[#488] Move handler/frostfs.go to handler/frostfs/frostfs.go

Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>

api/auth/center.go

@@ -14,7 +14,7 @@ import (
 	"time"
 
 	v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
@@ -94,12 +94,12 @@ func New(creds tokens.Credentials, prefixes []string) *Center {
 func (c *Center) parseAuthHeader(header string) (*AuthHeader, error) {
 	submatches := c.reg.GetSubmatches(header)
 	if len(submatches) != authHeaderPartsNum {
-		return nil, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrAuthorizationHeaderMalformed), header)
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrAuthorizationHeaderMalformed), header)
 	}
 
 	accessKey := strings.Split(submatches["access_key_id"], "0")
 	if len(accessKey) != accessKeyPartsNum {
-		return nil, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrInvalidAccessKeyID), accessKey)
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrInvalidAccessKeyID), accessKey)
 	}
 
 	signedFields := strings.Split(submatches["signed_header_fields"], ";")
@@ -117,7 +117,7 @@ func (c *Center) parseAuthHeader(header string) (*AuthHeader, error) {
 func getAddress(accessKeyID string) (oid.Address, error) {
 	var addr oid.Address
 	if err := addr.DecodeString(strings.ReplaceAll(accessKeyID, "0", "/")); err != nil {
-		return addr, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrInvalidAccessKeyID), accessKeyID)
+		return addr, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrInvalidAccessKeyID), accessKeyID)
 	}
 
 	return addr, nil
@@ -220,11 +220,11 @@ func checkFormatHashContentSHA256(hash string) error {
 	if !IsStandardContentSHA256(hash) {
 		hashBinary, err := hex.DecodeString(hash)
 		if err != nil {
-			return fmt.Errorf("%w: decode hash: %s: %s", apiErrors.GetAPIError(apiErrors.ErrContentSHA256Mismatch),
+			return fmt.Errorf("%w: decode hash: %s: %s", apierr.GetAPIError(apierr.ErrContentSHA256Mismatch),
 				hash, err.Error())
 		}
 		if len(hashBinary) != sha256.Size && len(hash) != 0 {
-			return fmt.Errorf("%w: invalid hash size %d", apiErrors.GetAPIError(apiErrors.ErrContentSHA256Mismatch), len(hashBinary))
+			return fmt.Errorf("%w: invalid hash size %d", apierr.GetAPIError(apierr.ErrContentSHA256Mismatch), len(hashBinary))
 		}
 	}
 
@@ -242,12 +242,12 @@ func (c Center) checkAccessKeyID(accessKeyID string) error {
 		}
 	}
 
-	return fmt.Errorf("%w: accesskeyID prefix isn't allowed", apiErrors.GetAPIError(apiErrors.ErrAccessDenied))
+	return fmt.Errorf("%w: accesskeyID prefix isn't allowed", apierr.GetAPIError(apierr.ErrAccessDenied))
 }
 
 func (c *Center) checkFormData(r *http.Request) (*middleware.Box, error) {
 	if err := r.ParseMultipartForm(maxFormSizeMemory); err != nil {
-		return nil, fmt.Errorf("%w: parse multipart form with max size %d", apiErrors.GetAPIError(apiErrors.ErrInvalidArgument), maxFormSizeMemory)
+		return nil, fmt.Errorf("%w: parse multipart form with max size %d", apierr.GetAPIError(apierr.ErrInvalidArgument), maxFormSizeMemory)
 	}
 
 	if err := prepareForm(r.MultipartForm); err != nil {
@@ -262,7 +262,7 @@ func (c *Center) checkFormData(r *http.Request) (*middleware.Box, error) {
 	creds := MultipartFormValue(r, "x-amz-credential")
 	submatches := c.postReg.GetSubmatches(creds)
 	if len(submatches) != 4 {
-		return nil, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrAuthorizationHeaderMalformed), creds)
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrAuthorizationHeaderMalformed), creds)
 	}
 
 	signatureDateTime, err := time.Parse("20060102T150405Z", MultipartFormValue(r, "x-amz-date"))
@@ -288,7 +288,7 @@ func (c *Center) checkFormData(r *http.Request) (*middleware.Box, error) {
 	signature := SignStr(secret, service, region, signatureDateTime, policy)
 	reqSignature := MultipartFormValue(r, "x-amz-signature")
 	if signature != reqSignature {
-		return nil, fmt.Errorf("%w: %s != %s", apiErrors.GetAPIError(apiErrors.ErrSignatureDoesNotMatch),
+		return nil, fmt.Errorf("%w: %s != %s", apierr.GetAPIError(apierr.ErrSignatureDoesNotMatch),
 			reqSignature, signature)
 	}
 
@@ -333,11 +333,11 @@ func (c *Center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *
 	if authHeader.IsPresigned {
 		now := time.Now()
 		if signatureDateTime.Add(authHeader.Expiration).Before(now) {
-			return fmt.Errorf("%w: expired: now %s, signature %s", apiErrors.GetAPIError(apiErrors.ErrExpiredPresignRequest),
+			return fmt.Errorf("%w: expired: now %s, signature %s", apierr.GetAPIError(apierr.ErrExpiredPresignRequest),
 				now.Format(time.RFC3339), signatureDateTime.Format(time.RFC3339))
 		}
 		if now.Before(signatureDateTime) {
-			return fmt.Errorf("%w: signature time from the future: now %s, signature %s", apiErrors.GetAPIError(apiErrors.ErrBadRequest),
+			return fmt.Errorf("%w: signature time from the future: now %s, signature %s", apierr.GetAPIError(apierr.ErrBadRequest),
 				now.Format(time.RFC3339), signatureDateTime.Format(time.RFC3339))
 		}
 		if _, err := signer.Presign(request, nil, authHeader.Service, authHeader.Region, authHeader.Expiration, signatureDateTime); err != nil {
@@ -352,7 +352,7 @@ func (c *Center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *
 	}
 
 	if authHeader.SignatureV4 != signature {
-		return fmt.Errorf("%w: %s != %s: headers %v", apiErrors.GetAPIError(apiErrors.ErrSignatureDoesNotMatch),
+		return fmt.Errorf("%w: %s != %s: headers %v", apierr.GetAPIError(apierr.ErrSignatureDoesNotMatch),
 			authHeader.SignatureV4, signature, authHeader.SignedFields)
 	}
 

api/auth/center_test.go

@@ -17,7 +17,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
-	frostfsErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -419,7 +419,7 @@ func TestAuthenticate(t *testing.T) {
 			if tc.err {
 				require.Error(t, err)
 				if tc.errCode > 0 {
-					err = frostfsErrors.UnwrapErr(err)
+					err = frosterr.UnwrapErr(err)
 					require.Equal(t, errors.GetAPIError(tc.errCode), err)
 				}
 			} else {
@@ -596,7 +596,7 @@ func TestHTTPPostAuthenticate(t *testing.T) {
 			if tc.err {
 				require.Error(t, err)
 				if tc.errCode > 0 {
-					err = frostfsErrors.UnwrapErr(err)
+					err = frosterr.UnwrapErr(err)
 					require.Equal(t, errors.GetAPIError(tc.errCode), err)
 				}
 			} else {

api/errors/errors.go

@@ -1,10 +1,12 @@
 package errors
 
 import (
+	"errors"
 	"fmt"
 	"net/http"
 
-	frosterrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 )
 
 type (
@@ -1765,7 +1767,7 @@ var errorCodes = errorCodeMap{
 
 // IsS3Error checks if the provided error is a specific s3 error.
 func IsS3Error(err error, code ErrorCode) bool {
-	err = frosterrors.UnwrapErr(err)
+	err = frosterr.UnwrapErr(err)
 	e, ok := err.(Error)
 	return ok && e.ErrCode == code
 }
@@ -1802,6 +1804,26 @@ func GetAPIErrorWithError(code ErrorCode, err error) Error {
 	return errorCodes.toAPIErrWithErr(code, err)
 }
 
+// TransformToS3Error converts FrostFS error to the corresponding S3 error type.
+func TransformToS3Error(err error) error {
+	err = frosterr.UnwrapErr(err) // this wouldn't work with errors.Join
+	var s3err Error
+	if errors.As(err, &s3err) {
+		return err
+	}
+
+	if errors.Is(err, layererr.ErrAccessDenied) ||
+		errors.Is(err, layererr.ErrNodeAccessDenied) {
+		return GetAPIError(ErrAccessDenied)
+	}
+
+	if errors.Is(err, layererr.ErrGatewayTimeout) {
+		return GetAPIError(ErrGatewayTimeout)
+	}
+
+	return GetAPIError(ErrInternalError)
+}
+
 // ObjectError -- error that is linked to a specific object.
 type ObjectError struct {
 	Err     error

api/errors/errors_test.go

@@ -2,7 +2,11 @@ package errors
 
 import (
 	"errors"
+	"fmt"
 	"testing"
+
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	"github.com/stretchr/testify/require"
 )
 
 func BenchmarkErrCode(b *testing.B) {
@@ -24,3 +28,56 @@ func BenchmarkErrorsIs(b *testing.B) {
 		}
 	}
 }
+
+func TestTransformS3Errors(t *testing.T) {
+	for _, tc := range []struct {
+		name     string
+		err      error
+		expected ErrorCode
+	}{
+		{
+			name:     "simple std error to internal error",
+			err:      errors.New("some error"),
+			expected: ErrInternalError,
+		},
+		{
+			name:     "layer access denied error to s3 access denied error",
+			err:      layererr.ErrAccessDenied,
+			expected: ErrAccessDenied,
+		},
+		{
+			name:     "wrapped layer access denied error to s3 access denied error",
+			err:      fmt.Errorf("wrap: %w", layererr.ErrAccessDenied),
+			expected: ErrAccessDenied,
+		},
+		{
+			name:     "layer node access denied error to s3 access denied error",
+			err:      layererr.ErrNodeAccessDenied,
+			expected: ErrAccessDenied,
+		},
+		{
+			name:     "layer gateway timeout error to s3 gateway timeout error",
+			err:      layererr.ErrGatewayTimeout,
+			expected: ErrGatewayTimeout,
+		},
+		{
+			name:     "s3 error to s3 error",
+			err:      GetAPIError(ErrInvalidPart),
+			expected: ErrInvalidPart,
+		},
+		{
+			name:     "wrapped s3 error to s3 error",
+			err:      fmt.Errorf("wrap: %w", GetAPIError(ErrInvalidPart)),
+			expected: ErrInvalidPart,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			err := TransformToS3Error(tc.err)
+			s3err, ok := err.(Error)
+			require.True(t, ok, "error must be s3 error")
+			require.Equalf(t, tc.expected, s3err.ErrCode,
+				"expected: '%s', got: '%s'",
+				GetAPIError(tc.expected).Code, GetAPIError(s3err.ErrCode).Code)
+		})
+	}
+}

api/handler/acl_test.go

@@ -11,7 +11,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
@@ -28,12 +28,12 @@ func TestPutObjectACLErrorAPE(t *testing.T) {
 
 	info := createBucket(hc, bktName)
 
-	putObjectWithHeadersAssertS3Error(hc, bktName, objName, map[string]string{api.AmzACL: basicACLPublic}, s3errors.ErrAccessControlListNotSupported)
+	putObjectWithHeadersAssertS3Error(hc, bktName, objName, map[string]string{api.AmzACL: basicACLPublic}, apierr.ErrAccessControlListNotSupported)
 	putObjectWithHeaders(hc, bktName, objName, map[string]string{api.AmzACL: basicACLPrivate}) // only `private` canned acl is allowed, that is actually ignored
 	putObjectWithHeaders(hc, bktName, objName, nil)
 
 	aclBody := &AccessControlPolicy{}
-	putObjectACLAssertS3Error(hc, bktName, objName, info.Box, nil, aclBody, s3errors.ErrAccessControlListNotSupported)
+	putObjectACLAssertS3Error(hc, bktName, objName, info.Box, nil, aclBody, apierr.ErrAccessControlListNotSupported)
 
 	aclRes := getObjectACL(hc, bktName, objName)
 	checkPrivateACL(t, aclRes, info.Key.PublicKey())
@@ -49,7 +49,7 @@ func TestCreateObjectACLErrorAPE(t *testing.T) {
 	copyObject(hc, bktName, objName, objNameCopy, CopyMeta{Headers: map[string]string{api.AmzACL: basicACLPublic}}, http.StatusBadRequest)
 	copyObject(hc, bktName, objName, objNameCopy, CopyMeta{Headers: map[string]string{api.AmzACL: basicACLPrivate}}, http.StatusOK)
 
-	createMultipartUploadAssertS3Error(hc, bktName, objName, map[string]string{api.AmzACL: basicACLPublic}, s3errors.ErrAccessControlListNotSupported)
+	createMultipartUploadAssertS3Error(hc, bktName, objName, map[string]string{api.AmzACL: basicACLPublic}, apierr.ErrAccessControlListNotSupported)
 	createMultipartUpload(hc, bktName, objName, map[string]string{api.AmzACL: basicACLPrivate})
 }
 
@@ -60,7 +60,7 @@ func TestBucketACLAPE(t *testing.T) {
 	info := createBucket(hc, bktName)
 
 	aclBody := &AccessControlPolicy{}
-	putBucketACLAssertS3Error(hc, bktName, info.Box, nil, aclBody, s3errors.ErrAccessControlListNotSupported)
+	putBucketACLAssertS3Error(hc, bktName, info.Box, nil, aclBody, apierr.ErrAccessControlListNotSupported)
 
 	aclRes := getBucketACL(hc, bktName)
 	checkPrivateACL(t, aclRes, info.Key.PublicKey())
@@ -113,7 +113,7 @@ func TestBucketPolicy(t *testing.T) {
 
 	createTestBucket(hc, bktName)
 
-	getBucketPolicy(hc, bktName, s3errors.ErrNoSuchBucketPolicy)
+	getBucketPolicy(hc, bktName, apierr.ErrNoSuchBucketPolicy)
 
 	newPolicy := engineiam.Policy{
 		Version: "2012-10-17",
@@ -125,7 +125,7 @@ func TestBucketPolicy(t *testing.T) {
 		}},
 	}
 
-	putBucketPolicy(hc, bktName, newPolicy, s3errors.ErrMalformedPolicy)
+	putBucketPolicy(hc, bktName, newPolicy, apierr.ErrMalformedPolicy)
 
 	newPolicy.Statement[0].Resource[0] = arnAwsPrefix + bktName + "/*"
 	putBucketPolicy(hc, bktName, newPolicy)
@@ -140,7 +140,7 @@ func TestBucketPolicyStatus(t *testing.T) {
 
 	createTestBucket(hc, bktName)
 
-	getBucketPolicy(hc, bktName, s3errors.ErrNoSuchBucketPolicy)
+	getBucketPolicy(hc, bktName, apierr.ErrNoSuchBucketPolicy)
 
 	newPolicy := engineiam.Policy{
 		Version: "2012-10-17",
@@ -152,7 +152,7 @@ func TestBucketPolicyStatus(t *testing.T) {
 		}},
 	}
 
-	putBucketPolicy(hc, bktName, newPolicy, s3errors.ErrMalformedPolicyNotPrincipal)
+	putBucketPolicy(hc, bktName, newPolicy, apierr.ErrMalformedPolicyNotPrincipal)
 
 	newPolicy.Statement[0].NotPrincipal = nil
 	newPolicy.Statement[0].Principal = map[engineiam.PrincipalType][]string{engineiam.Wildcard: {}}
@@ -221,7 +221,7 @@ func TestPutBucketPolicy(t *testing.T) {
 	assertStatus(hc.t, w, http.StatusOK)
 }
 
-func getBucketPolicy(hc *handlerContext, bktName string, errCode ...s3errors.ErrorCode) engineiam.Policy {
+func getBucketPolicy(hc *handlerContext, bktName string, errCode ...apierr.ErrorCode) engineiam.Policy {
 	w, r := prepareTestRequest(hc, bktName, "", nil)
 	hc.Handler().GetBucketPolicyHandler(w, r)
 
@@ -231,13 +231,13 @@ func getBucketPolicy(hc *handlerContext, bktName string, errCode ...s3errors.Err
 		err := json.NewDecoder(w.Result().Body).Decode(&policy)
 		require.NoError(hc.t, err)
 	} else {
-		assertS3Error(hc.t, w, s3errors.GetAPIError(errCode[0]))
+		assertS3Error(hc.t, w, apierr.GetAPIError(errCode[0]))
 	}
 
 	return policy
 }
 
-func getBucketPolicyStatus(hc *handlerContext, bktName string, errCode ...s3errors.ErrorCode) PolicyStatus {
+func getBucketPolicyStatus(hc *handlerContext, bktName string, errCode ...apierr.ErrorCode) PolicyStatus {
 	w, r := prepareTestRequest(hc, bktName, "", nil)
 	hc.Handler().GetBucketPolicyStatusHandler(w, r)
 
@@ -247,13 +247,13 @@ func getBucketPolicyStatus(hc *handlerContext, bktName string, errCode ...s3erro
 		err := xml.NewDecoder(w.Result().Body).Decode(&policyStatus)
 		require.NoError(hc.t, err)
 	} else {
-		assertS3Error(hc.t, w, s3errors.GetAPIError(errCode[0]))
+		assertS3Error(hc.t, w, apierr.GetAPIError(errCode[0]))
 	}
 
 	return policyStatus
 }
 
-func putBucketPolicy(hc *handlerContext, bktName string, bktPolicy engineiam.Policy, errCode ...s3errors.ErrorCode) {
+func putBucketPolicy(hc *handlerContext, bktName string, bktPolicy engineiam.Policy, errCode ...apierr.ErrorCode) {
 	body, err := json.Marshal(bktPolicy)
 	require.NoError(hc.t, err)
 
@@ -263,7 +263,7 @@ func putBucketPolicy(hc *handlerContext, bktName string, bktPolicy engineiam.Pol
 	if len(errCode) == 0 {
 		assertStatus(hc.t, w, http.StatusOK)
 	} else {
-		assertS3Error(hc.t, w, s3errors.GetAPIError(errCode[0]))
+		assertS3Error(hc.t, w, apierr.GetAPIError(errCode[0]))
 	}
 }
 
@@ -312,9 +312,9 @@ func createBucket(hc *handlerContext, bktName string) *createBucketInfo {
 	}
 }
 
-func createBucketAssertS3Error(hc *handlerContext, bktName string, box *accessbox.Box, code s3errors.ErrorCode) {
+func createBucketAssertS3Error(hc *handlerContext, bktName string, box *accessbox.Box, code apierr.ErrorCode) {
 	w := createBucketBase(hc, bktName, box)
-	assertS3Error(hc.t, w, s3errors.GetAPIError(code))
+	assertS3Error(hc.t, w, apierr.GetAPIError(code))
 }
 
 func createBucketBase(hc *handlerContext, bktName string, box *accessbox.Box) *httptest.ResponseRecorder {
@@ -330,9 +330,9 @@ func putBucketACL(hc *handlerContext, bktName string, box *accessbox.Box, header
 	assertStatus(hc.t, w, http.StatusOK)
 }
 
