VerifyRequest(req); err != nil {
-		resp := new(container.SetExtendedACLResponse)
-		return resp, s.sigSvc.SignResponse(resp, err)
-	}
-	resp, err := util.EnsureNonNilResponse(s.svc.SetExtendedACL(ctx, req))
-	return resp, s.sigSvc.SignResponse(resp, err)
-}
-
 func (s *signService) GetExtendedACL(ctx context.Context, req *container.GetExtendedACLRequest) (*container.GetExtendedACLResponse, error) {
 	if err := s.sigSvc.VerifyRequest(req); err != nil {
 		resp := new(container.GetExtendedACLResponse)
@@ -74,12 +65,3 @@ func (s *signService) GetExtendedACL(ctx context.Context, req *container.GetExte
 	resp, err := util.EnsureNonNilResponse(s.svc.GetExtendedACL(ctx, req))
 	return resp, s.sigSvc.SignResponse(resp, err)
 }
-
-func (s *signService) AnnounceUsedSpace(ctx context.Context, req *container.AnnounceUsedSpaceRequest) (*container.AnnounceUsedSpaceResponse, error) {
-	if err := s.sigSvc.VerifyRequest(req); err != nil {
-		resp := new(container.AnnounceUsedSpaceResponse)
-		return resp, s.sigSvc.SignResponse(resp, err)
-	}
-	resp, err := util.EnsureNonNilResponse(s.svc.AnnounceUsedSpace(ctx, req))
-	return resp, s.sigSvc.SignResponse(resp, err)
-}
-- 
2.45.2