README.md

@@ -98,7 +98,7 @@ See `frostfs-contract`'s README.md for build instructions.
 4. To create container and put object into it run (container and object IDs will be different):
 
 ```
-./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl public-read-write --await
+./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --await
 Enter password >  <- press ENTER, the is no password for wallet
 CID: CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju
 

cmd/frostfs-cli/docs/sessions.md

@@ -72,4 +72,3 @@ All other `object` sub-commands support only static sessions (2).
 List of commands supporting sessions (static only):
 - `create`
 - `delete`
-- `set-eacl`

cmd/frostfs-cli/modules/container/create.go

@@ -15,14 +15,12 @@ import (
 	containerApi "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 
 var (
-	containerACL         string
 	containerPolicy      string
 	containerAttributes  []string
 	containerAwait       bool
@@ -89,9 +87,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
 		err = parseAttributes(&cnr, containerAttributes)
 		commonCmd.ExitOnErr(cmd, "", err)
 
-		var basicACL acl.Basic
-		commonCmd.ExitOnErr(cmd, "decode basic ACL string: %w", basicACL.DecodeString(containerACL))
-
 		tok := getSession(cmd)
 
 		if tok != nil {
@@ -105,7 +100,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
 		}
 
 		cnr.SetPlacementPolicy(*placementPolicy)
-		cnr.SetBasicACL(basicACL)
 
 		var syncContainerPrm internalclient.SyncContainerPrm
 		syncContainerPrm.SetClient(cli)
@@ -163,10 +157,6 @@ func initContainerCreateCmd() {
 	flags.DurationP(commonflags.Timeout, commonflags.TimeoutShorthand, commonflags.TimeoutDefault, commonflags.TimeoutUsage)
 	flags.StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
 	flags.StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
-
-	flags.StringVar(&containerACL, "basic-acl", acl.NamePrivate, fmt.Sprintf("HEX encoded basic ACL value or keywords like '%s', '%s', '%s'",
-		acl.NamePublicRW, acl.NamePrivate, acl.NamePublicROExtended,
-	))
 	flags.StringVarP(&containerPolicy, "policy", "p", "", "QL-encoded or JSON-encoded placement policy or path to file with it")
 	flags.StringSliceVarP(&containerAttributes, "attributes", "a", nil, "Comma separated pairs of container attributes in form of Key1=Value1,Key2=Value2")
 	flags.BoolVar(&containerAwait, "await", false, "Block execution until container is persisted")

cmd/frostfs-node/cache.go

@@ -196,31 +196,6 @@ func (s ttlContainerStorage) DeletionInfo(cnr cid.ID) (*container.DelInfo, error
 	return s.delInfoCache.get(cnr)
 }
 
-type ttlEACLStorage struct {
-	*ttlNetCache[cid.ID, *container.EACL]
-}
-
-func newCachedEACLStorage(v container.EACLSource, ttl time.Duration) ttlEACLStorage {
-	const eaclCacheSize = 100
-
-	lruCnrCache := newNetworkTTLCache(eaclCacheSize, ttl, func(id cid.ID) (*container.EACL, error) {
-		return v.GetEACL(id)
-	}, metrics.NewCacheMetrics("eacl"))
-
-	return ttlEACLStorage{lruCnrCache}
-}
-
-// GetEACL returns eACL value from the cache. If value is missing in the cache
-// or expired, then it returns value from side chain and updates cache.
-func (s ttlEACLStorage) GetEACL(cnr cid.ID) (*container.EACL, error) {
-	return s.get(cnr)
-}
-
-// InvalidateEACL removes cached eACL value.