-func putBucketACLAssertS3Error(hc *handlerContext, bktName string, box *accessbox.Box, header map[string]string, body *AccessControlPolicy, code s3errors.ErrorCode) {
+func putBucketACLAssertS3Error(hc *handlerContext, bktName string, box *accessbox.Box, header map[string]string, body *AccessControlPolicy, code apierr.ErrorCode) {
 	w := putBucketACLBase(hc, bktName, box, header, body)
-	assertS3Error(hc.t, w, s3errors.GetAPIError(code))
+	assertS3Error(hc.t, w, apierr.GetAPIError(code))
 }
 
 func putBucketACLBase(hc *handlerContext, bktName string, box *accessbox.Box, header map[string]string, body *AccessControlPolicy) *httptest.ResponseRecorder {
@@ -360,9 +360,9 @@ func getBucketACLBase(hc *handlerContext, bktName string) *httptest.ResponseReco
 	return w
 }
 
-func putObjectACLAssertS3Error(hc *handlerContext, bktName, objName string, box *accessbox.Box, header map[string]string, body *AccessControlPolicy, code s3errors.ErrorCode) {
+func putObjectACLAssertS3Error(hc *handlerContext, bktName, objName string, box *accessbox.Box, header map[string]string, body *AccessControlPolicy, code apierr.ErrorCode) {
 	w := putObjectACLBase(hc, bktName, objName, box, header, body)
-	assertS3Error(hc.t, w, s3errors.GetAPIError(code))
+	assertS3Error(hc.t, w, apierr.GetAPIError(code))
 }
 
 func putObjectACLBase(hc *handlerContext, bktName, objName string, box *accessbox.Box, header map[string]string, body *AccessControlPolicy) *httptest.ResponseRecorder {
@@ -396,9 +396,9 @@ func putObjectWithHeaders(hc *handlerContext, bktName, objName string, headers m
 	return w.Header()
 }
 
-func putObjectWithHeadersAssertS3Error(hc *handlerContext, bktName, objName string, headers map[string]string, code s3errors.ErrorCode) {
+func putObjectWithHeadersAssertS3Error(hc *handlerContext, bktName, objName string, headers map[string]string, code apierr.ErrorCode) {
 	w := putObjectWithHeadersBase(hc, bktName, objName, headers, nil, nil)
-	assertS3Error(hc.t, w, s3errors.GetAPIError(code))
+	assertS3Error(hc.t, w, apierr.GetAPIError(code))
 }
 
 func putObjectWithHeadersBase(hc *handlerContext, bktName, objName string, headers map[string]string, box *accessbox.Box, data []byte) *httptest.ResponseRecorder {

api/handler/delete_test.go

@@ -10,7 +10,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -131,7 +131,7 @@ func TestDeleteObjectsError(t *testing.T) {
 	addr.SetContainer(bktInfo.CID)
 	addr.SetObject(nodeVersion.OID)
 
-	expectedError := apiErrors.GetAPIError(apiErrors.ErrAccessDenied)
+	expectedError := apierr.GetAPIError(apierr.ErrAccessDenied)
 	hc.tp.SetObjectError(addr, expectedError)
 
 	w := deleteObjectsBase(hc, bktName, [][2]string{{objName, nodeVersion.OID.EncodeToString()}})
@@ -553,9 +553,9 @@ func checkNotFound(t *testing.T, hc *handlerContext, bktName, objName, version s
 	assertStatus(t, w, http.StatusNotFound)
 }
 
-func headObjectAssertS3Error(hc *handlerContext, bktName, objName, version string, code apiErrors.ErrorCode) {
+func headObjectAssertS3Error(hc *handlerContext, bktName, objName, version string, code apierr.ErrorCode) {
 	w := headObjectBase(hc, bktName, objName, version)
-	assertS3Error(hc.t, w, apiErrors.GetAPIError(code))
+	assertS3Error(hc.t, w, apierr.GetAPIError(code))
 }
 
 func checkFound(t *testing.T, hc *handlerContext, bktName, objName, version string) {

api/handler/encryption_test.go

@@ -16,6 +16,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"github.com/stretchr/testify/require"
 )
 
@@ -37,7 +38,7 @@ func TestSimpleGetEncrypted(t *testing.T) {
 
 	objInfo, err := tc.Layer().GetObjectInfo(tc.Context(), &layer.HeadObjectParams{BktInfo: bktInfo, Object: objName})
 	require.NoError(t, err)
-	obj, err := tc.MockedPool().GetObject(tc.Context(), layer.PrmObjectGet{Container: bktInfo.CID, Object: objInfo.ID})
+	obj, err := tc.MockedPool().GetObject(tc.Context(), frostfs.PrmObjectGet{Container: bktInfo.CID, Object: objInfo.ID})
 	require.NoError(t, err)
 	encryptedContent, err := io.ReadAll(obj.Payload)
 	require.NoError(t, err)

api/handler/get_test.go

@@ -2,7 +2,7 @@ package handler
 
 import (
 	"bytes"
-	stderrors "errors"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -13,7 +13,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"github.com/stretchr/testify/require"
@@ -89,7 +89,7 @@ func TestPreconditions(t *testing.T) {
 			name:     "IfMatch false",
 			info:     newInfo(etag, today),
 			args:     &conditionalArgs{IfMatch: etag2},
-			expected: errors.GetAPIError(errors.ErrPreconditionFailed)},
+			expected: apierr.GetAPIError(apierr.ErrPreconditionFailed)},
 		{
 			name:     "IfNoneMatch true",
 			info:     newInfo(etag, today),
@@ -99,7 +99,7 @@ func TestPreconditions(t *testing.T) {
 			name:     "IfNoneMatch false",
 			info:     newInfo(etag, today),
 			args:     &conditionalArgs{IfNoneMatch: etag},
-			expected: errors.GetAPIError(errors.ErrNotModified)},
+			expected: apierr.GetAPIError(apierr.ErrNotModified)},
 		{
 			name:     "IfModifiedSince true",
 			info:     newInfo(etag, today),
@@ -109,7 +109,7 @@ func TestPreconditions(t *testing.T) {
 			name:     "IfModifiedSince false",
 			info:     newInfo(etag, yesterday),
 			args:     &conditionalArgs{IfModifiedSince: &today},
-			expected: errors.GetAPIError(errors.ErrNotModified)},
+			expected: apierr.GetAPIError(apierr.ErrNotModified)},
 		{
 			name:     "IfUnmodifiedSince true",
 			info:     newInfo(etag, yesterday),
@@ -119,7 +119,7 @@ func TestPreconditions(t *testing.T) {
 			name:     "IfUnmodifiedSince false",
 			info:     newInfo(etag, today),
 			args:     &conditionalArgs{IfUnmodifiedSince: &yesterday},
-			expected: errors.GetAPIError(errors.ErrPreconditionFailed)},
+			expected: apierr.GetAPIError(apierr.ErrPreconditionFailed)},
 
 		{
 			name:     "IfMatch true, IfUnmodifiedSince false",
@@ -131,19 +131,19 @@ func TestPreconditions(t *testing.T) {
 			name:     "IfMatch false, IfUnmodifiedSince true",
 			info:     newInfo(etag, yesterday),
 			args:     &conditionalArgs{IfMatch: etag2, IfUnmodifiedSince: &today},
-			expected: errors.GetAPIError(errors.ErrPreconditionFailed),
+			expected: apierr.GetAPIError(apierr.ErrPreconditionFailed),
 		},
 		{
 			name:     "IfNoneMatch false, IfModifiedSince true",
 			info:     newInfo(etag, today),
 			args:     &conditionalArgs{IfNoneMatch: etag, IfModifiedSince: &yesterday},
-			expected: errors.GetAPIError(errors.ErrNotModified),
+			expected: apierr.GetAPIError(apierr.ErrNotModified),
 		},
 		{
 			name:     "IfNoneMatch true, IfModifiedSince false",
 			info:     newInfo(etag, yesterday),
 			args:     &conditionalArgs{IfNoneMatch: etag2, IfModifiedSince: &today},
-			expected: errors.GetAPIError(errors.ErrNotModified),
+			expected: apierr.GetAPIError(apierr.ErrNotModified),
 		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
@@ -151,7 +151,7 @@ func TestPreconditions(t *testing.T) {
 			if tc.expected == nil {
 				require.NoError(t, actual)
 			} else {
-				require.True(t, stderrors.Is(actual, tc.expected), tc.expected, actual)
+				require.True(t, errors.Is(actual, tc.expected), tc.expected, actual)
 			}
 		})
 	}
@@ -193,8 +193,8 @@ func TestGetObject(t *testing.T) {
 	hc.tp.SetObjectError(addr, &apistatus.ObjectNotFound{})
 	hc.tp.SetObjectError(objInfo.Address(), &apistatus.ObjectNotFound{})
 
-	getObjectAssertS3Error(hc, bktName, objName, objInfo.VersionID(), errors.ErrNoSuchVersion)
+	getObjectAssertS3Error(hc, bktName, objName, objInfo.VersionID(), apierr.ErrNoSuchVersion)
-	getObjectAssertS3Error(hc, bktName, objName, emptyVersion, errors.ErrNoSuchKey)
+	getObjectAssertS3Error(hc, bktName, objName, emptyVersion, apierr.ErrNoSuchKey)
 }
 
 func TestGetObjectEnabledMD5(t *testing.T) {
@@ -236,9 +236,9 @@ func getObjectVersion(tc *handlerContext, bktName, objName, version string) []by
 	return content
 }
 
-func getObjectAssertS3Error(hc *handlerContext, bktName, objName, version string, code errors.ErrorCode) {
+func getObjectAssertS3Error(hc *handlerContext, bktName, objName, version string, code apierr.ErrorCode) {
 	w := getObjectBaseResponse(hc, bktName, objName, version)
-	assertS3Error(hc.t, w, errors.GetAPIError(code))
+	assertS3Error(hc.t, w, apierr.GetAPIError(code))
 }
 
 func getObjectBaseResponse(hc *handlerContext, bktName, objName, version string) *httptest.ResponseRecorder {

api/handler/handlers_test.go

@@ -20,6 +20,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/resolver"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
@@ -370,7 +371,7 @@ func createTestBucket(hc *handlerContext, bktName string) *data.BucketInfo {
 }
 
 func createTestBucketWithLock(hc *handlerContext, bktName string, conf *data.ObjectLockConfiguration) *data.BucketInfo {
-	res, err := hc.MockedPool().CreateContainer(hc.Context(), layer.PrmContainerCreate{
+	res, err := hc.MockedPool().CreateContainer(hc.Context(), frostfs.PrmContainerCreate{
 		Creator:              hc.owner,
 		Name:                 bktName,
 		AdditionalAttributes: [][2]string{{layer.AttributeLockEnabled, "true"}},

api/handler/head_test.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
@@ -95,8 +95,8 @@ func TestHeadObject(t *testing.T) {
 	hc.tp.SetObjectError(addr, &apistatus.ObjectNotFound{})
 	hc.tp.SetObjectError(objInfo.Address(), &apistatus.ObjectNotFound{})
 
-	headObjectAssertS3Error(hc, bktName, objName, objInfo.VersionID(), s3errors.ErrNoSuchVersion)
+	headObjectAssertS3Error(hc, bktName, objName, objInfo.VersionID(), apierr.ErrNoSuchVersion)
-	headObjectAssertS3Error(hc, bktName, objName, emptyVersion, s3errors.ErrNoSuchKey)
+	headObjectAssertS3Error(hc, bktName, objName, emptyVersion, apierr.ErrNoSuchKey)
 }
 
 func TestIsAvailableToResolve(t *testing.T) {

api/handler/lifecycle.go

@@ -9,7 +9,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 )
@@ -52,7 +52,7 @@ func (h *handler) PutBucketLifecycleHandler(w http.ResponseWriter, r *http.Reque
 	// Content-Md5 is required and should be set
 	// https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
 	if _, ok := r.Header[api.ContentMD5]; !ok {
-		h.logAndSendError(w, "missing Content-MD5", reqInfo, apiErr.GetAPIError(apiErr.ErrMissingContentMD5))
+		h.logAndSendError(w, "missing Content-MD5", reqInfo, apierr.GetAPIError(apierr.ErrMissingContentMD5))
 		return
 	}
 
@@ -64,12 +64,12 @@ func (h *handler) PutBucketLifecycleHandler(w http.ResponseWriter, r *http.Reque
 
 	cfg := new(data.LifecycleConfiguration)
 	if err = h.cfg.NewXMLDecoder(tee).Decode(cfg); err != nil {
-		h.logAndSendError(w, "could not decode body", reqInfo, fmt.Errorf("%w: %s", apiErr.GetAPIError(apiErr.ErrMalformedXML), err.Error()))
+		h.logAndSendError(w, "could not decode body", reqInfo, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrMalformedXML), err.Error()))
 		return
 	}
 
 	if err = checkLifecycleConfiguration(cfg); err != nil {
-		h.logAndSendError(w, "invalid lifecycle configuration", reqInfo, fmt.Errorf("%w: %s", apiErr.GetAPIError(apiErr.ErrMalformedXML), err.Error()))
+		h.logAndSendError(w, "invalid lifecycle configuration", reqInfo, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrMalformedXML), err.Error()))
 		return
 	}
 

api/handler/lifecycle_test.go

@@ -14,7 +14,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"github.com/mr-tron/base58"
 	"github.com/stretchr/testify/require"
 )
@@ -340,7 +340,7 @@ func TestPutBucketLifecycleConfiguration(t *testing.T) {
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			if tc.error {
-				putBucketLifecycleConfigurationErr(hc, bktName, tc.body, apiErrors.GetAPIError(apiErrors.ErrMalformedXML))
+				putBucketLifecycleConfigurationErr(hc, bktName, tc.body, apierr.GetAPIError(apierr.ErrMalformedXML))
 				return
 			}
 
@@ -350,7 +350,7 @@ func TestPutBucketLifecycleConfiguration(t *testing.T) {
 			require.Equal(t, *tc.body, *cfg)
 
 			deleteBucketLifecycleConfiguration(hc, bktName)
-			getBucketLifecycleConfigurationErr(hc, bktName, apiErrors.GetAPIError(apiErrors.ErrNoSuchLifecycleConfiguration))
+			getBucketLifecycleConfigurationErr(hc, bktName, apierr.GetAPIError(apierr.ErrNoSuchLifecycleConfiguration))
 		})
 	}
 }
@@ -374,17 +374,17 @@ func TestPutBucketLifecycleInvalidMD5(t *testing.T) {
 
 	w, r := prepareTestRequest(hc, bktName, "", lifecycle)
 	hc.Handler().PutBucketLifecycleHandler(w, r)
-	assertS3Error(hc.t, w, apiErrors.GetAPIError(apiErrors.ErrMissingContentMD5))
+	assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrMissingContentMD5))
 
 	w, r = prepareTestRequest(hc, bktName, "", lifecycle)
 	r.Header.Set(api.ContentMD5, "")
 	hc.Handler().PutBucketLifecycleHandler(w, r)
-	assertS3Error(hc.t, w, apiErrors.GetAPIError(apiErrors.ErrInvalidDigest))
+	assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrInvalidDigest))
 
 	w, r = prepareTestRequest(hc, bktName, "", lifecycle)
 	r.Header.Set(api.ContentMD5, "some-hash")
 	hc.Handler().PutBucketLifecycleHandler(w, r)
-	assertS3Error(hc.t, w, apiErrors.GetAPIError(apiErrors.ErrInvalidDigest))
+	assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrInvalidDigest))
 }
 
 func TestPutBucketLifecycleInvalidXML(t *testing.T) {
@@ -396,7 +396,7 @@ func TestPutBucketLifecycleInvalidXML(t *testing.T) {
 	w, r := prepareTestRequest(hc, bktName, "", &data.CORSConfiguration{})
 	r.Header.Set(api.ContentMD5, "")
 	hc.Handler().PutBucketLifecycleHandler(w, r)
-	assertS3Error(hc.t, w, apiErrors.GetAPIError(apiErrors.ErrMalformedXML))
+	assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrMalformedXML))
 }
 
 func putBucketLifecycleConfiguration(hc *handlerContext, bktName string, cfg *data.LifecycleConfiguration) {
@@ -404,7 +404,7 @@ func putBucketLifecycleConfiguration(hc *handlerContext, bktName string, cfg *da
 	assertStatus(hc.t, w, http.StatusOK)
 }
 
-func putBucketLifecycleConfigurationErr(hc *handlerContext, bktName string, cfg *data.LifecycleConfiguration, err apiErrors.Error) {
+func putBucketLifecycleConfigurationErr(hc *handlerContext, bktName string, cfg *data.LifecycleConfiguration, err apierr.Error) {
 	w := putBucketLifecycleConfigurationBase(hc, bktName, cfg)
 	assertS3Error(hc.t, w, err)
 }
@@ -430,7 +430,7 @@ func getBucketLifecycleConfiguration(hc *handlerContext, bktName string) *data.L
 	return res
 }
 
-func getBucketLifecycleConfigurationErr(hc *handlerContext, bktName string, err apiErrors.Error) {
+func getBucketLifecycleConfigurationErr(hc *handlerContext, bktName string, err apierr.Error) {
 	w := getBucketLifecycleConfigurationBase(hc, bktName)
 	assertS3Error(hc.t, w, err)
 }

api/handler/locking.go

@@ -9,7 +9,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 )
@@ -36,7 +36,7 @@ func (h *handler) PutBucketObjectLockConfigHandler(w http.ResponseWriter, r *htt
 
 	if !bktInfo.ObjectLockEnabled {
 		h.logAndSendError(w, "couldn't put object locking configuration", reqInfo,
-			apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotAllowed))
+			apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotAllowed))
 		return
 	}
 
@@ -83,7 +83,7 @@ func (h *handler) GetBucketObjectLockConfigHandler(w http.ResponseWriter, r *htt
 
 	if !bktInfo.ObjectLockEnabled {
 		h.logAndSendError(w, "object lock disabled", reqInfo,
-			apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound))
+			apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound))
 		return
 	}
 
@@ -116,7 +116,7 @@ func (h *handler) PutObjectLegalHoldHandler(w http.ResponseWriter, r *http.Reque
 
 	if !bktInfo.ObjectLockEnabled {
 		h.logAndSendError(w, "object lock disabled", reqInfo,
-			apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound))
+			apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound))
 		return
 	}
 
@@ -168,7 +168,7 @@ func (h *handler) GetObjectLegalHoldHandler(w http.ResponseWriter, r *http.Reque
 
 	if !bktInfo.ObjectLockEnabled {
 		h.logAndSendError(w, "object lock disabled", reqInfo,
-			apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound))
+			apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound))
 		return
 	}
 
@@ -204,7 +204,7 @@ func (h *handler) PutObjectRetentionHandler(w http.ResponseWriter, r *http.Reque
 	}
 	if !bktInfo.ObjectLockEnabled {
 		h.logAndSendError(w, "object lock disabled", reqInfo,
-			apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound))
+			apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound))
 		return
 	}
 
@@ -252,7 +252,7 @@ func (h *handler) GetObjectRetentionHandler(w http.ResponseWriter, r *http.Reque
 
 	if !bktInfo.ObjectLockEnabled {
 		h.logAndSendError(w, "object lock disabled", reqInfo,
-			apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound))
+			apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound))
 		return
 	}
 
@@ -269,7 +269,7 @@ func (h *handler) GetObjectRetentionHandler(w http.ResponseWriter, r *http.Reque
 	}
 
 	if !lockInfo.IsRetentionSet() {
-		h.logAndSendError(w, "retention lock isn't set", reqInfo, apiErrors.GetAPIError(apiErrors.ErrNoSuchKey))
+		h.logAndSendError(w, "retention lock isn't set", reqInfo, apierr.GetAPIError(apierr.ErrNoSuchKey))
 		return
 	}
 
@@ -314,7 +314,7 @@ func checkLockConfiguration(conf *data.ObjectLockConfiguration) error {
 func formObjectLock(ctx context.Context, bktInfo *data.BucketInfo, defaultConfig *data.ObjectLockConfiguration, header http.Header) (*data.ObjectLock, error) {
 	if !bktInfo.ObjectLockEnabled {
 		if existLockHeaders(header) {
-			return nil, apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound)
+			return nil, apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound)
 		}
 		return nil, nil
 	}
@@ -346,7 +346,7 @@ func formObjectLock(ctx context.Context, bktInfo *data.BucketInfo, defaultConfig
 	until := header.Get(api.AmzObjectLockRetainUntilDate)
 
 	if mode != "" && until == "" || mode == "" && until != "" {
-		return nil, apiErrors.GetAPIError(apiErrors.ErrObjectLockInvalidHeaders)
+		return nil, apierr.GetAPIError(apierr.ErrObjectLockInvalidHeaders)
 	}
 
 	if mode != "" {
@@ -355,7 +355,7 @@ func formObjectLock(ctx context.Context, bktInfo *data.BucketInfo, defaultConfig
 		}
 
 		if mode != complianceMode && mode != governanceMode {
-			return nil, apiErrors.GetAPIError(apiErrors.ErrUnknownWORMModeDirective)
+			return nil, apierr.GetAPIError(apierr.ErrUnknownWORMModeDirective)
 		}
 
 		objectLock.Retention.IsCompliance = mode == complianceMode
@@ -364,7 +364,7 @@ func formObjectLock(ctx context.Context, bktInfo *data.BucketInfo, defaultConfig
 	if until != "" {
 		retentionDate, err := time.Parse(time.RFC3339, until)
 		if err != nil {
-			return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidRetentionDate)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidRetentionDate)
 		}
 		if objectLock.Retention == nil {
 			objectLock.Retention = &data.RetentionLock{}
@@ -382,7 +382,7 @@ func formObjectLock(ctx context.Context, bktInfo *data.BucketInfo, defaultConfig
 		}
 
 		if objectLock.Retention.Until.Before(layer.TimeNow(ctx)) {
-			return nil, apiErrors.GetAPIError(apiErrors.ErrPastObjectLockRetainDate)
+			return nil, apierr.GetAPIError(apierr.ErrPastObjectLockRetainDate)
 		}
 	}
 
@@ -397,16 +397,16 @@ func existLockHeaders(header http.Header) bool {
 
 func formObjectLockFromRetention(ctx context.Context, retention *data.Retention, header http.Header) (*data.ObjectLock, error) {
 	if retention.Mode != governanceMode && retention.Mode != complianceMode {
-		return nil, apiErrors.GetAPIError(apiErrors.ErrMalformedXML)
+		return nil, apierr.GetAPIError(apierr.ErrMalformedXML)
 	}
 
 	retentionDate, err := time.Parse(time.RFC3339, retention.RetainUntilDate)
 	if err != nil {
-		return nil, apiErrors.GetAPIError(apiErrors.ErrMalformedXML)
+		return nil, apierr.GetAPIError(apierr.ErrMalformedXML)
 	}
 
 	if retentionDate.Before(layer.TimeNow(ctx)) {
-		return nil, apiErrors.GetAPIError(apiErrors.ErrPastObjectLockRetainDate)
+		return nil, apierr.GetAPIError(apierr.ErrPastObjectLockRetainDate)
 	}
 
 	var bypass bool

api/handler/locking_test.go

@@ -12,7 +12,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"github.com/stretchr/testify/require"
@@ -270,23 +270,23 @@ func TestPutBucketLockConfigurationHandler(t *testing.T) {
 	for _, tc := range []struct {
 		name          string
 		bucket        string
-		expectedError apiErrors.Error
+		expectedError apierr.Error
 		noError       bool
 		configuration *data.ObjectLockConfiguration
 	}{
 		{
 			name:          "bkt not found",
-			expectedError: apiErrors.GetAPIError(apiErrors.ErrNoSuchBucket),
+			expectedError: apierr.GetAPIError(apierr.ErrNoSuchBucket),
 		},
 		{
 			name:          "bkt lock disabled",
 			bucket:        bktLockDisabled,
-			expectedError: apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotAllowed),
+			expectedError: apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotAllowed),
 		},
 		{
 			name:          "invalid configuration",
 			bucket:        bktLockEnabled,
-			expectedError: apiErrors.GetAPIError(apiErrors.ErrInternalError),
+			expectedError: apierr.GetAPIError(apierr.ErrInternalError),
 			configuration: &data.ObjectLockConfiguration{ObjectLockEnabled: "dummy"},
 		},
 		{
@@ -359,18 +359,18 @@ func TestGetBucketLockConfigurationHandler(t *testing.T) {
 	for _, tc := range []struct {
 		name          string
 		bucket        string
-		expectedError apiErrors.Error
+		expectedError apierr.Error
 		noError       bool
 		expectedConf  *data.ObjectLockConfiguration
 	}{
 		{
 			name:          "bkt not found",
-			expectedError: apiErrors.GetAPIError(apiErrors.ErrNoSuchBucket),
+			expectedError: apierr.GetAPIError(apierr.ErrNoSuchBucket),
 		},
 		{
 			name:          "bkt lock disabled",
 			bucket:        bktLockDisabled,
-			expectedError: apiErrors.GetAPIError(apiErrors.ErrObjectLockConfigurationNotFound),
+			expectedError: apierr.GetAPIError(apierr.ErrObjectLockConfigurationNotFound),
 		},
 		{
 			name:         "bkt lock enabled empty default",
@@ -407,7 +407,7 @@ func TestGetBucketLockConfigurationHandler(t *testing.T) {
 	}
 }
 
-func assertS3Error(t *testing.T, w *httptest.ResponseRecorder, expectedError apiErrors.Error) {
+func assertS3Error(t *testing.T, w *httptest.ResponseRecorder, expectedError apierr.Error) {
 	actualErrorResponse := &middleware.ErrorResponse{}
 	err := xml.NewDecoder(w.Result().Body).Decode(actualErrorResponse)
 	require.NoError(t, err)
@@ -415,7 +415,7 @@ func assertS3Error(t *testing.T, w *httptest.ResponseRecorder, expectedError api
 	require.Equal(t, expectedError.HTTPStatusCode, w.Code)
 	require.Equal(t, expectedError.Code, actualErrorResponse.Code)
 
-	if expectedError.ErrCode != apiErrors.ErrInternalError {
+	if expectedError.ErrCode != apierr.ErrInternalError {
 		require.Equal(t, expectedError.Description, actualErrorResponse.Message)
 	}
 }
@@ -473,33 +473,33 @@ func TestObjectRetention(t *testing.T) {
 	objName := "obj-for-retention"
 	createTestObject(hc, bktInfo, objName, encryption.Params{})
 
-	getObjectRetention(hc, bktName, objName, nil, apiErrors.ErrNoSuchKey)
+	getObjectRetention(hc, bktName, objName, nil, apierr.ErrNoSuchKey)
 
 	retention := &data.Retention{Mode: governanceMode, RetainUntilDate: time.Now().Add(time.Minute).UTC().Format(time.RFC3339)}
 	putObjectRetention(hc, bktName, objName, retention, false, 0)
 	getObjectRetention(hc, bktName, objName, retention, 0)
 
 	retention = &data.Retention{Mode: governanceMode, RetainUntilDate: time.Now().UTC().Add(time.Minute).Format(time.RFC3339)}
-	putObjectRetention(hc, bktName, objName, retention, false, apiErrors.ErrInternalError)
+	putObjectRetention(hc, bktName, objName, retention, false, apierr.ErrInternalError)
 
 	retention = &data.Retention{Mode: complianceMode, RetainUntilDate: time.Now().Add(time.Minute).UTC().Format(time.RFC3339)}
 	putObjectRetention(hc, bktName, objName, retention, true, 0)
 	getObjectRetention(hc, bktName, objName, retention, 0)
 
-	putObjectRetention(hc, bktName, objName, retention, true, apiErrors.ErrInternalError)
+	putObjectRetention(hc, bktName, objName, retention, true, apierr.ErrInternalError)
 }
 
-func getObjectRetention(hc *handlerContext, bktName, objName string, retention *data.Retention, errCode apiErrors.ErrorCode) {
+func getObjectRetention(hc *handlerContext, bktName, objName string, retention *data.Retention, errCode apierr.ErrorCode) {
 	w, r := prepareTestRequest(hc, bktName, objName, nil)
 	hc.Handler().GetObjectRetentionHandler(w, r)
 	if errCode == 0 {
 		assertRetention(hc.t, w, retention)
 	} else {
-		assertS3Error(hc.t, w, apiErrors.GetAPIError(errCode))
+		assertS3Error(hc.t, w, apierr.GetAPIError(errCode))
 	}
 }
 
-func putObjectRetention(hc *handlerContext, bktName, objName string, retention *data.Retention, byPass bool, errCode apiErrors.ErrorCode) {
+func putObjectRetention(hc *handlerContext, bktName, objName string, retention *data.Retention, byPass bool, errCode apierr.ErrorCode) {
 	w, r := prepareTestRequest(hc, bktName, objName, retention)
 	if byPass {
 		r.Header.Set(api.AmzBypassGovernanceRetention, strconv.FormatBool(true))
@@ -508,7 +508,7 @@ func putObjectRetention(hc *handlerContext, bktName, objName string, retention *
 	if errCode == 0 {
 		assertStatus(hc.t, w, http.StatusOK)
 	} else {
-		assertS3Error(hc.t, w, apiErrors.GetAPIError(errCode))
+		assertS3Error(hc.t, w, apierr.GetAPIError(errCode))
 	}
 }
 
@@ -572,37 +572,37 @@ func TestPutLockErrors(t *testing.T) {
 	createTestBucketWithLock(hc, bktName, nil)
 
 	headers := map[string]string{api.AmzObjectLockMode: complianceMode}
-	putObjectWithLockFailed(t, hc, bktName, objName, headers, apiErrors.ErrObjectLockInvalidHeaders)
+	putObjectWithLockFailed(t, hc, bktName, objName, headers, apierr.ErrObjectLockInvalidHeaders)
 
 	delete(headers, api.AmzObjectLockMode)
 	headers[api.AmzObjectLockRetainUntilDate] = time.Now().Add(time.Minute).Format(time.RFC3339)
-	putObjectWithLockFailed(t, hc, bktName, objName, headers, apiErrors.ErrObjectLockInvalidHeaders)
+	putObjectWithLockFailed(t, hc, bktName, objName, headers, apierr.ErrObjectLockInvalidHeaders)
 
 	headers[api.AmzObjectLockMode] = "dummy"
-	putObjectWithLockFailed(t, hc, bktName, objName, headers, apiErrors.ErrUnknownWORMModeDirective)
+	putObjectWithLockFailed(t, hc, bktName, objName, headers, apierr.ErrUnknownWORMModeDirective)
 
 	headers[api.AmzObjectLockMode] = complianceMode
 	headers[api.AmzObjectLockRetainUntilDate] = time.Now().Format(time.RFC3339)
-	putObjectWithLockFailed(t, hc, bktName, objName, headers, apiErrors.ErrPastObjectLockRetainDate)
+	putObjectWithLockFailed(t, hc, bktName, objName, headers, apierr.ErrPastObjectLockRetainDate)
 
 	headers[api.AmzObjectLockRetainUntilDate] = "dummy"
-	putObjectWithLockFailed(t, hc, bktName, objName, headers, apiErrors.ErrInvalidRetentionDate)
+	putObjectWithLockFailed(t, hc, bktName, objName, headers, apierr.ErrInvalidRetentionDate)
 
 	putObject(hc, bktName, objName)
 
 	retention := &data.Retention{Mode: governanceMode}
-	putObjectRetentionFailed(t, hc, bktName, objName, retention, apiErrors.ErrMalformedXML)
+	putObjectRetentionFailed(t, hc, bktName, objName, retention, apierr.ErrMalformedXML)
 
 	retention.Mode = "dummy"
 	retention.RetainUntilDate = time.Now().Add(time.Minute).UTC().Format(time.RFC3339)
-	putObjectRetentionFailed(t, hc, bktName, objName, retention, apiErrors.ErrMalformedXML)
+	putObjectRetentionFailed(t, hc, bktName, objName, retention, apierr.ErrMalformedXML)
 
 	retention.Mode = governanceMode
 	retention.RetainUntilDate = time.Now().UTC().Format(time.RFC3339)
-	putObjectRetentionFailed(t, hc, bktName, objName, retention, apiErrors.ErrPastObjectLockRetainDate)
+	putObjectRetentionFailed(t, hc, bktName, objName, retention, apierr.ErrPastObjectLockRetainDate)
 }
 
-func putObjectWithLockFailed(t *testing.T, hc *handlerContext, bktName, objName string, headers map[string]string, errCode apiErrors.ErrorCode) {
+func putObjectWithLockFailed(t *testing.T, hc *handlerContext, bktName, objName string, headers map[string]string, errCode apierr.ErrorCode) {
 	w, r := prepareTestRequest(hc, bktName, objName, nil)
 
 	for key, val := range headers {
@@ -610,13 +610,13 @@ func putObjectWithLockFailed(t *testing.T, hc *handlerContext, bktName, objName
 	}
 
 	hc.Handler().PutObjectHandler(w, r)
-	assertS3Error(t, w, apiErrors.GetAPIError(errCode))
+	assertS3Error(t, w, apierr.GetAPIError(errCode))
 }
 
-func putObjectRetentionFailed(t *testing.T, hc *handlerContext, bktName, objName string, retention *data.Retention, errCode apiErrors.ErrorCode) {
+func putObjectRetentionFailed(t *testing.T, hc *handlerContext, bktName, objName string, retention *data.Retention, errCode apierr.ErrorCode) {
 	w, r := prepareTestRequest(hc, bktName, objName, retention)
 	hc.Handler().PutObjectRetentionHandler(w, r)
-	assertS3Error(t, w, apiErrors.GetAPIError(errCode))
+	assertS3Error(t, w, apierr.GetAPIError(errCode))
 }
 
 func assertRetentionApproximate(t *testing.T, w *httptest.ResponseRecorder, retention *data.Retention, delta float64) {

api/handler/multipart_upload_test.go

@@ -15,7 +15,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3Errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
@@ -40,7 +40,7 @@ func TestMultipartUploadInvalidPart(t *testing.T) {
 	etag1, _ := uploadPart(hc, bktName, objName, multipartUpload.UploadID, 1, partSize)
 	etag2, _ := uploadPart(hc, bktName, objName, multipartUpload.UploadID, 2, partSize)
 	w := completeMultipartUploadBase(hc, bktName, objName, multipartUpload.UploadID, []string{etag1, etag2})
-	assertS3Error(hc.t, w, s3Errors.GetAPIError(s3Errors.ErrEntityTooSmall))
+	assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrEntityTooSmall))
 }
 
 func TestDeleteMultipartAllParts(t *testing.T) {
@@ -104,7 +104,7 @@ func TestMultipartReUploadPart(t *testing.T) {
 	require.Equal(t, etag2, list.Parts[1].ETag)
 
 	w := completeMultipartUploadBase(hc, bktName, objName, uploadInfo.UploadID, []string{etag1, etag2})
-	assertS3Error(hc.t, w, s3Errors.GetAPIError(s3Errors.ErrEntityTooSmall))
+	assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrEntityTooSmall))
 
 	etag1, data1 := uploadPart(hc, bktName, objName, uploadInfo.UploadID, 1, partSizeFirst)
 	etag2, data2 := uploadPart(hc, bktName, objName, uploadInfo.UploadID, 2, partSizeLast)
@@ -521,7 +521,7 @@ func TestUploadPartCheckContentSHA256(t *testing.T) {
 			r.Header.Set(api.AmzContentSha256, tc.hash)
 			hc.Handler().UploadPartHandler(w, r)
 			if tc.error {
-				assertS3Error(t, w, s3Errors.GetAPIError(s3Errors.ErrContentSHA256Mismatch))
+				assertS3Error(t, w, apierr.GetAPIError(apierr.ErrContentSHA256Mismatch))
 
 				list := listParts(hc, bktName, objName, multipartUpload.UploadID, "0", http.StatusOK)
 				require.Len(t, list.Parts, 1)

api/handler/patch_test.go

@@ -18,7 +18,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"github.com/stretchr/testify/require"
 )
@@ -50,7 +50,7 @@ func TestPatch(t *testing.T) {
 		name    string
 		rng     string
 		headers map[string]string
-		code    s3errors.ErrorCode
+		code    apierr.ErrorCode
 	}{
 		{
 			name: "success",
@@ -63,22 +63,22 @@ func TestPatch(t *testing.T) {
 		{
 			name: "invalid range syntax",
 			rng:  "bytes 0-2",
-			code: s3errors.ErrInvalidRange,
+			code: apierr.ErrInvalidRange,
 		},
 		{
 			name: "invalid range length",
 			rng:  "bytes 0-5/*",
-			code: s3errors.ErrInvalidRangeLength,
+			code: apierr.ErrInvalidRangeLength,
 		},
 		{
 			name: "invalid range start",
 			rng:  "bytes 20-22/*",
-			code: s3errors.ErrRangeOutOfBounds,
+			code: apierr.ErrRangeOutOfBounds,
 		},
 		{
 			name: "range is too long",
 			rng:  "bytes 0-5368709120/*",
-			code: s3errors.ErrInvalidRange,
+			code: apierr.ErrInvalidRange,
 		},
 		{
 			name: "If-Unmodified-Since precondition are not satisfied",
@@ -86,7 +86,7 @@ func TestPatch(t *testing.T) {
 			headers: map[string]string{
 				api.IfUnmodifiedSince: created.Add(-24 * time.Hour).Format(http.TimeFormat),
 			},
-			code: s3errors.ErrPreconditionFailed,
+			code: apierr.ErrPreconditionFailed,
 		},
 		{
 			name: "If-Match precondition are not satisfied",
@@ -94,7 +94,7 @@ func TestPatch(t *testing.T) {
 			headers: map[string]string{
 				api.IfMatch: "etag",
 			},
-			code: s3errors.ErrPreconditionFailed,
+			code: apierr.ErrPreconditionFailed,
 		},
 	} {
 		t.Run(tt.name, func(t *testing.T) {
@@ -377,7 +377,7 @@ func TestPatchEncryptedObject(t *testing.T) {
 	tc.Handler().PutObjectHandler(w, r)
 	assertStatus(t, w, http.StatusOK)
 