-func (s ttlEACLStorage) InvalidateEACL(cnr cid.ID) {
-	s.remove(cnr)
-}
-
 type lruNetmapSource struct {
 	netState netmap.State
 

cmd/frostfs-node/config.go

@@ -642,8 +642,6 @@ type cfgObject struct {
 
 	cnrSource container.Source
 
-	eaclSource container.EACLSource
-
 	cfgAccessPolicyEngine cfgAccessPolicyEngine
 
 	pool cfgObjectRoutines

cmd/frostfs-node/container.go

@@ -70,10 +70,6 @@ func initContainerService(_ context.Context, c *cfg) {
 }
 
 func configureEACLAndContainerSources(c *cfg, client *cntClient.Client, cnrSrc containerCore.Source) (*morphContainerReader, *morphContainerWriter) {
-	eACLFetcher := &morphEACLFetcher{
-		w: client,
-	}
-
 	cnrRdr := new(morphContainerReader)
 
 	cnrWrt := &morphContainerWriter{
@@ -81,8 +77,6 @@ func configureEACLAndContainerSources(c *cfg, client *cntClient.Client, cnrSrc c
 	}
 
 	if c.cfgMorph.cacheTTL <= 0 {
-		c.cfgObject.eaclSource = eACLFetcher
-		cnrRdr.eacl = eACLFetcher
 		c.cfgObject.cnrSource = cnrSrc
 		cnrRdr.src = cnrSrc
 		cnrRdr.lister = client
@@ -126,11 +120,7 @@ func configureEACLAndContainerSources(c *cfg, client *cntClient.Client, cnrSrc c
 			c.cfgObject.cnrSource = containerCache
 		}
 
-		cachedEACLStorage := newCachedEACLStorage(eACLFetcher, c.cfgMorph.cacheTTL)
-		c.cfgObject.eaclSource = cachedEACLStorage
-
 		cnrRdr.lister = client
-		cnrRdr.eacl = c.cfgObject.eaclSource
 		cnrRdr.src = c.cfgObject.cnrSource
 	}
 
@@ -221,8 +211,6 @@ func (c *cfg) ExternalAddresses() []string {
 
 // implements interface required by container service provided by morph executor.
 type morphContainerReader struct {
-	eacl containerCore.EACLSource
-
 	src containerCore.Source
 
 	lister interface {
@@ -238,10 +226,6 @@ func (x *morphContainerReader) DeletionInfo(id cid.ID) (*containerCore.DelInfo,
 	return x.src.DeletionInfo(id)
 }
 
-func (x *morphContainerReader) GetEACL(id cid.ID) (*containerCore.EACL, error) {
-	return x.eacl.GetEACL(id)
-}
-
 func (x *morphContainerReader) ContainersOf(id *user.ID) ([]cid.ID, error) {
 	return x.lister.ContainersOf(id)
 }

cmd/frostfs-node/object.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"net"
 
@@ -14,7 +13,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	cntClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/container"
 	nmClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network/cache"
 	objectTransportGRPC "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network/transport/object/grpc"
@@ -37,7 +35,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/replicator"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/object"
 	objectGRPC "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/object/grpc"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	netmapSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -481,29 +478,6 @@ func createAPEService(c *cfg, splitSvc *objectService.TransportSplitter) *object
 	)
 }
 
-type morphEACLFetcher struct {
-	w *cntClient.Client
-}
-
-func (s *morphEACLFetcher) GetEACL(cnr cid.ID) (*containercore.EACL, error) {
-	eaclInfo, err := s.w.GetEACL(cnr)
-	if err != nil {
-		return nil, err
-	}
-
-	binTable, err := eaclInfo.Value.Marshal()
-	if err != nil {
-		return nil, fmt.Errorf("marshal eACL table: %w", err)
-	}
-
-	if !eaclInfo.Signature.Verify(binTable) {
-		// TODO(@cthulhu-rider): #468 use "const" error
-		return nil, errors.New("invalid signature of the eACL table")
-	}
-
-	return eaclInfo, nil
-}
-
 type engineWithoutNotifications struct {
 	engine *engine.StorageEngine
 }

pkg/core/container/storage.go

@@ -58,16 +58,3 @@ type EACL struct {
 	// Session within which Value was set. Nil means session absence.
 	Session *session.Container
 }
-
-// EACLSource is the interface that wraps
-// basic methods of extended ACL table source.
-type EACLSource interface {
-	// GetEACL reads the table from the source by identifier.
-	// It returns any error encountered.
-	//
-	// GetEACL must return exactly one non-nil value.
-	//
-	// Must return apistatus.ErrEACLNotFound if requested
-	// eACL table is not in source.