-	patchObjectErr(t, tc, bktName, objName, "bytes 2-4/*", []byte("new"), nil, s3errors.ErrInternalError)
+	patchObjectErr(t, tc, bktName, objName, "bytes 2-4/*", []byte("new"), nil, apierr.ErrInternalError)
 }
 
 func TestPatchMissingHeaders(t *testing.T) {
@@ -393,13 +393,13 @@ func TestPatchMissingHeaders(t *testing.T) {
 	w = httptest.NewRecorder()
 	r = httptest.NewRequest(http.MethodPatch, defaultURL, strings.NewReader("new"))
 	tc.Handler().PatchObjectHandler(w, r)
-	assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrMissingContentRange))
+	assertS3Error(t, w, apierr.GetAPIError(apierr.ErrMissingContentRange))
 
 	w = httptest.NewRecorder()
 	r = httptest.NewRequest(http.MethodPatch, defaultURL, strings.NewReader("new"))
 	r.Header.Set(api.ContentRange, "bytes 0-2/*")
 	tc.Handler().PatchObjectHandler(w, r)
-	assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrMissingContentLength))
+	assertS3Error(t, w, apierr.GetAPIError(apierr.ErrMissingContentLength))
 }
 
 func TestParsePatchByteRange(t *testing.T) {
@@ -501,9 +501,9 @@ func patchObjectVersion(t *testing.T, tc *handlerContext, bktName, objName, vers
 	return result
 }
 
-func patchObjectErr(t *testing.T, tc *handlerContext, bktName, objName, rng string, payload []byte, headers map[string]string, code s3errors.ErrorCode) {
+func patchObjectErr(t *testing.T, tc *handlerContext, bktName, objName, rng string, payload []byte, headers map[string]string, code apierr.ErrorCode) {
 	w := patchObjectBase(tc, bktName, objName, "", rng, payload, headers)
-	assertS3Error(t, w, s3errors.GetAPIError(code))
+	assertS3Error(t, w, apierr.GetAPIError(code))
 }
 
 func patchObjectBase(tc *handlerContext, bktName, objName, version, rng string, payload []byte, headers map[string]string) *httptest.ResponseRecorder {

api/handler/put.go

@@ -6,7 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"encoding/xml"
-	stderrors "errors"
+	"errors"
 	"fmt"
 	"io"
 	"mime/multipart"
@@ -20,14 +20,14 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/retryer"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
@@ -91,11 +91,11 @@ func (p *postPolicy) CheckField(key string, value string) error {
 	}
 	cond := p.condition(key)
 	if cond == nil {
-		return errors.GetAPIError(errors.ErrPostPolicyConditionInvalidFormat)
+		return apierr.GetAPIError(apierr.ErrPostPolicyConditionInvalidFormat)
 	}
 
 	if !cond.match(value) {
-		return errors.GetAPIError(errors.ErrPostPolicyConditionInvalidFormat)
+		return apierr.GetAPIError(apierr.ErrPostPolicyConditionInvalidFormat)
 	}
 
 	return nil
@@ -203,7 +203,7 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if cannedACLStatus == aclStatusYes {
-		h.logAndSendError(w, "acl not supported for this bucket", reqInfo, errors.GetAPIError(errors.ErrAccessControlListNotSupported))
+		h.logAndSendError(w, "acl not supported for this bucket", reqInfo, apierr.GetAPIError(apierr.ErrAccessControlListNotSupported))
 		return
 	}
 
@@ -332,16 +332,16 @@ func (h *handler) getBodyReader(r *http.Request) (io.ReadCloser, error) {
 
 	if !chunkedEncoding && !h.cfg.BypassContentEncodingInChunks() {
 		return nil, fmt.Errorf("%w: request is not chunk encoded, encodings '%s'",
-			errors.GetAPIError(errors.ErrInvalidEncodingMethod), strings.Join(encodings, ","))
+			apierr.GetAPIError(apierr.ErrInvalidEncodingMethod), strings.Join(encodings, ","))
 	}
 
 	decodeContentSize := r.Header.Get(api.AmzDecodedContentLength)
 	if len(decodeContentSize) == 0 {
-		return nil, errors.GetAPIError(errors.ErrMissingContentLength)
+		return nil, apierr.GetAPIError(apierr.ErrMissingContentLength)
 	}
 
 	if _, err := strconv.Atoi(decodeContentSize); err != nil {
-		return nil, fmt.Errorf("%w: parse decoded content length: %s", errors.GetAPIError(errors.ErrMissingContentLength), err.Error())
+		return nil, fmt.Errorf("%w: parse decoded content length: %s", apierr.GetAPIError(apierr.ErrMissingContentLength), err.Error())
 	}
 
 	chunkReader, err := newSignV4ChunkedReader(r)
@@ -377,43 +377,43 @@ func formEncryptionParamsBase(r *http.Request, isCopySource bool) (enc encryptio
 	}
 
 	if r.TLS == nil {
-		return enc, errors.GetAPIError(errors.ErrInsecureSSECustomerRequest)
+		return enc, apierr.GetAPIError(apierr.ErrInsecureSSECustomerRequest)
 	}
 
 	if len(sseCustomerKey) > 0 && len(sseCustomerAlgorithm) == 0 {
-		return enc, errors.GetAPIError(errors.ErrMissingSSECustomerAlgorithm)
+		return enc, apierr.GetAPIError(apierr.ErrMissingSSECustomerAlgorithm)
 	}
 	if len(sseCustomerAlgorithm) > 0 && len(sseCustomerKey) == 0 {
-		return enc, errors.GetAPIError(errors.ErrMissingSSECustomerKey)
+		return enc, apierr.GetAPIError(apierr.ErrMissingSSECustomerKey)
 	}
 
 	if sseCustomerAlgorithm != layer.AESEncryptionAlgorithm {
-		return enc, errors.GetAPIError(errors.ErrInvalidEncryptionAlgorithm)
+		return enc, apierr.GetAPIError(apierr.ErrInvalidEncryptionAlgorithm)
 	}
 
 	key, err := base64.StdEncoding.DecodeString(sseCustomerKey)
 	if err != nil {
 		if isCopySource {
-			return enc, errors.GetAPIError(errors.ErrInvalidSSECustomerParameters)
+			return enc, apierr.GetAPIError(apierr.ErrInvalidSSECustomerParameters)
 		}
-		return enc, errors.GetAPIError(errors.ErrInvalidSSECustomerKey)
+		return enc, apierr.GetAPIError(apierr.ErrInvalidSSECustomerKey)
 	}
 
 	if len(key) != layer.AESKeySize {
 		if isCopySource {
-			return enc, errors.GetAPIError(errors.ErrInvalidSSECustomerParameters)
+			return enc, apierr.GetAPIError(apierr.ErrInvalidSSECustomerParameters)
 		}
-		return enc, errors.GetAPIError(errors.ErrInvalidSSECustomerKey)
+		return enc, apierr.GetAPIError(apierr.ErrInvalidSSECustomerKey)
 	}
 
 	keyMD5, err := base64.StdEncoding.DecodeString(sseCustomerKeyMD5)
 	if err != nil {
-		return enc, errors.GetAPIError(errors.ErrSSECustomerKeyMD5Mismatch)
+		return enc, apierr.GetAPIError(apierr.ErrSSECustomerKeyMD5Mismatch)
 	}
 
 	md5Sum := md5.Sum(key)
 	if !bytes.Equal(md5Sum[:], keyMD5) {
-		return enc, errors.GetAPIError(errors.ErrSSECustomerKeyMD5Mismatch)
+		return enc, apierr.GetAPIError(apierr.ErrSSECustomerKeyMD5Mismatch)
 	}
 
 	params, err := encryption.NewParams(key)
@@ -443,7 +443,7 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
 		tags := new(data.Tagging)
 		if err = h.cfg.NewXMLDecoder(buffer).Decode(tags); err != nil {
 			h.logAndSendError(w, "could not decode tag set", reqInfo,
-				fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrMalformedXML), err.Error()))
+				fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrMalformedXML), err.Error()))
 			return
 		}
 		tagSet, err = h.readTagSet(tags)
@@ -466,7 +466,7 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if acl := auth.MultipartFormValue(r, "acl"); acl != "" && acl != basicACLPrivate {
-		h.logAndSendError(w, "acl not supported for this bucket", reqInfo, errors.GetAPIError(errors.ErrAccessControlListNotSupported))
+		h.logAndSendError(w, "acl not supported for this bucket", reqInfo, apierr.GetAPIError(apierr.ErrAccessControlListNotSupported))
 		return
 	}
 
@@ -507,12 +507,12 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if reqInfo.ObjectName == "" {
-		h.logAndSendError(w, "missing object name", reqInfo, errors.GetAPIError(errors.ErrInvalidArgument))
+		h.logAndSendError(w, "missing object name", reqInfo, apierr.GetAPIError(apierr.ErrInvalidArgument))
 		return
 	}
 
 	if !policy.CheckContentLength(size) {
-		h.logAndSendError(w, "invalid content-length", reqInfo, errors.GetAPIError(errors.ErrInvalidArgument))
+		h.logAndSendError(w, "invalid content-length", reqInfo, apierr.GetAPIError(apierr.ErrInvalidArgument))
 		return
 	}
 
@@ -594,13 +594,13 @@ func checkPostPolicy(r *http.Request, reqInfo *middleware.ReqInfo, metadata map[
 			return nil, fmt.Errorf("could not unmarshal policy: %w", err)
 		}
 		if policy.Expiration.Before(time.Now()) {
-			return nil, fmt.Errorf("policy is expired: %w", errors.GetAPIError(errors.ErrInvalidArgument))
+			return nil, fmt.Errorf("policy is expired: %w", apierr.GetAPIError(apierr.ErrInvalidArgument))
 		}
 		policy.empty = false
 	}
 
 	if r.MultipartForm == nil {
-		return nil, stderrors.New("empty multipart form")
+		return nil, errors.New("empty multipart form")
 	}
 
 	for key, v := range r.MultipartForm.Value {
@@ -631,7 +631,7 @@ func checkPostPolicy(r *http.Request, reqInfo *middleware.ReqInfo, metadata map[
 	for _, cond := range policy.Conditions {
 		if cond.Key == "bucket" {
 			if !cond.match(reqInfo.BucketName) {
-				return nil, errors.GetAPIError(errors.ErrPostPolicyConditionInvalidFormat)
+				return nil, apierr.GetAPIError(apierr.ErrPostPolicyConditionInvalidFormat)
 			}
 		}
 	}
@@ -673,10 +673,10 @@ func parseTaggingHeader(header http.Header) (map[string]string, error) {
 	if tagging := header.Get(api.AmzTagging); len(tagging) > 0 {
 		queries, err := url.ParseQuery(tagging)
 		if err != nil {
-			return nil, errors.GetAPIError(errors.ErrInvalidArgument)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidArgument)
 		}
 		if len(queries) > maxTags {
-			return nil, errors.GetAPIError(errors.ErrInvalidTagsSizeExceed)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidTagsSizeExceed)
 		}
 		tagSet = make(map[string]string, len(queries))
 		for k, v := range queries {
@@ -726,7 +726,7 @@ func (h *handler) parseCommonCreateBucketParams(reqInfo *middleware.ReqInfo, box
 	}
 
 	if p.SessionContainerCreation == nil {
-		return nil, nil, fmt.Errorf("%w: couldn't find session token for put", errors.GetAPIError(errors.ErrAccessDenied))
+		return nil, nil, fmt.Errorf("%w: couldn't find session token for put", apierr.GetAPIError(apierr.ErrAccessDenied))
 	}
 
 	if err := checkBucketName(reqInfo.BucketName); err != nil {
@@ -828,7 +828,7 @@ func (h *handler) putBucketSettingsRetryer() aws.RetryerV2 {
 		}
 
 		options.Retryables = []retry.IsErrorRetryable{retry.IsErrorRetryableFunc(func(err error) aws.Ternary {
-			if stderrors.Is(err, tree.ErrNodeAccessDenied) {
+			if errors.Is(err, frostfs.ErrNodeAccessDenied) {
 				return aws.TrueTernary
 			}
 			return aws.FalseTernary
@@ -957,7 +957,7 @@ func (h handler) setPlacementPolicy(prm *layer.CreateBucketParams, namespace, lo
 		return nil
 	}
 
-	return errors.GetAPIError(errors.ErrInvalidLocationConstraint)
+	return apierr.GetAPIError(apierr.ErrInvalidLocationConstraint)
 }
 
 func isLockEnabled(log *zap.Logger, header http.Header) bool {
@@ -976,27 +976,27 @@ func isLockEnabled(log *zap.Logger, header http.Header) bool {
 
 func checkBucketName(bucketName string) error {
 	if len(bucketName) < 3 || len(bucketName) > 63 {
-		return errors.GetAPIError(errors.ErrInvalidBucketName)
+		return apierr.GetAPIError(apierr.ErrInvalidBucketName)
 	}
 
 	if strings.HasPrefix(bucketName, "xn--") || strings.HasSuffix(bucketName, "-s3alias") {
-		return errors.GetAPIError(errors.ErrInvalidBucketName)
+		return apierr.GetAPIError(apierr.ErrInvalidBucketName)
 	}
 	if net.ParseIP(bucketName) != nil {
-		return errors.GetAPIError(errors.ErrInvalidBucketName)
+		return apierr.GetAPIError(apierr.ErrInvalidBucketName)
 	}
 
 	labels := strings.Split(bucketName, ".")
 	for _, label := range labels {
 		if len(label) == 0 {
-			return errors.GetAPIError(errors.ErrInvalidBucketName)
+			return apierr.GetAPIError(apierr.ErrInvalidBucketName)
 		}
 		for i, r := range label {
 			if !isAlphaNum(r) && r != '-' {
-				return errors.GetAPIError(errors.ErrInvalidBucketName)
+				return apierr.GetAPIError(apierr.ErrInvalidBucketName)
 			}
 			if (i == 0 || i == len(label)-1) && r == '-' {
-				return errors.GetAPIError(errors.ErrInvalidBucketName)
+				return apierr.GetAPIError(apierr.ErrInvalidBucketName)
 			}
 		}
 	}
@@ -1015,7 +1015,7 @@ func (h *handler) parseLocationConstraint(r *http.Request) (*createBucketParams,
 
 	params := new(createBucketParams)
 	if err := h.cfg.NewXMLDecoder(r.Body).Decode(params); err != nil {
-		return nil, fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrMalformedXML), err.Error())
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrMalformedXML), err.Error())
 	}
 	return params, nil
 }

api/handler/put_test.go

@@ -20,7 +20,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
 	v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
@@ -204,7 +204,7 @@ func TestPostObject(t *testing.T) {
 		t.Run(tc.key+";"+tc.filename, func(t *testing.T) {
 			w := postObjectBase(hc, ns, bktName, tc.key, tc.filename, tc.content)
 			if tc.err {
-				assertS3Error(hc.t, w, s3errors.GetAPIError(s3errors.ErrInternalError))
+				assertS3Error(hc.t, w, apierr.GetAPIError(apierr.ErrInternalError))
 				return
 			}
 			assertStatus(hc.t, w, http.StatusNoContent)
@@ -267,7 +267,7 @@ func TestPutObjectWithStreamBodyError(t *testing.T) {
 	r.Header.Set(api.AmzContentSha256, api.StreamingContentSHA256)
 	r.Header.Set(api.ContentEncoding, api.AwsChunked)
 	tc.Handler().PutObjectHandler(w, r)
-	assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrMissingContentLength))
+	assertS3Error(t, w, apierr.GetAPIError(apierr.ErrMissingContentLength))
 
 	checkNotFound(t, tc, bktName, objName, emptyVersion)
 }
@@ -283,7 +283,7 @@ func TestPutObjectWithInvalidContentMD5(t *testing.T) {
 	w, r := prepareTestPayloadRequest(tc, bktName, objName, bytes.NewReader(content))
 	r.Header.Set(api.ContentMD5, base64.StdEncoding.EncodeToString([]byte("invalid")))
 	tc.Handler().PutObjectHandler(w, r)
-	assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrInvalidDigest))
+	assertS3Error(t, w, apierr.GetAPIError(apierr.ErrInvalidDigest))
 
 	checkNotFound(t, tc, bktName, objName, emptyVersion)
 }
@@ -346,7 +346,7 @@ func TestPutObjectCheckContentSHA256(t *testing.T) {
 			hc.Handler().PutObjectHandler(w, r)
 
 			if tc.error {
-				assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrContentSHA256Mismatch))
+				assertS3Error(t, w, apierr.GetAPIError(apierr.ErrContentSHA256Mismatch))
 
 				w, r := prepareTestRequest(hc, bktName, objName, nil)
 				hc.Handler().GetObjectHandler(w, r)
@@ -399,7 +399,7 @@ func TestPutChunkedTestContentEncoding(t *testing.T) {
 	w, req, _ = getChunkedRequest(hc.context, t, bktName, objName)
 	req.Header.Set(api.ContentEncoding, "gzip")
 	hc.Handler().PutObjectHandler(w, req)
-	assertS3Error(t, w, s3errors.GetAPIError(s3errors.ErrInvalidEncodingMethod))
+	assertS3Error(t, w, apierr.GetAPIError(apierr.ErrInvalidEncodingMethod))
 
 	hc.config.bypassContentEncodingInChunks = true
 	w, req, _ = getChunkedRequest(hc.context, t, bktName, objName)
@@ -478,10 +478,10 @@ func TestCreateBucket(t *testing.T) {
 	bktName := "bkt-name"
 
 	info := createBucket(hc, bktName)
-	createBucketAssertS3Error(hc, bktName, info.Box, s3errors.ErrBucketAlreadyOwnedByYou)
+	createBucketAssertS3Error(hc, bktName, info.Box, apierr.ErrBucketAlreadyOwnedByYou)
 
 	box2, _ := createAccessBox(t)
-	createBucketAssertS3Error(hc, bktName, box2, s3errors.ErrBucketAlreadyExists)
+	createBucketAssertS3Error(hc, bktName, box2, apierr.ErrBucketAlreadyExists)
 }
 
 func TestCreateNamespacedBucket(t *testing.T) {

api/handler/tagging_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"github.com/stretchr/testify/require"
 )
@@ -98,7 +98,7 @@ func TestPutObjectTaggingCheckUniqueness(t *testing.T) {
 			middleware.GetReqInfo(r.Context()).Tagging = tc.body
 			hc.Handler().PutObjectTaggingHandler(w, r)
 			if tc.error {
-				assertS3Error(t, w, apiErrors.GetAPIError(apiErrors.ErrInvalidTagKeyUniqueness))
+				assertS3Error(t, w, apierr.GetAPIError(apierr.ErrInvalidTagKeyUniqueness))
 				return
 			}
 			assertStatus(t, w, http.StatusOK)

api/handler/util.go

@@ -10,10 +10,9 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
-	frosterrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"go.opentelemetry.io/otel/trace"
@@ -30,7 +29,7 @@ func (h *handler) reqLogger(ctx context.Context) *zap.Logger {
 
 func (h *handler) logAndSendError(w http.ResponseWriter, logText string, reqInfo *middleware.ReqInfo, err error, additional ...zap.Field) {
 	err = handleDeleteMarker(w, err)
-	if code, wrErr := middleware.WriteErrorResponse(w, reqInfo, transformToS3Error(err)); wrErr != nil {
+	if code, wrErr := middleware.WriteErrorResponse(w, reqInfo, apierr.TransformToS3Error(err)); wrErr != nil {
 		additional = append(additional, zap.NamedError("write_response_error", wrErr))
 	} else {
 		additional = append(additional, zap.Int("status", code))
@@ -57,25 +56,7 @@ func handleDeleteMarker(w http.ResponseWriter, err error) error {
 	}
 
 	w.Header().Set(api.AmzDeleteMarker, "true")
-	return fmt.Errorf("%w: %s", s3errors.GetAPIError(target.ErrorCode), err)
+	return fmt.Errorf("%w: %s", apierr.GetAPIError(target.ErrorCode), err)
-}
-
-func transformToS3Error(err error) error {
-	err = frosterrors.UnwrapErr(err) // this wouldn't work with errors.Join
-	if _, ok := err.(s3errors.Error); ok {
-		return err
-	}
-
-	if errors.Is(err, layer.ErrAccessDenied) ||
-		errors.Is(err, layer.ErrNodeAccessDenied) {
-		return s3errors.GetAPIError(s3errors.ErrAccessDenied)
-	}
-
-	if errors.Is(err, layer.ErrGatewayTimeout) {
-		return s3errors.GetAPIError(s3errors.ErrGatewayTimeout)
-	}
-
-	return s3errors.GetAPIError(s3errors.ErrInternalError)
 }
 
 func (h *handler) ResolveBucket(ctx context.Context, bucket string) (*data.BucketInfo, error) {
@@ -131,26 +112,26 @@ func parseRange(s string) (*layer.RangeParams, error) {
 	prefix := "bytes="
 
 	if !strings.HasPrefix(s, prefix) {
-		return nil, s3errors.GetAPIError(s3errors.ErrInvalidRange)
+		return nil, apierr.GetAPIError(apierr.ErrInvalidRange)
 	}
 
 	s = strings.TrimPrefix(s, prefix)
 
 	valuesStr := strings.Split(s, "-")
 	if len(valuesStr) != 2 {
-		return nil, s3errors.GetAPIError(s3errors.ErrInvalidRange)
+		return nil, apierr.GetAPIError(apierr.ErrInvalidRange)
 	}
 
 	values := make([]uint64, 0, len(valuesStr))
 	for _, v := range valuesStr {
 		num, err := strconv.ParseUint(v, 10, 64)
 		if err != nil {
-			return nil, s3errors.GetAPIError(s3errors.ErrInvalidRange)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidRange)
 		}
 		values = append(values, num)
 	}
 	if values[0] > values[1] {
-		return nil, s3errors.GetAPIError(s3errors.ErrInvalidRange)
+		return nil, apierr.GetAPIError(apierr.ErrInvalidRange)
 	}
 
 	return &layer.RangeParams{

api/handler/util_test.go

@@ -1,64 +1 @@
 package handler
-
-import (
-	"errors"
-	"fmt"
-	"testing"
-
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
-	"github.com/stretchr/testify/require"
-)
-
-func TestTransformS3Errors(t *testing.T) {
-	for _, tc := range []struct {
-		name     string
-		err      error
-		expected s3errors.ErrorCode
-	}{
-		{
-			name:     "simple std error to internal error",
-			err:      errors.New("some error"),
-			expected: s3errors.ErrInternalError,
-		},
-		{
-			name:     "layer access denied error to s3 access denied error",
-			err:      layer.ErrAccessDenied,
-			expected: s3errors.ErrAccessDenied,
-		},
-		{
-			name:     "wrapped layer access denied error to s3 access denied error",
-			err:      fmt.Errorf("wrap: %w", layer.ErrAccessDenied),
-			expected: s3errors.ErrAccessDenied,
-		},
-		{
-			name:     "layer node access denied error to s3 access denied error",
-			err:      layer.ErrNodeAccessDenied,
-			expected: s3errors.ErrAccessDenied,
-		},
-		{
-			name:     "layer gateway timeout error to s3 gateway timeout error",
-			err:      layer.ErrGatewayTimeout,
-			expected: s3errors.ErrGatewayTimeout,
-		},
-		{
-			name:     "s3 error to s3 error",
-			err:      s3errors.GetAPIError(s3errors.ErrInvalidPart),
-			expected: s3errors.ErrInvalidPart,
-		},
-		{
-			name:     "wrapped s3 error to s3 error",
-			err:      fmt.Errorf("wrap: %w", s3errors.GetAPIError(s3errors.ErrInvalidPart)),
-			expected: s3errors.ErrInvalidPart,
-		},
-	} {
-		t.Run(tc.name, func(t *testing.T) {
-			err := transformToS3Error(tc.err)
-			s3err, ok := err.(s3errors.Error)
-			require.True(t, ok, "error must be s3 error")
-			require.Equalf(t, tc.expected, s3err.ErrCode,
-				"expected: '%s', got: '%s'",
-				s3errors.GetAPIError(tc.expected).Code, s3errors.GetAPIError(s3err.ErrCode).Code)
-		})
-	}
-}

api/layer/compound.go

@@ -6,7 +6,8 @@ import (
 	"fmt"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 )
 
 func (n *Layer) GetObjectTaggingAndLock(ctx context.Context, objVersion *data.ObjectVersion, nodeVersion *data.NodeVersion) (map[string]string, data.LockInfo, error) {
@@ -29,8 +30,8 @@ func (n *Layer) GetObjectTaggingAndLock(ctx context.Context, objVersion *data.Ob
 
 	tags, lockInfo, err = n.treeService.GetObjectTaggingAndLock(ctx, objVersion.BktInfo, nodeVersion)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return nil, data.LockInfo{}, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchKey), err.Error())
+			return nil, data.LockInfo{}, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 		}
 		return nil, data.LockInfo{}, err
 	}

api/layer/container.go

@@ -7,7 +7,8 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
@@ -20,7 +21,7 @@ const (
 	AttributeLockEnabled        = "LockEnabled"
 )
 
-func (n *Layer) containerInfo(ctx context.Context, prm PrmContainer) (*data.BucketInfo, error) {
+func (n *Layer) containerInfo(ctx context.Context, prm frostfs.PrmContainer) (*data.BucketInfo, error) {
 	var (
 		err error
 		res *container.Container
@@ -37,7 +38,7 @@ func (n *Layer) containerInfo(ctx context.Context, prm PrmContainer) (*data.Buck
 	res, err = n.frostFS.Container(ctx, prm)
 	if err != nil {
 		if client.IsErrContainerNotFound(err) {
-			return nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchBucket), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchBucket), err.Error())
 		}
 		return nil, fmt.Errorf("get frostfs container: %w", err)
 	}
@@ -77,7 +78,7 @@ func (n *Layer) containerInfo(ctx context.Context, prm PrmContainer) (*data.Buck
 func (n *Layer) containerList(ctx context.Context) ([]*data.BucketInfo, error) {
 	stoken := n.SessionTokenForRead(ctx)
 
-	prm := PrmUserContainers{
+	prm := frostfs.PrmUserContainers{
 		UserID:       n.BearerOwner(ctx),
 		SessionToken: stoken,
 	}
@@ -90,7 +91,7 @@ func (n *Layer) containerList(ctx context.Context) ([]*data.BucketInfo, error) {
 
 	list := make([]*data.BucketInfo, 0, len(res))
 	for i := range res {
-		getPrm := PrmContainer{
+		getPrm := frostfs.PrmContainer{
 			ContainerID:  res[i],
 			SessionToken: stoken,
 		}
@@ -132,7 +133,7 @@ func (n *Layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da
 		})
 	}
 
-	res, err := n.frostFS.CreateContainer(ctx, PrmContainerCreate{
+	res, err := n.frostFS.CreateContainer(ctx, frostfs.PrmContainerCreate{
 		Creator:              bktInfo.Owner,
 		Policy:               p.Policy,
 		Name:                 p.Name,

api/layer/cors.go

@@ -3,12 +3,14 @@ package layer
 import (
 	"bytes"
 	"context"
-	errorsStd "errors"
+	"errors"
 	"fmt"
 	"io"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -31,14 +33,14 @@ func (n *Layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
 	}
 
 	if cors.CORSRules == nil {
-		return errors.GetAPIError(errors.ErrMalformedXML)
+		return apierr.GetAPIError(apierr.ErrMalformedXML)
 	}
 
 	if err := checkCORS(cors); err != nil {
 		return err
 	}
 
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Payload:      &buf,
 		Filepath:     p.BktInfo.CORSObjectName(),
 		CreationTime: TimeNow(ctx),
@@ -61,7 +63,7 @@ func (n *Layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
 	}
 
 	objsToDelete, err := n.treeService.PutBucketCORS(ctx, p.BktInfo, newAddress(corsBkt.CID, createdObj.ID))
-	objToDeleteNotFound := errorsStd.Is(err, ErrNoNodeToRemove)
+	objToDeleteNotFound := errors.Is(err, layererr.ErrNoNodeToRemove)
 	if err != nil && !objToDeleteNotFound {
 		return err
 	}
@@ -79,7 +81,7 @@ func (n *Layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
 
 // deleteCORSObject removes object and logs in case of error.
 func (n *Layer) deleteCORSObject(ctx context.Context, bktInfo *data.BucketInfo, addr oid.Address) {
-	var prmAuth PrmAuth
+	var prmAuth frostfs.PrmAuth
 	corsBkt := bktInfo
 	if !addr.Container().Equals(bktInfo.CID) && !addr.Container().Equals(cid.ID{}) {
 		corsBkt = &data.BucketInfo{CID: addr.Container()}
@@ -104,7 +106,7 @@ func (n *Layer) GetBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (*d
 
 func (n *Layer) DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) error {
 	objs, err := n.treeService.DeleteBucketCORS(ctx, bktInfo)
-	objNotFound := errorsStd.Is(err, ErrNoNodeToRemove)
+	objNotFound := errors.Is(err, layererr.ErrNoNodeToRemove)
 	if err != nil && !objNotFound {
 		return err
 	}
@@ -124,12 +126,12 @@ func checkCORS(cors *data.CORSConfiguration) error {
 	for _, r := range cors.CORSRules {
 		for _, m := range r.AllowedMethods {
 			if _, ok := supportedMethods[m]; !ok {
-				return errors.GetAPIErrorWithError(errors.ErrCORSUnsupportedMethod, fmt.Errorf("unsupported method is %s", m))
+				return apierr.GetAPIErrorWithError(apierr.ErrCORSUnsupportedMethod, fmt.Errorf("unsupported method is %s", m))
 			}
 		}
 		for _, h := range r.ExposeHeaders {
 			if h == wildcard {
-				return errors.GetAPIError(errors.ErrCORSWildcardExposeHeaders)
+				return apierr.GetAPIError(apierr.ErrCORSWildcardExposeHeaders)
 			}
 		}
 	}

api/layer/frostfs/frostfs.go

@@ -1,4 +1,4 @@
-package layer
+package frostfs
 
 import (
 	"context"
@@ -18,215 +18,17 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )
 
-// PrmContainerCreate groups parameters of FrostFS.CreateContainer operation.
-type PrmContainerCreate struct {
-	// FrostFS identifier of the container creator.
-	Creator user.ID
-
-	// Container placement policy.
-	Policy netmap.PlacementPolicy
-
-	// Name for the container.
-	Name string
-
-	// Zone for container registration.
-	Zone string
-
-	// CreationTime value for Timestamp attribute
-	CreationTime time.Time
-
-	// Token of the container's creation session. Nil means session absence.
-	SessionToken *session.Container
-
-	// Basic ACL of the container.
-	BasicACL acl.Basic
-
-	// Attributes for optional parameters.
-	AdditionalAttributes [][2]string
-}
-
-// PrmContainer groups parameters of FrostFS.Container operation.
-type PrmContainer struct {
-	// Container identifier.
-	ContainerID cid.ID
-
-	// Token of the container's creation session. Nil means session absence.
-	SessionToken *session.Container
-}
-
-// PrmUserContainers groups parameters of FrostFS.UserContainers operation.
-type PrmUserContainers struct {
-	// User identifier.
-	UserID user.ID
-
-	// Token of the container's creation session. Nil means session absence.
-	SessionToken *session.Container
-}
-
-// ContainerCreateResult is a result parameter of FrostFS.CreateContainer operation.
-type ContainerCreateResult struct {
-	ContainerID             cid.ID
-	HomomorphicHashDisabled bool
-}
-
-// PrmAuth groups authentication parameters for the FrostFS operation.
-type PrmAuth struct {
-	// Bearer token to be used for the operation. Overlaps PrivateKey. Optional.
-	BearerToken *bearer.Token
-
-	// Private key used for the operation if BearerToken is missing (in this case non-nil).
-	PrivateKey *ecdsa.PrivateKey
-}
-
-// PrmObjectHead groups parameters of FrostFS.HeadObject operation.
-type PrmObjectHead struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container to read the object header from.
-	Container cid.ID
-
-	// ID of the object for which to read the header.
-	Object oid.ID
-}
-
-// PrmObjectGet groups parameters of FrostFS.GetObject operation.
-type PrmObjectGet struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container to read the object header from.
-	Container cid.ID
-
-	// ID of the object for which to read the header.
-	Object oid.ID
-}
-
-// PrmObjectRange groups parameters of FrostFS.RangeObject operation.
-type PrmObjectRange struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container to read the object header from.
-	Container cid.ID
-
-	// ID of the object for which to read the header.
-	Object oid.ID
-
-	// Offset-length range of the object payload to be read.
-	PayloadRange [2]uint64
-}
-
-// Object represents full read FrostFS object.
-type Object struct {
-	// Object header (doesn't contain payload).
-	Header object.Object
-
-	// Object payload part encapsulated in io.Reader primitive.
-	// Returns ErrAccessDenied on read access violation.
-	Payload io.ReadCloser
-}
-
-// PrmObjectCreate groups parameters of FrostFS.CreateObject operation.
-type PrmObjectCreate struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container to store the object.
-	Container cid.ID
-
-	// Key-value object attributes.
-	Attributes [][2]string
-
-	// Value for Timestamp attribute (optional).
-	CreationTime time.Time
-
-	// List of ids to lock (optional).
-	Locks []oid.ID
-
-	// Full payload size (optional).
-	PayloadSize uint64
-
-	// Associated filepath (optional).
-	Filepath string
-
-	// Object payload encapsulated in io.Reader primitive.
-	Payload io.Reader
-
-	// Number of object copies that is enough to consider put successful.
-	CopiesNumber []uint32
-
-	// Enables client side object preparing.
-	ClientCut bool
-
-	// Disables using Tillich-Zémor hash for payload.
-	WithoutHomomorphicHash bool
-
-	// Sets max buffer size to read payload.
-	BufferMaxSize uint64
-}
-
-// CreateObjectResult is a result parameter of FrostFS.CreateObject operation.
-type CreateObjectResult struct {
-	ObjectID      oid.ID
-	CreationEpoch uint64
-}
-
-// PrmObjectDelete groups parameters of FrostFS.DeleteObject operation.
-type PrmObjectDelete struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container to delete the object from.
-	Container cid.ID
-
-	// Identifier of the removed object.
-	Object oid.ID
-}
-
-// PrmObjectSearch groups parameters of FrostFS.sear SearchObjects operation.
-type PrmObjectSearch struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container to select the objects from.
-	Container cid.ID
-
-	// Key-value object attribute which should be
-	// presented in selected objects. Optional, empty key means any.
-	ExactAttribute [2]string
-
-	// File prefix of the selected objects. Optional, empty value means any.
-	FilePrefix string
-}
-
-// PrmObjectPatch groups parameters of FrostFS.PatchObject operation.
-type PrmObjectPatch struct {
-	// Authentication parameters.
-	PrmAuth
-
-	// Container of the patched object.
-	Container cid.ID
-
-	// Identifier of the patched object.
-	Object oid.ID
-
-	// Object patch payload encapsulated in io.Reader primitive.
-	Payload io.Reader
-
-	// Object range to patch.
-	Offset, Length uint64
-
-	// Size of original object payload.
-	ObjectSize uint64
-}
-
 var (
+	// ErrGatewayTimeout is returned from ServiceClient service in case of timeout error.
+	ErrGatewayTimeout = errors.New("gateway timeout")
 	// ErrAccessDenied is returned from FrostFS in case of access violation.
 	ErrAccessDenied = errors.New("access denied")
-
+	// ErrNodeNotFound is returned from Tree service in case of not found error.
-	// ErrGatewayTimeout is returned from FrostFS in case of timeout, deadline exceeded etc.
+	ErrNodeNotFound = errors.New("not found")
-	ErrGatewayTimeout = errors.New("gateway timeout")
+	// ErrNodeAccessDenied is returned from Tree service in case of access denied error.
+	ErrNodeAccessDenied = errors.New("access denied")
+	// ErrNoNodeToRemove is returned from Tree service in case of the lack of node with OID to remove.
+	ErrNoNodeToRemove = errors.New("no node to remove")
 )
 