-	GetEACL(cid.ID) (*EACL, error)
-}

pkg/morph/client/container/client.go

@@ -27,7 +27,6 @@ const (
 	getMethod          = "get"
 	listMethod         = "list"
 	containersOfMethod = "containersOf"
-	eaclMethod         = "eACL"
 	deletionInfoMethod = "deletionInfo"
 
 	// putNamedMethod is method name for container put with an alias. It is exported to provide custom fee.

pkg/morph/client/container/eacl.go

@@ -1,95 +0,0 @@
-package container
-
-import (
-	"crypto/sha256"
-	"fmt"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
-	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
-)
-
-// GetEACL reads the extended ACL table from FrostFS system
-// through Container contract call.
-//
-// Returns apistatus.EACLNotFound if eACL table is missing in the contract.
-func (c *Client) GetEACL(cnr cid.ID) (*container.EACL, error) {
-	binCnr := make([]byte, sha256.Size)
-	cnr.Encode(binCnr)
-
-	prm := client.TestInvokePrm{}
-	prm.SetMethod(eaclMethod)
-	prm.SetArgs(binCnr)
-
-	prms, err := c.client.TestInvoke(prm)
-	if err != nil {
-		return nil, fmt.Errorf("could not perform test invocation (%s): %w", eaclMethod, err)
-	} else if ln := len(prms); ln != 1 {
-		return nil, fmt.Errorf("unexpected stack item count (%s): %d", eaclMethod, ln)
-	}
-
-	arr, err := client.ArrayFromStackItem(prms[0])
-	if err != nil {
-		return nil, fmt.Errorf("could not get item array of eACL (%s): %w", eaclMethod, err)
-	}
-
-	if len(arr) != 4 {
-		return nil, fmt.Errorf("unexpected eacl stack item count (%s): %d", eaclMethod, len(arr))
-	}
-
-	rawEACL, err := client.BytesFromStackItem(arr[0])
-	if err != nil {
-		return nil, fmt.Errorf("could not get byte array of eACL (%s): %w", eaclMethod, err)
-	}
-
-	sig, err := client.BytesFromStackItem(arr[1])
-	if err != nil {
-		return nil, fmt.Errorf("could not get byte array of eACL signature (%s): %w", eaclMethod, err)
-	}
-
-	// Client may not return errors if the table is missing, so check this case additionally.
-	// The absence of a signature in the response can be taken as an eACL absence criterion,
-	// since unsigned table cannot be approved in the storage by design.
-	if len(sig) == 0 {
-		return nil, new(apistatus.EACLNotFound)
-	}
-
-	pub, err := client.BytesFromStackItem(arr[2])
-	if err != nil {
-		return nil, fmt.Errorf("could not get byte array of eACL public key (%s): %w", eaclMethod, err)
-	}
-
-	binToken, err := client.BytesFromStackItem(arr[3])
-	if err != nil {
-		return nil, fmt.Errorf("could not get byte array of eACL session token (%s): %w", eaclMethod, err)
-	}
-
-	var res container.EACL
-
-	res.Value = eacl.NewTable()
-	if err = res.Value.Unmarshal(rawEACL); err != nil {
-		return nil, err
-	}
-
-	if len(binToken) > 0 {
-		res.Session = new(session.Container)
-
-		err = res.Session.Unmarshal(binToken)
-		if err != nil {
-			return nil, fmt.Errorf("could not unmarshal session token: %w", err)
-		}
-	}
-
-	// TODO(@cthulhu-rider): #468 implement and use another approach to avoid conversion
-	var sigV2 refs.Signature
-	sigV2.SetKey(pub)
-	sigV2.SetSign(sig)
-	sigV2.SetScheme(refs.ECDSA_RFC6979_SHA256)
-
-	err = res.Signature.ReadFromV2(sigV2)
-	return &res, err
-}

pkg/services/container/morph/executor.go

@@ -25,7 +25,6 @@ type morphExecutor struct {
 // Reader is an interface of read-only container storage.
 type Reader interface {
 	containercore.Source
-	containercore.EACLSource
 
 	// ContainersOf returns a list of container identifiers belonging
 	// to the specified user of FrostFS system. Returns the identifiers