 // FrostFS represents virtual connection to FrostFS network.
@@ -335,3 +137,195 @@ type FrostFS interface {
 	// NetworkInfo returns parameters of FrostFS network.
 	NetworkInfo(context.Context) (netmap.NetworkInfo, error)
 }
+
+type (
+	// PrmContainerCreate groups parameters of FrostFS.CreateContainer operation.
+	PrmContainerCreate struct {
+		// FrostFS identifier of the container creator.
+		Creator user.ID
+
+		// Container placement policy.
+		Policy netmap.PlacementPolicy
+
+		// Name for the container.
+		Name string
+
+		// Zone for container registration.
+		Zone string
+
+		// CreationTime value for Timestamp attribute
+		CreationTime time.Time
+
+		// Token of the container's creation session. Nil means session absence.
+		SessionToken *session.Container
+
+		// Basic ACL of the container.
+		BasicACL acl.Basic
+
+		// Attributes for optional parameters.
+		AdditionalAttributes [][2]string
+	}
+	// PrmContainer groups parameters of FrostFS.Container operation.
+	PrmContainer struct {
+		// Container identifier.
+		ContainerID cid.ID
+
+		// Token of the container's creation session. Nil means session absence.
+		SessionToken *session.Container
+	}
+	// PrmUserContainers groups parameters of FrostFS.UserContainers operation.
+	PrmUserContainers struct {
+		// User identifier.
+		UserID user.ID
+
+		// Token of the container's creation session. Nil means session absence.
+		SessionToken *session.Container
+	}
+	// ContainerCreateResult is a result parameter of FrostFS.CreateContainer operation.
+	ContainerCreateResult struct {
+		ContainerID             cid.ID
+		HomomorphicHashDisabled bool
+	}
+	// PrmAuth groups authentication parameters for the FrostFS operation.
+	PrmAuth struct {
+		// Bearer token to be used for the operation. Overlaps PrivateKey. Optional.
+		BearerToken *bearer.Token
+
+		// Private key used for the operation if BearerToken is missing (in this case non-nil).
+		PrivateKey *ecdsa.PrivateKey
+	}
+	// PrmObjectHead groups parameters of FrostFS.HeadObject operation.
+	PrmObjectHead struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container to read the object header from.
+		Container cid.ID
+
+		// ID of the object for which to read the header.
+		Object oid.ID
+	}
+	// PrmObjectGet groups parameters of FrostFS.GetObject operation.
+	PrmObjectGet struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container to read the object header from.
+		Container cid.ID
+
+		// ID of the object for which to read the header.
+		Object oid.ID
+	}
+	// PrmObjectRange groups parameters of FrostFS.RangeObject operation.
+	PrmObjectRange struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container to read the object header from.
+		Container cid.ID
+
+		// ID of the object for which to read the header.
+		Object oid.ID
+
+		// Offset-length range of the object payload to be read.
+		PayloadRange [2]uint64
+	}
+	// Object represents full read FrostFS object.
+	Object struct {
+		// Object header (doesn't contain payload).
+		Header object.Object
+
+		// Object payload part encapsulated in io.Reader primitive.
+		// Returns ErrAccessDenied on read access violation.
+		Payload io.ReadCloser
+	}
+	// PrmObjectCreate groups parameters of FrostFS.CreateObject operation.
+	PrmObjectCreate struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container to store the object.
+		Container cid.ID
+
+		// Key-value object attributes.
+		Attributes [][2]string
+
+		// Value for Timestamp attribute (optional).
+		CreationTime time.Time
+
+		// List of ids to lock (optional).
+		Locks []oid.ID
+
+		// Full payload size (optional).
+		PayloadSize uint64
+
+		// Associated filepath (optional).
+		Filepath string
+
+		// Object payload encapsulated in io.Reader primitive.
+		Payload io.Reader
+
+		// Number of object copies that is enough to consider put successful.
+		CopiesNumber []uint32
+
+		// Enables client side object preparing.
+		ClientCut bool
+
+		// Disables using Tillich-Zémor hash for payload.
+		WithoutHomomorphicHash bool
+
+		// Sets max buffer size to read payload.
+		BufferMaxSize uint64
+	}
+	// CreateObjectResult is a result parameter of FrostFS.CreateObject operation.
+	CreateObjectResult struct {
+		ObjectID      oid.ID
+		CreationEpoch uint64
+	}
+	// PrmObjectDelete groups parameters of FrostFS.DeleteObject operation.
+	PrmObjectDelete struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container to delete the object from.
+		Container cid.ID
+
+		// Identifier of the removed object.
+		Object oid.ID
+	}
+	// PrmObjectSearch groups parameters of FrostFS.sear SearchObjects operation.
+	PrmObjectSearch struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container to select the objects from.
+		Container cid.ID
+
+		// Key-value object attribute which should be
+		// presented in selected objects. Optional, empty key means any.
+		ExactAttribute [2]string
+
+		// File prefix of the selected objects. Optional, empty value means any.
+		FilePrefix string
+	}
+	// PrmObjectPatch groups parameters of FrostFS.PatchObject operation.
+	PrmObjectPatch struct {
+		// Authentication parameters.
+		PrmAuth
+
+		// Container of the patched object.
+		Container cid.ID
+
+		// Identifier of the patched object.
+		Object oid.ID
+
+		// Object patch payload encapsulated in io.Reader primitive.
+		Payload io.Reader
+
+		// Object range to patch.
+		Offset, Length uint64
+
+		// Size of original object payload.
+		ObjectSize uint64
+	}
+)

api/layer/frostfs_mock.go

@@ -12,6 +12,7 @@ import (
 
 	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	objectv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
@@ -61,7 +62,7 @@ func (k *FeatureSettingsMock) FormContainerZone(ns string) string {
 }
 
 type TestFrostFS struct {
-	FrostFS
+	frostfs.FrostFS
 
 	objects         map[string]*object.Object
 	objectErrors    map[string]error
@@ -139,7 +140,7 @@ func (t *TestFrostFS) SetContainer(cnrID cid.ID, cnr *container.Container) {
 	t.containers[cnrID.EncodeToString()] = cnr
 }
 
-func (t *TestFrostFS) CreateContainer(_ context.Context, prm PrmContainerCreate) (*ContainerCreateResult, error) {
+func (t *TestFrostFS) CreateContainer(_ context.Context, prm frostfs.PrmContainerCreate) (*frostfs.ContainerCreateResult, error) {
 	var cnr container.Container
 	cnr.Init()
 	cnr.SetOwner(prm.Creator)
@@ -174,7 +175,7 @@ func (t *TestFrostFS) CreateContainer(_ context.Context, prm PrmContainerCreate)
 	id.SetSHA256(sha256.Sum256(b))
 	t.containers[id.EncodeToString()] = &cnr
 
-	return &ContainerCreateResult{ContainerID: id}, nil
+	return &frostfs.ContainerCreateResult{ContainerID: id}, nil
 }
 
 func (t *TestFrostFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *session.Container) error {
@@ -183,7 +184,7 @@ func (t *TestFrostFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *sessio
 	return nil
 }
 
-func (t *TestFrostFS) Container(_ context.Context, prm PrmContainer) (*container.Container, error) {
+func (t *TestFrostFS) Container(_ context.Context, prm frostfs.PrmContainer) (*container.Container, error) {
 	for k, v := range t.containers {
 		if k == prm.ContainerID.EncodeToString() {
 			return v, nil
@@ -193,7 +194,7 @@ func (t *TestFrostFS) Container(_ context.Context, prm PrmContainer) (*container
 	return nil, fmt.Errorf("container not found %s", prm.ContainerID)
 }
 
-func (t *TestFrostFS) UserContainers(context.Context, PrmUserContainers) ([]cid.ID, error) {
+func (t *TestFrostFS) UserContainers(context.Context, frostfs.PrmUserContainers) ([]cid.ID, error) {
 	var res []cid.ID
 	for k := range t.containers {
 		var idCnr cid.ID
@@ -220,7 +221,7 @@ func (t *TestFrostFS) retrieveObject(ctx context.Context, cnrID cid.ID, objID oi
 	if obj, ok := t.objects[sAddr]; ok {
 		owner := getBearerOwner(ctx)
 		if !t.checkAccess(cnrID, owner) {
-			return nil, ErrAccessDenied
+			return nil, frostfs.ErrAccessDenied
 		}
 
 		return obj, nil
@@ -229,23 +230,23 @@ func (t *TestFrostFS) retrieveObject(ctx context.Context, cnrID cid.ID, objID oi
 	return nil, fmt.Errorf("%w: %s", &apistatus.ObjectNotFound{}, addr)
 }
 
-func (t *TestFrostFS) HeadObject(ctx context.Context, prm PrmObjectHead) (*object.Object, error) {
+func (t *TestFrostFS) HeadObject(ctx context.Context, prm frostfs.PrmObjectHead) (*object.Object, error) {
 	return t.retrieveObject(ctx, prm.Container, prm.Object)
 }
 
-func (t *TestFrostFS) GetObject(ctx context.Context, prm PrmObjectGet) (*Object, error) {
+func (t *TestFrostFS) GetObject(ctx context.Context, prm frostfs.PrmObjectGet) (*frostfs.Object, error) {
 	obj, err := t.retrieveObject(ctx, prm.Container, prm.Object)
 	if err != nil {
 		return nil, err
 	}
 
-	return &Object{
+	return &frostfs.Object{
 		Header:  *obj,
 		Payload: io.NopCloser(bytes.NewReader(obj.Payload())),
 	}, nil
 }
 
-func (t *TestFrostFS) RangeObject(ctx context.Context, prm PrmObjectRange) (io.ReadCloser, error) {
+func (t *TestFrostFS) RangeObject(ctx context.Context, prm frostfs.PrmObjectRange) (io.ReadCloser, error) {
 	obj, err := t.retrieveObject(ctx, prm.Container, prm.Object)
 	if err != nil {
 		return nil, err
@@ -257,7 +258,7 @@ func (t *TestFrostFS) RangeObject(ctx context.Context, prm PrmObjectRange) (io.R
 	return io.NopCloser(bytes.NewReader(payload)), nil
 }
 
-func (t *TestFrostFS) CreateObject(_ context.Context, prm PrmObjectCreate) (*CreateObjectResult, error) {
+func (t *TestFrostFS) CreateObject(_ context.Context, prm frostfs.PrmObjectCreate) (*frostfs.CreateObjectResult, error) {
 	b := make([]byte, 32)
 	if _, err := io.ReadFull(rand.Reader, b); err != nil {
 		return nil, err
@@ -327,13 +328,13 @@ func (t *TestFrostFS) CreateObject(_ context.Context, prm PrmObjectCreate) (*Cre
 
 	addr := newAddress(cnrID, objID)
 	t.objects[addr.EncodeToString()] = obj
-	return &CreateObjectResult{
+	return &frostfs.CreateObjectResult{
 		ObjectID:      objID,
 		CreationEpoch: t.currentEpoch - 1,
 	}, nil
 }
 
-func (t *TestFrostFS) DeleteObject(ctx context.Context, prm PrmObjectDelete) error {
+func (t *TestFrostFS) DeleteObject(ctx context.Context, prm frostfs.PrmObjectDelete) error {
 	var addr oid.Address
 	addr.SetContainer(prm.Container)
 	addr.SetObject(prm.Object)
@@ -345,7 +346,7 @@ func (t *TestFrostFS) DeleteObject(ctx context.Context, prm PrmObjectDelete) err
 	if _, ok := t.objects[addr.EncodeToString()]; ok {
 		owner := getBearerOwner(ctx)
 		if !t.checkAccess(prm.Container, owner) {
-			return ErrAccessDenied
+			return frostfs.ErrAccessDenied
 		}
 
 		delete(t.objects, addr.EncodeToString())
@@ -372,7 +373,7 @@ func (t *TestFrostFS) AllObjects(cnrID cid.ID) []oid.ID {
 	return result
 }
 
-func (t *TestFrostFS) SearchObjects(_ context.Context, prm PrmObjectSearch) ([]oid.ID, error) {
+func (t *TestFrostFS) SearchObjects(_ context.Context, prm frostfs.PrmObjectSearch) ([]oid.ID, error) {
 	filters := object.NewSearchFilters()
 	filters.AddRootFilter()
 
@@ -416,7 +417,7 @@ func (t *TestFrostFS) NetworkInfo(context.Context) (netmap.NetworkInfo, error) {
 	return ni, nil
 }
 
-func (t *TestFrostFS) PatchObject(ctx context.Context, prm PrmObjectPatch) (oid.ID, error) {
+func (t *TestFrostFS) PatchObject(ctx context.Context, prm frostfs.PrmObjectPatch) (oid.ID, error) {
 	obj, err := t.retrieveObject(ctx, prm.Container, prm.Object)
 	if err != nil {
 		return oid.ID{}, err

api/layer/layer.go

@@ -6,7 +6,7 @@ import (
 	"crypto/rand"
 	"encoding/json"
 	"encoding/xml"
-	stderrors "errors"
+	"errors"
 	"fmt"
 	"io"
 	"net/url"
@@ -17,9 +17,9 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
@@ -46,7 +46,7 @@ type (
 	}
 
 	Layer struct {
-		frostFS          FrostFS
+		frostFS          frostfs.FrostFS
 		gateOwner        user.ID
 		log              *zap.Logger
 		anonKey          AnonymousKey
@@ -235,7 +235,7 @@ func (p HeadObjectParams) Versioned() bool {
 
 // NewLayer creates an instance of a Layer. It checks credentials
 // and establishes gRPC connection with the node.
-func NewLayer(log *zap.Logger, frostFS FrostFS, config *Config) *Layer {
+func NewLayer(log *zap.Logger, frostFS frostfs.FrostFS, config *Config) *Layer {
 	return &Layer{
 		frostFS:          frostFS,
 		log:              log,
@@ -299,7 +299,7 @@ func (n *Layer) reqLogger(ctx context.Context) *zap.Logger {
 	return n.log
 }
 
-func (n *Layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwner user.ID) {
+func (n *Layer) prepareAuthParameters(ctx context.Context, prm *frostfs.PrmAuth, bktOwner user.ID) {
 	if prm.BearerToken != nil || prm.PrivateKey != nil {
 		return
 	}
@@ -331,12 +331,12 @@ func (n *Layer) GetBucketInfo(ctx context.Context, name string) (*data.BucketInf
 	containerID, err := n.ResolveBucket(ctx, zone, name)
 	if err != nil {
 		if strings.Contains(err.Error(), "not found") {
-			return nil, fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrNoSuchBucket), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchBucket), err.Error())
 		}
 		return nil, err
 	}
 
-	prm := PrmContainer{
+	prm := frostfs.PrmContainer{
 		ContainerID:  containerID,
 		SessionToken: n.SessionTokenForRead(ctx),
 	}
@@ -397,9 +397,9 @@ func (n *Layer) GetObject(ctx context.Context, p *GetObjectParams) (*ObjectPaylo
 	if err != nil {
 		if client.IsErrObjectNotFound(err) {
 			if p.Versioned {
-				err = fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrNoSuchVersion), err.Error())
+				err = fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchVersion), err.Error())
 			} else {
-				err = fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrNoSuchKey), err.Error())
+				err = fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 			}
 		}
 
@@ -655,22 +655,22 @@ func (n *Layer) handleNotFoundError(bkt *data.BucketInfo, obj *VersionedObject)
 }
 
 func isNotFoundError(err error) bool {
-	return errors.IsS3Error(err, errors.ErrNoSuchKey) ||
+	return apierr.IsS3Error(err, apierr.ErrNoSuchKey) ||
-		errors.IsS3Error(err, errors.ErrNoSuchVersion)
+		apierr.IsS3Error(err, apierr.ErrNoSuchVersion)
 }
 
 func (n *Layer) getNodeVersionsToDelete(ctx context.Context, bkt *data.BucketInfo, obj *VersionedObject) ([]*data.NodeVersion, error) {
 	var versionsToDelete []*data.NodeVersion
 	versions, err := n.treeService.GetVersions(ctx, bkt, obj.Name)
 	if err != nil {
-		if stderrors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, frostfs.ErrNodeNotFound) {
-			return nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchKey), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 		}
 		return nil, err
 	}
 
 	if len(versions) == 0 {
-		return nil, fmt.Errorf("%w: there isn't tree node with requested version id", s3errors.GetAPIError(s3errors.ErrNoSuchVersion))
+		return nil, fmt.Errorf("%w: there isn't tree node with requested version id", apierr.GetAPIError(apierr.ErrNoSuchVersion))
 	}
 
 	sort.Slice(versions, func(i, j int) bool {
@@ -712,7 +712,7 @@ func (n *Layer) getNodeVersionsToDelete(ctx context.Context, bkt *data.BucketInf
 	}
 
 	if len(versionsToDelete) == 0 {
-		return nil, fmt.Errorf("%w: there isn't tree node with requested version id", s3errors.GetAPIError(s3errors.ErrNoSuchVersion))
+		return nil, fmt.Errorf("%w: there isn't tree node with requested version id", apierr.GetAPIError(apierr.ErrNoSuchVersion))
 	}
 
 	n.reqLogger(ctx).Debug(logs.GetTreeNodeToDelete, zap.Stringer("cid", bkt.CID), zap.Strings("oids", oids))
@@ -785,17 +785,17 @@ func (n *Layer) DeleteObjects(ctx context.Context, p *DeleteObjectParams) []*Ver
 func (n *Layer) CreateBucket(ctx context.Context, p *CreateBucketParams) (*data.BucketInfo, error) {
 	bktInfo, err := n.GetBucketInfo(ctx, p.Name)
 	if err != nil {
-		if errors.IsS3Error(err, errors.ErrNoSuchBucket) {
+		if apierr.IsS3Error(err, apierr.ErrNoSuchBucket) {
 			return n.createContainer(ctx, p)
 		}
 		return nil, err
 	}
 
 	if p.SessionContainerCreation != nil && session.IssuedBy(*p.SessionContainerCreation, bktInfo.Owner) {
-		return nil, errors.GetAPIError(errors.ErrBucketAlreadyOwnedByYou)
+		return nil, apierr.GetAPIError(apierr.ErrBucketAlreadyOwnedByYou)
 	}
 
-	return nil, errors.GetAPIError(errors.ErrBucketAlreadyExists)
+	return nil, apierr.GetAPIError(apierr.ErrBucketAlreadyExists)
 }
 
 func (n *Layer) ResolveBucket(ctx context.Context, zone, name string) (cid.ID, error) {
@@ -822,7 +822,7 @@ func (n *Layer) DeleteBucket(ctx context.Context, p *DeleteBucketParams) error {
 			return err
 		}
 		if len(res) != 0 {
-			return errors.GetAPIError(errors.ErrBucketNotEmpty)
+			return apierr.GetAPIError(apierr.ErrBucketNotEmpty)
 		}
 	}
 

api/layer/lifecycle.go

@@ -5,12 +5,13 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/xml"
-	"errors"
+	stderrors "errors"
 	"fmt"
 	"io"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"go.uber.org/zap"
@@ -25,7 +26,7 @@ type PutBucketLifecycleParams struct {
 }
 
 func (n *Layer) PutBucketLifecycleConfiguration(ctx context.Context, p *PutBucketLifecycleParams) error {
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Payload:      p.LifecycleReader,
 		Filepath:     p.BktInfo.LifecycleConfigurationObjectName(),
 		CreationTime: TimeNow(ctx),
@@ -49,17 +50,17 @@ func (n *Layer) PutBucketLifecycleConfiguration(ctx context.Context, p *PutBucke
 
 	hashBytes, err := base64.StdEncoding.DecodeString(p.MD5Hash)
 	if err != nil {
-		return apiErr.GetAPIError(apiErr.ErrInvalidDigest)
+		return apierr.GetAPIError(apierr.ErrInvalidDigest)
 	}
 
 	if !bytes.Equal(hashBytes, createdObj.MD5Sum) {
 		n.deleteLifecycleObject(ctx, p.BktInfo, newAddress(lifecycleBkt.CID, createdObj.ID))
 
-		return apiErr.GetAPIError(apiErr.ErrInvalidDigest)
+		return apierr.GetAPIError(apierr.ErrInvalidDigest)
 	}
 
 	objsToDelete, err := n.treeService.PutBucketLifecycleConfiguration(ctx, p.BktInfo, newAddress(lifecycleBkt.CID, createdObj.ID))
-	objsToDeleteNotFound := errors.Is(err, ErrNoNodeToRemove)
+	objsToDeleteNotFound := stderrors.Is(err, frostfs.ErrNoNodeToRemove)
 	if err != nil && !objsToDeleteNotFound {
 		return err
 	}
@@ -77,7 +78,7 @@ func (n *Layer) PutBucketLifecycleConfiguration(ctx context.Context, p *PutBucke
 
 // deleteLifecycleObject removes object and logs in case of error.
 func (n *Layer) deleteLifecycleObject(ctx context.Context, bktInfo *data.BucketInfo, addr oid.Address) {
-	var prmAuth PrmAuth
+	var prmAuth frostfs.PrmAuth
 	lifecycleBkt := bktInfo
 	if !addr.Container().Equals(bktInfo.CID) {
 		lifecycleBkt = &data.BucketInfo{CID: addr.Container()}
@@ -98,16 +99,16 @@ func (n *Layer) GetBucketLifecycleConfiguration(ctx context.Context, bktInfo *da
 	}
 
 	addr, err := n.treeService.GetBucketLifecycleConfiguration(ctx, bktInfo)
-	objNotFound := errors.Is(err, ErrNodeNotFound)
+	objNotFound := stderrors.Is(err, frostfs.ErrNodeNotFound)
 	if err != nil && !objNotFound {
 		return nil, err
 	}
 
 	if objNotFound {
-		return nil, fmt.Errorf("%w: %s", apiErr.GetAPIError(apiErr.ErrNoSuchLifecycleConfiguration), err.Error())
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchLifecycleConfiguration), err.Error())
 	}
 
-	var prmAuth PrmAuth
+	var prmAuth frostfs.PrmAuth
 	lifecycleBkt := bktInfo
 	if !addr.Container().Equals(bktInfo.CID) {
 		lifecycleBkt = &data.BucketInfo{CID: addr.Container()}
@@ -132,7 +133,7 @@ func (n *Layer) GetBucketLifecycleConfiguration(ctx context.Context, bktInfo *da
 
 func (n *Layer) DeleteBucketLifecycleConfiguration(ctx context.Context, bktInfo *data.BucketInfo) error {
 	objs, err := n.treeService.DeleteBucketLifecycleConfiguration(ctx, bktInfo)
-	objsNotFound := errors.Is(err, ErrNoNodeToRemove)
+	objsNotFound := stderrors.Is(err, frostfs.ErrNoNodeToRemove)
 	if err != nil && !objsNotFound {
 		return err
 	}

api/layer/lifecycle_test.go

@@ -8,8 +8,8 @@ import (
 	"testing"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
-	frostfsErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"github.com/stretchr/testify/require"
 )
 
@@ -36,7 +36,7 @@ func TestBucketLifecycle(t *testing.T) {
 	hash.Write(lifecycleBytes)
 
 	_, err = tc.layer.GetBucketLifecycleConfiguration(tc.ctx, tc.bktInfo)
-	require.Equal(t, apiErr.GetAPIError(apiErr.ErrNoSuchLifecycleConfiguration), frostfsErrors.UnwrapErr(err))
+	require.Equal(t, apierr.GetAPIError(apierr.ErrNoSuchLifecycleConfiguration), frosterr.UnwrapErr(err))
 
 	err = tc.layer.DeleteBucketLifecycleConfiguration(tc.ctx, tc.bktInfo)
 	require.NoError(t, err)
@@ -57,7 +57,7 @@ func TestBucketLifecycle(t *testing.T) {
 	require.NoError(t, err)
 
 	_, err = tc.layer.GetBucketLifecycleConfiguration(tc.ctx, tc.bktInfo)
-	require.Equal(t, apiErr.GetAPIError(apiErr.ErrNoSuchLifecycleConfiguration), frostfsErrors.UnwrapErr(err))
+	require.Equal(t, apierr.GetAPIError(apierr.ErrNoSuchLifecycleConfiguration), frosterr.UnwrapErr(err))
 }
 
 func ptr[T any](t T) *T {

api/layer/listing.go

@@ -11,7 +11,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"github.com/panjf2000/ants/v2"
@@ -691,10 +691,10 @@ func filterVersionsByMarker(objects []*data.ExtendedNodeVersion, p *ListObjectVe
 					return objects[j+1:], nil
 				}
 			}
-			return nil, s3errors.GetAPIError(s3errors.ErrInvalidVersion)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidVersion)
 		} else if obj.NodeVersion.FilePath > p.KeyMarker {
 			if p.VersionIDMarker != "" {
-				return nil, s3errors.GetAPIError(s3errors.ErrInvalidVersion)
+				return nil, apierr.GetAPIError(apierr.ErrInvalidVersion)
 			}
 			return objects[i:], nil
 		}

api/layer/multipart_upload.go

@@ -17,8 +17,10 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
@@ -187,14 +189,14 @@ func (n *Layer) CreateMultipartUpload(ctx context.Context, p *CreateMultipartPar
 func (n *Layer) UploadPart(ctx context.Context, p *UploadPartParams) (string, error) {
 	multipartInfo, err := n.treeService.GetMultipartUpload(ctx, p.Info.Bkt, p.Info.Key, p.Info.UploadID)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return "", fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchUpload), err.Error())
+			return "", fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchUpload), err.Error())
 		}
 		return "", err
 	}
 
 	if p.Size > UploadMaxSize {
-		return "", fmt.Errorf("%w: %d/%d", s3errors.GetAPIError(s3errors.ErrEntityTooLarge), p.Size, UploadMaxSize)
+		return "", fmt.Errorf("%w: %d/%d", apierr.GetAPIError(apierr.ErrEntityTooLarge), p.Size, UploadMaxSize)
 	}
 
 	objInfo, err := n.uploadPart(ctx, multipartInfo, p)
@@ -209,11 +211,11 @@ func (n *Layer) uploadPart(ctx context.Context, multipartInfo *data.MultipartInf
 	encInfo := FormEncryptionInfo(multipartInfo.Meta)
 	if err := p.Info.Encryption.MatchObjectEncryption(encInfo); err != nil {
 		n.reqLogger(ctx).Warn(logs.MismatchedObjEncryptionInfo, zap.Error(err))
-		return nil, s3errors.GetAPIError(s3errors.ErrInvalidEncryptionParameters)
+		return nil, apierr.GetAPIError(apierr.ErrInvalidEncryptionParameters)
 	}
 
 	bktInfo := p.Info.Bkt
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Container:    bktInfo.CID,
 		Attributes:   make([][2]string, 2),
 		Payload:      p.Reader,
@@ -242,10 +244,10 @@ func (n *Layer) uploadPart(ctx context.Context, multipartInfo *data.MultipartInf
 	if len(p.ContentMD5) > 0 {
 		hashBytes, err := base64.StdEncoding.DecodeString(p.ContentMD5)
 		if err != nil {
-			return nil, s3errors.GetAPIError(s3errors.ErrInvalidDigest)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidDigest)
 		}
 		if hex.EncodeToString(hashBytes) != hex.EncodeToString(createdObj.MD5Sum) {
-			prm := PrmObjectDelete{
+			prm := frostfs.PrmObjectDelete{
 				Object:    createdObj.ID,
 				Container: bktInfo.CID,
 			}
@@ -254,7 +256,7 @@ func (n *Layer) uploadPart(ctx context.Context, multipartInfo *data.MultipartInf
 			if err != nil {
 				n.reqLogger(ctx).Debug(logs.FailedToDeleteObject, zap.Stringer("cid", bktInfo.CID), zap.Stringer("oid", createdObj.ID))
 			}
-			return nil, s3errors.GetAPIError(s3errors.ErrInvalidDigest)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidDigest)
 		}
 	}
 	if p.Info.Encryption.Enabled() {
@@ -264,14 +266,14 @@ func (n *Layer) uploadPart(ctx context.Context, multipartInfo *data.MultipartInf
 	if !p.Info.Encryption.Enabled() && len(p.ContentSHA256Hash) > 0 && !auth.IsStandardContentSHA256(p.ContentSHA256Hash) {
 		contentHashBytes, err := hex.DecodeString(p.ContentSHA256Hash)
 		if err != nil {
-			return nil, s3errors.GetAPIError(s3errors.ErrContentSHA256Mismatch)
+			return nil, apierr.GetAPIError(apierr.ErrContentSHA256Mismatch)
 		}
 		if !bytes.Equal(contentHashBytes, createdObj.HashSum) {
 			err = n.objectDelete(ctx, bktInfo, createdObj.ID)
 			if err != nil {
 				n.reqLogger(ctx).Debug(logs.FailedToDeleteObject, zap.Stringer("cid", bktInfo.CID), zap.Stringer("oid", createdObj.ID))
 			}
-			return nil, s3errors.GetAPIError(s3errors.ErrContentSHA256Mismatch)
+			return nil, apierr.GetAPIError(apierr.ErrContentSHA256Mismatch)
 		}
 	}
 
@@ -291,7 +293,7 @@ func (n *Layer) uploadPart(ctx context.Context, multipartInfo *data.MultipartInf
 	}
 
 	oldPartIDs, err := n.treeService.AddPart(ctx, bktInfo, multipartInfo.ID, partInfo)
-	oldPartIDNotFound := errors.Is(err, ErrNoNodeToRemove)
+	oldPartIDNotFound := errors.Is(err, layererr.ErrNoNodeToRemove)
 	if err != nil && !oldPartIDNotFound {
 		return nil, err
 	}
@@ -323,8 +325,8 @@ func (n *Layer) uploadPart(ctx context.Context, multipartInfo *data.MultipartInf
 func (n *Layer) UploadPartCopy(ctx context.Context, p *UploadCopyParams) (*data.ObjectInfo, error) {
 	multipartInfo, err := n.treeService.GetMultipartUpload(ctx, p.Info.Bkt, p.Info.Key, p.Info.UploadID)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchUpload), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchUpload), err.Error())
 		}
 		return nil, err
 	}
@@ -340,11 +342,11 @@ func (n *Layer) UploadPartCopy(ctx context.Context, p *UploadCopyParams) (*data.
 	if p.Range != nil {
 		size = p.Range.End - p.Range.Start + 1
 		if p.Range.End > srcObjectSize {
-			return nil, fmt.Errorf("%w: %d-%d/%d", s3errors.GetAPIError(s3errors.ErrInvalidCopyPartRangeSource), p.Range.Start, p.Range.End, srcObjectSize)
+			return nil, fmt.Errorf("%w: %d-%d/%d", apierr.GetAPIError(apierr.ErrInvalidCopyPartRangeSource), p.Range.Start, p.Range.End, srcObjectSize)
 		}
 	}
 	if size > UploadMaxSize {
-		return nil, fmt.Errorf("%w: %d/%d", s3errors.GetAPIError(s3errors.ErrEntityTooLarge), size, UploadMaxSize)
+		return nil, fmt.Errorf("%w: %d/%d", apierr.GetAPIError(apierr.ErrEntityTooLarge), size, UploadMaxSize)
 	}
 
 	objPayload, err := n.GetObject(ctx, &GetObjectParams{
@@ -371,7 +373,7 @@ func (n *Layer) UploadPartCopy(ctx context.Context, p *UploadCopyParams) (*data.
 func (n *Layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipartParams) (*UploadData, *data.ExtendedObjectInfo, error) {
 	for i := 1; i < len(p.Parts); i++ {
 		if p.Parts[i].PartNumber <= p.Parts[i-1].PartNumber {
-			return nil, nil, s3errors.GetAPIError(s3errors.ErrInvalidPartOrder)
+			return nil, nil, apierr.GetAPIError(apierr.ErrInvalidPartOrder)
 		}
 	}
 
@@ -382,7 +384,7 @@ func (n *Layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
 	encInfo := FormEncryptionInfo(multipartInfo.Meta)
 
 	if len(partsInfo) < len(p.Parts) {
-		return nil, nil, fmt.Errorf("%w: found %d parts, need %d", s3errors.GetAPIError(s3errors.ErrInvalidPart), len(partsInfo), len(p.Parts))
+		return nil, nil, fmt.Errorf("%w: found %d parts, need %d", apierr.GetAPIError(apierr.ErrInvalidPart), len(partsInfo), len(p.Parts))
 	}
 
 	var multipartObjetSize uint64
@@ -394,12 +396,12 @@ func (n *Layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
 	for i, part := range p.Parts {
 		partInfo := partsInfo.Extract(part.PartNumber, data.UnQuote(part.ETag), n.features.MD5Enabled())
 		if partInfo == nil {
-			return nil, nil, fmt.Errorf("%w: unknown part %d or etag mismatched", s3errors.GetAPIError(s3errors.ErrInvalidPart), part.PartNumber)
+			return nil, nil, fmt.Errorf("%w: unknown part %d or etag mismatched", apierr.GetAPIError(apierr.ErrInvalidPart), part.PartNumber)
 		}
 
 		// for the last part we have no minimum size limit
 		if i != len(p.Parts)-1 && partInfo.Size < UploadMinSize {
-			return nil, nil, fmt.Errorf("%w: %d/%d", s3errors.GetAPIError(s3errors.ErrEntityTooSmall), partInfo.Size, UploadMinSize)
+			return nil, nil, fmt.Errorf("%w: %d/%d", apierr.GetAPIError(apierr.ErrEntityTooSmall), partInfo.Size, UploadMinSize)
 		}
 		parts = append(parts, partInfo)
 		multipartObjetSize += partInfo.Size // even if encryption is enabled size is actual (decrypted)
@@ -471,7 +473,7 @@ func (n *Layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
 			zap.String("uploadKey", p.Info.Key),
 			zap.Error(err))
 
-		return nil, nil, s3errors.GetAPIError(s3errors.ErrInternalError)
+		return nil, nil, apierr.GetAPIError(apierr.ErrInternalError)
 	}
 
 	var addr oid.Address
@@ -579,7 +581,7 @@ func (n *Layer) ListParts(ctx context.Context, p *ListPartsParams) (*ListPartsIn
 	encInfo := FormEncryptionInfo(multipartInfo.Meta)
 	if err = p.Info.Encryption.MatchObjectEncryption(encInfo); err != nil {
 		n.reqLogger(ctx).Warn(logs.MismatchedObjEncryptionInfo, zap.Error(err))
-		return nil, s3errors.GetAPIError(s3errors.ErrInvalidEncryptionParameters)
+		return nil, apierr.GetAPIError(apierr.ErrInvalidEncryptionParameters)
 	}
 
 	res.Owner = multipartInfo.Owner
@@ -646,8 +648,8 @@ func (p PartsInfo) Extract(part int, etag string, md5Enabled bool) *data.PartInf
 func (n *Layer) getUploadParts(ctx context.Context, p *UploadInfoParams) (*data.MultipartInfo, PartsInfo, error) {
 	multipartInfo, err := n.treeService.GetMultipartUpload(ctx, p.Bkt, p.Key, p.UploadID)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return nil, nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchUpload), err.Error())
+			return nil, nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchUpload), err.Error())
 		}
 		return nil, nil, err
 	}

api/layer/object.go

@@ -20,7 +20,9 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/detector"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
@@ -49,7 +51,7 @@ type (
 	}
 
 	DeleteMarkerError struct {
-		ErrorCode apiErrors.ErrorCode
+		ErrorCode apierr.ErrorCode
 	}
 )
 
@@ -70,7 +72,7 @@ func newAddress(cnr cid.ID, obj oid.ID) oid.Address {
 
 // objectHead returns all object's headers.
 func (n *Layer) objectHead(ctx context.Context, bktInfo *data.BucketInfo, idObj oid.ID) (*object.Object, error) {
-	prm := PrmObjectHead{
+	prm := frostfs.PrmObjectHead{
 		Container: bktInfo.CID,
 		Object:    idObj,
 	}
@@ -128,11 +130,11 @@ func (n *Layer) initObjectPayloadReader(ctx context.Context, p getParams) (io.Re
 // initializes payload reader of the FrostFS object.
 // Zero range corresponds to full payload (panics if only offset is set).
 func (n *Layer) initFrostFSObjectPayloadReader(ctx context.Context, p getFrostFSParams) (io.Reader, error) {
-	var prmAuth PrmAuth
+	var prmAuth frostfs.PrmAuth
 	n.prepareAuthParameters(ctx, &prmAuth, p.bktInfo.Owner)
 
 	if p.off+p.ln != 0 {
-		prm := PrmObjectRange{
+		prm := frostfs.PrmObjectRange{
 			PrmAuth:      prmAuth,
 			Container:    p.bktInfo.CID,
 			Object:       p.oid,
@@ -142,7 +144,7 @@ func (n *Layer) initFrostFSObjectPayloadReader(ctx context.Context, p getFrostFS
 		return n.frostFS.RangeObject(ctx, prm)
 	}
 
-	prm := PrmObjectGet{
+	prm := frostfs.PrmObjectGet{
 		PrmAuth:   prmAuth,
 		Container: p.bktInfo.CID,
 		Object:    p.oid,
@@ -157,17 +159,17 @@ func (n *Layer) initFrostFSObjectPayloadReader(ctx context.Context, p getFrostFS
 }
 
 // objectGet returns an object with payload in the object.
-func (n *Layer) objectGet(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) (*Object, error) {
+func (n *Layer) objectGet(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) (*frostfs.Object, error) {
-	return n.objectGetBase(ctx, bktInfo, objID, PrmAuth{})
+	return n.objectGetBase(ctx, bktInfo, objID, frostfs.PrmAuth{})
 }
 
 // objectGetWithAuth returns an object with payload in the object. Uses provided PrmAuth.
-func (n *Layer) objectGetWithAuth(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID, auth PrmAuth) (*Object, error) {
+func (n *Layer) objectGetWithAuth(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID, auth frostfs.PrmAuth) (*frostfs.Object, error) {
 	return n.objectGetBase(ctx, bktInfo, objID, auth)
 }
 
-func (n *Layer) objectGetBase(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID, auth PrmAuth) (*Object, error) {
+func (n *Layer) objectGetBase(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID, auth frostfs.PrmAuth) (*frostfs.Object, error) {
-	prm := PrmObjectGet{
+	prm := frostfs.PrmObjectGet{
 		PrmAuth:   auth,
 		Container: bktInfo.CID,
 		Object:    objID,
@@ -262,7 +264,7 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 		}
 	}
 
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Container:    p.BktInfo.CID,
 		Filepath:     p.Object,
 		Payload:      r,
@@ -287,28 +289,28 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 	if !p.Encryption.Enabled() && len(p.ContentMD5) > 0 {
 		headerMd5Hash, err := base64.StdEncoding.DecodeString(p.ContentMD5)
 		if err != nil {
-			return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidDigest)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidDigest)
 		}
 		if !bytes.Equal(headerMd5Hash, createdObj.MD5Sum) {
 			err = n.objectDelete(ctx, p.BktInfo, createdObj.ID)
 			if err != nil {
 				n.reqLogger(ctx).Debug(logs.FailedToDeleteObject, zap.Stringer("cid", p.BktInfo.CID), zap.Stringer("oid", createdObj.ID))
 			}
-			return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidDigest)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidDigest)
 		}
 	}
 
 	if !p.Encryption.Enabled() && len(p.ContentSHA256Hash) > 0 && !auth.IsStandardContentSHA256(p.ContentSHA256Hash) {
 		contentHashBytes, err := hex.DecodeString(p.ContentSHA256Hash)
 		if err != nil {
-			return nil, apiErrors.GetAPIError(apiErrors.ErrContentSHA256Mismatch)
+			return nil, apierr.GetAPIError(apierr.ErrContentSHA256Mismatch)
 		}
 		if !bytes.Equal(contentHashBytes, createdObj.HashSum) {
 			err = n.objectDelete(ctx, p.BktInfo, createdObj.ID)
 			if err != nil {
 				n.reqLogger(ctx).Debug(logs.FailedToDeleteObject, zap.Stringer("cid", p.BktInfo.CID), zap.Stringer("oid", createdObj.ID))
 			}
-			return nil, apiErrors.GetAPIError(apiErrors.ErrContentSHA256Mismatch)
+			return nil, apierr.GetAPIError(apierr.ErrContentSHA256Mismatch)
 		}
 	}
 
@@ -395,20 +397,20 @@ func (n *Layer) headLastVersionIfNotDeleted(ctx context.Context, bkt *data.Bucke
 
 	node, err := n.treeService.GetLatestVersion(ctx, bkt, objectName)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return nil, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrNoSuchKey), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 		}
 		return nil, err
 	}
 
 	if node.IsDeleteMarker {
-		return nil, DeleteMarkerError{ErrorCode: apiErrors.ErrNoSuchKey}
+		return nil, DeleteMarkerError{ErrorCode: apierr.ErrNoSuchKey}
 	}
 
 	meta, err := n.objectHead(ctx, bkt, node.OID)
 	if err != nil {
 		if client.IsErrObjectNotFound(err) {
-			return nil, fmt.Errorf("%w: %s; %s", apiErrors.GetAPIError(apiErrors.ErrNoSuchKey), err.Error(), node.OID.EncodeToString())
+			return nil, fmt.Errorf("%w: %s; %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error(), node.OID.EncodeToString())
 		}
 		return nil, err
 	}
@@ -431,8 +433,8 @@ func (n *Layer) headVersion(ctx context.Context, bkt *data.BucketInfo, p *HeadOb
 	if p.VersionID == data.UnversionedObjectVersionID {
 		foundVersion, err = n.treeService.GetUnversioned(ctx, bkt, p.Object)
 		if err != nil {
-			if errors.Is(err, ErrNodeNotFound) {
+			if errors.Is(err, layererr.ErrNodeNotFound) {
-				return nil, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrNoSuchVersion), err.Error())
+				return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchVersion), err.Error())
 			}
 			return nil, err
 		}
@@ -449,7 +451,7 @@ func (n *Layer) headVersion(ctx context.Context, bkt *data.BucketInfo, p *HeadOb
 			}
 		}
 		if foundVersion == nil {
-			return nil, fmt.Errorf("%w: there isn't tree node with requested version id", apiErrors.GetAPIError(apiErrors.ErrNoSuchVersion))
+			return nil, fmt.Errorf("%w: there isn't tree node with requested version id", apierr.GetAPIError(apierr.ErrNoSuchVersion))
 		}
 	}
 
@@ -459,13 +461,13 @@ func (n *Layer) headVersion(ctx context.Context, bkt *data.BucketInfo, p *HeadOb
 	}
 
 	if foundVersion.IsDeleteMarker {
-		return nil, DeleteMarkerError{ErrorCode: apiErrors.ErrMethodNotAllowed}
+		return nil, DeleteMarkerError{ErrorCode: apierr.ErrMethodNotAllowed}
 	}
 
 	meta, err := n.objectHead(ctx, bkt, foundVersion.OID)
 	if err != nil {
 		if client.IsErrObjectNotFound(err) {
-			return nil, fmt.Errorf("%w: %s", apiErrors.GetAPIError(apiErrors.ErrNoSuchVersion), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchVersion), err.Error())
 		}
 		return nil, err
 	}
@@ -484,16 +486,16 @@ func (n *Layer) headVersion(ctx context.Context, bkt *data.BucketInfo, p *HeadOb
 
 // objectDelete puts tombstone object into frostfs.
 func (n *Layer) objectDelete(ctx context.Context, bktInfo *data.BucketInfo, idObj oid.ID) error {
-	return n.objectDeleteBase(ctx, bktInfo, idObj, PrmAuth{})
+	return n.objectDeleteBase(ctx, bktInfo, idObj, frostfs.PrmAuth{})
 }
 
 // objectDeleteWithAuth puts tombstone object into frostfs. Uses provided PrmAuth.
-func (n *Layer) objectDeleteWithAuth(ctx context.Context, bktInfo *data.BucketInfo, idObj oid.ID, auth PrmAuth) error {
+func (n *Layer) objectDeleteWithAuth(ctx context.Context, bktInfo *data.BucketInfo, idObj oid.ID, auth frostfs.PrmAuth) error {
 	return n.objectDeleteBase(ctx, bktInfo, idObj, auth)
 }
 
-func (n *Layer) objectDeleteBase(ctx context.Context, bktInfo *data.BucketInfo, idObj oid.ID, auth PrmAuth) error {
+func (n *Layer) objectDeleteBase(ctx context.Context, bktInfo *data.BucketInfo, idObj oid.ID, auth frostfs.PrmAuth) error {
-	prm := PrmObjectDelete{
+	prm := frostfs.PrmObjectDelete{
 		PrmAuth:   auth,
 		Container: bktInfo.CID,
 		Object:    idObj,
@@ -507,7 +509,7 @@ func (n *Layer) objectDeleteBase(ctx context.Context, bktInfo *data.BucketInfo,
 }
 
 // objectPutAndHash prepare auth parameters and invoke frostfs.CreateObject.
-func (n *Layer) objectPutAndHash(ctx context.Context, prm PrmObjectCreate, bktInfo *data.BucketInfo) (*data.CreatedObjectInfo, error) {
+func (n *Layer) objectPutAndHash(ctx context.Context, prm frostfs.PrmObjectCreate, bktInfo *data.BucketInfo) (*data.CreatedObjectInfo, error) {
 	n.prepareAuthParameters(ctx, &prm.PrmAuth, bktInfo.Owner)
 	prm.ClientCut = n.features.ClientCut()
 	prm.BufferMaxSize = n.features.BufferMaxSizeForPut()

api/layer/object_test.go

@@ -8,6 +8,7 @@ import (
 	"io"
 	"testing"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"github.com/stretchr/testify/require"
 )
 
@@ -37,7 +38,7 @@ func TestGoroutinesDontLeakInPutAndHash(t *testing.T) {
 	require.NoError(t, err)
 	payload := bytes.NewReader(content)
 
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Filepath: tc.obj,
 		Payload:  payload,
 	}

api/layer/patch.go

@@ -12,6 +12,7 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 )
 
 type PatchObjectParams struct {
@@ -32,7 +33,7 @@ func (n *Layer) PatchObject(ctx context.Context, p *PatchObjectParams) (*data.Ex
 		return n.patchMultipartObject(ctx, p)
 	}
 
-	prmPatch := PrmObjectPatch{
+	prmPatch := frostfs.PrmObjectPatch{
 		Container:  p.BktInfo.CID,
 		Object:     p.Object.ObjectInfo.ID,
 		Payload:    p.NewBytes,
@@ -74,13 +75,13 @@ func (n *Layer) PatchObject(ctx context.Context, p *PatchObjectParams) (*data.Ex
 	return p.Object, nil
 }
 
-func (n *Layer) patchObject(ctx context.Context, p PrmObjectPatch) (*data.CreatedObjectInfo, error) {
+func (n *Layer) patchObject(ctx context.Context, p frostfs.PrmObjectPatch) (*data.CreatedObjectInfo, error) {
 	objID, err := n.frostFS.PatchObject(ctx, p)
 	if err != nil {
 		return nil, fmt.Errorf("patch object: %w", err)
 	}
 
-	prmHead := PrmObjectHead{
+	prmHead := frostfs.PrmObjectHead{
 		PrmAuth:   p.PrmAuth,
 		Container: p.Container,
 		Object:    objID,
@@ -110,7 +111,7 @@ func (n *Layer) patchMultipartObject(ctx context.Context, p *PatchObjectParams)
 		return nil, fmt.Errorf("unmarshal combined object parts: %w", err)
 	}
 
-	prmPatch := PrmObjectPatch{
+	prmPatch := frostfs.PrmObjectPatch{
 		Container: p.BktInfo.CID,
 	}
 	n.prepareAuthParameters(ctx, &prmPatch.PrmAuth, p.BktInfo.Owner)
@@ -144,13 +145,13 @@ func (n *Layer) patchMultipartObject(ctx context.Context, p *PatchObjectParams)
 }
 
 // Returns patched part info, updated offset and length.
-func (n *Layer) patchPart(ctx context.Context, part *data.PartInfo, p *PatchObjectParams, prmPatch *PrmObjectPatch, off, ln uint64, lastPart bool) (*data.CreatedObjectInfo, uint64, uint64, error) {
+func (n *Layer) patchPart(ctx context.Context, part *data.PartInfo, p *PatchObjectParams, prmPatch *frostfs.PrmObjectPatch, off, ln uint64, lastPart bool) (*data.CreatedObjectInfo, uint64, uint64, error) {
 	if off == 0 && ln >= part.Size {
 		curLen := part.Size
 		if lastPart {
 			curLen = ln
 		}
-		prm := PrmObjectCreate{
+		prm := frostfs.PrmObjectCreate{
 			Container:    p.BktInfo.CID,
 			Payload:      io.LimitReader(p.NewBytes, int64(curLen)),
 			CreationTime: part.Created,
@@ -204,7 +205,7 @@ func (n *Layer) updateCombinedObject(ctx context.Context, parts []*data.PartInfo
 		headerParts.WriteString(headerPart)
 	}
 
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Container:    p.BktInfo.CID,
 		PayloadSize:  fullObjSize,
 		Filepath:     p.Object.ObjectInfo.Name,

api/layer/system_object.go

@@ -3,7 +3,7 @@ package layer
 import (
 	"context"
 	"encoding/xml"
-	errorsStd "errors"
+	"errors"
 	"fmt"
 	"math"
 	"strconv"
@@ -11,7 +11,9 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
@@ -40,7 +42,7 @@ func (n *Layer) PutLockInfo(ctx context.Context, p *PutLockInfoParams) (err erro
 	}
 
 	lockInfo, err := n.treeService.GetLock(ctx, p.ObjVersion.BktInfo, versionNode.ID)
-	if err != nil && !errorsStd.Is(err, ErrNodeNotFound) {
+	if err != nil && !errors.Is(err, layererr.ErrNodeNotFound) {
 		return err
 	}
 
@@ -113,7 +115,7 @@ func (n *Layer) getNodeVersionFromCacheOrFrostfs(ctx context.Context, objVersion
 }
 
 func (n *Layer) putLockObject(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID, lock *data.ObjectLock, copiesNumber []uint32) (oid.ID, error) {
-	prm := PrmObjectCreate{
+	prm := frostfs.PrmObjectCreate{
 		Container:    bktInfo.CID,
 		Locks:        []oid.ID{objID},
 		CreationTime: TimeNow(ctx),
@@ -146,7 +148,7 @@ func (n *Layer) GetLockInfo(ctx context.Context, objVersion *data.ObjectVersion)
 	}
 
 	lockInfo, err := n.treeService.GetLock(ctx, objVersion.BktInfo, versionNode.ID)
-	if err != nil && !errorsStd.Is(err, ErrNodeNotFound) {
+	if err != nil && !errors.Is(err, layererr.ErrNodeNotFound) {
 		return nil, err
 	}
 	if lockInfo == nil {
@@ -165,16 +167,16 @@ func (n *Layer) getCORS(ctx context.Context, bkt *data.BucketInfo) (*data.CORSCo
 	}
 
 	addr, err := n.treeService.GetBucketCORS(ctx, bkt)
-	objNotFound := errorsStd.Is(err, ErrNodeNotFound)
+	objNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !objNotFound {
 		return nil, err
 	}
 
 	if objNotFound {
-		return nil, fmt.Errorf("%w: %s", errors.GetAPIError(errors.ErrNoSuchCORSConfiguration), err.Error())
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchCORSConfiguration), err.Error())
 	}
 
-	var prmAuth PrmAuth
+	var prmAuth frostfs.PrmAuth
 	corsBkt := bkt
 	if !addr.Container().Equals(bkt.CID) && !addr.Container().Equals(cid.ID{}) {
 		corsBkt = &data.BucketInfo{CID: addr.Container()}
@@ -209,7 +211,7 @@ func (n *Layer) GetBucketSettings(ctx context.Context, bktInfo *data.BucketInfo)
 
 	settings, err := n.treeService.GetSettingsNode(ctx, bktInfo)
 	if err != nil {
-		if !errorsStd.Is(err, ErrNodeNotFound) {
+		if !errors.Is(err, layererr.ErrNodeNotFound) {
 			return nil, err
 		}
 		settings = &data.BucketSettings{Versioning: data.VersioningUnversioned}

api/layer/tagging.go

@@ -6,7 +6,8 @@ import (
 	"fmt"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	s3errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -39,8 +40,8 @@ func (n *Layer) GetObjectTagging(ctx context.Context, p *data.GetObjectTaggingPa
 
 	tags, err := n.treeService.GetObjectTagging(ctx, p.ObjectVersion.BktInfo, nodeVersion)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return "", nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchKey), err.Error())
+			return "", nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 		}
 		return "", nil, err
 	}
@@ -62,8 +63,8 @@ func (n *Layer) PutObjectTagging(ctx context.Context, p *data.PutObjectTaggingPa
 
 	err = n.treeService.PutObjectTagging(ctx, p.ObjectVersion.BktInfo, nodeVersion, p.TagSet)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchKey), err.Error())
+			return fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 		}
 		return err
 	}
@@ -81,8 +82,8 @@ func (n *Layer) DeleteObjectTagging(ctx context.Context, p *data.ObjectVersion)
 
 	err = n.treeService.DeleteObjectTagging(ctx, p.BktInfo, version)
 	if err != nil {
-		if errors.Is(err, ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
-			return fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchKey), err.Error())
+			return fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 		}
 		return err
 	}
@@ -102,7 +103,7 @@ func (n *Layer) GetBucketTagging(ctx context.Context, bktInfo *data.BucketInfo)
 	}
 
 	tags, err := n.treeService.GetBucketTagging(ctx, bktInfo)
-	if err != nil && !errors.Is(err, ErrNodeNotFound) {
+	if err != nil && !errors.Is(err, layererr.ErrNodeNotFound) {
 		return nil, err
 	}
 
@@ -155,14 +156,14 @@ func (n *Layer) getNodeVersion(ctx context.Context, objVersion *data.ObjectVersi
 			}
 		}
 		if version == nil {
-			err = fmt.Errorf("%w: there isn't tree node with requested version id", s3errors.GetAPIError(s3errors.ErrNoSuchVersion))
+			err = fmt.Errorf("%w: there isn't tree node with requested version id", apierr.GetAPIError(apierr.ErrNoSuchVersion))
 		}
 	}
 
 	if err == nil && version.IsDeleteMarker && !objVersion.NoErrorOnDeleteMarker {
-		return nil, fmt.Errorf("%w: found version is delete marker", s3errors.GetAPIError(s3errors.ErrNoSuchKey))
+		return nil, fmt.Errorf("%w: found version is delete marker", apierr.GetAPIError(apierr.ErrNoSuchKey))
-	} else if errors.Is(err, ErrNodeNotFound) {
+	} else if errors.Is(err, layererr.ErrNodeNotFound) {
-		return nil, fmt.Errorf("%w: %s", s3errors.GetAPIError(s3errors.ErrNoSuchKey), err.Error())
+		return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrNoSuchKey), err.Error())
 	}
 
 	if err == nil && version != nil && !version.IsDeleteMarker {

api/layer/tree_mock.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
 
@@ -105,7 +106,7 @@ func (t *TreeServiceMock) PutSettingsNode(_ context.Context, bktInfo *data.Bucke
 func (t *TreeServiceMock) GetSettingsNode(_ context.Context, bktInfo *data.BucketInfo) (*data.BucketSettings, error) {
 	settings, ok := t.settings[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	return settings, nil
@@ -140,7 +141,7 @@ func (t *TreeServiceMock) PutBucketCORS(_ context.Context, bktInfo *data.BucketI
 
 	t.system[bktInfo.CID.EncodeToString()] = systemMap
 
-	return nil, ErrNoNodeToRemove
+	return nil, frostfs.ErrNoNodeToRemove
 }
 
 func (t *TreeServiceMock) DeleteBucketCORS(context.Context, *data.BucketInfo) ([]oid.Address, error) {
@@ -150,12 +151,12 @@ func (t *TreeServiceMock) DeleteBucketCORS(context.Context, *data.BucketInfo) ([
 func (t *TreeServiceMock) GetVersions(_ context.Context, bktInfo *data.BucketInfo, objectName string) ([]*data.NodeVersion, error) {
 	cnrVersionsMap, ok := t.versions[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	versions, ok := cnrVersionsMap[objectName]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	return versions, nil
@@ -164,12 +165,12 @@ func (t *TreeServiceMock) GetVersions(_ context.Context, bktInfo *data.BucketInf
 func (t *TreeServiceMock) GetLatestVersion(_ context.Context, bktInfo *data.BucketInfo, objectName string) (*data.NodeVersion, error) {
 	cnrVersionsMap, ok := t.versions[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	versions, ok := cnrVersionsMap[objectName]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	sort.Slice(versions, func(i, j int) bool {
@@ -180,13 +181,13 @@ func (t *TreeServiceMock) GetLatestVersion(_ context.Context, bktInfo *data.Buck
 		return versions[len(versions)-1], nil
 	}
 
-	return nil, ErrNodeNotFound
+	return nil, frostfs.ErrNodeNotFound
 }
 
 func (t *TreeServiceMock) InitVersionsByPrefixStream(_ context.Context, bktInfo *data.BucketInfo, prefix string, latestOnly bool) (data.VersionsStream, error) {
 	cnrVersionsMap, ok := t.versions[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	var result []*data.NodeVersion
@@ -218,12 +219,12 @@ func (t *TreeServiceMock) InitVersionsByPrefixStream(_ context.Context, bktInfo
 func (t *TreeServiceMock) GetUnversioned(_ context.Context, bktInfo *data.BucketInfo, objectName string) (*data.NodeVersion, error) {
 	cnrVersionsMap, ok := t.versions[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	versions, ok := cnrVersionsMap[objectName]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	for _, version := range versions {
@@ -232,7 +233,7 @@ func (t *TreeServiceMock) GetUnversioned(_ context.Context, bktInfo *data.Bucket
 		}
 	}
 
-	return nil, ErrNodeNotFound
+	return nil, frostfs.ErrNodeNotFound
 }
 
 func (t *TreeServiceMock) AddVersion(_ context.Context, bktInfo *data.BucketInfo, newVersion *data.NodeVersion) (uint64, error) {
@@ -278,7 +279,7 @@ func (t *TreeServiceMock) AddVersion(_ context.Context, bktInfo *data.BucketInfo
 func (t *TreeServiceMock) RemoveVersion(_ context.Context, bktInfo *data.BucketInfo, nodeID uint64) error {
 	cnrVersionsMap, ok := t.versions[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return ErrNodeNotFound
+		return frostfs.ErrNodeNotFound
 	}
 
 	for key, versions := range cnrVersionsMap {
@@ -290,7 +291,7 @@ func (t *TreeServiceMock) RemoveVersion(_ context.Context, bktInfo *data.BucketI
 		}
 	}
 
-	return ErrNodeNotFound
+	return frostfs.ErrNodeNotFound
 }
 
 func (t *TreeServiceMock) GetAllVersionsByPrefix(_ context.Context, bktInfo *data.BucketInfo, prefix string) ([]*data.NodeVersion, error) {
@@ -334,7 +335,7 @@ func (t *TreeServiceMock) GetMultipartUploadsByPrefix(context.Context, *data.Buc
 func (t *TreeServiceMock) GetMultipartUpload(_ context.Context, bktInfo *data.BucketInfo, objectName, uploadID string) (*data.MultipartInfo, error) {
 	cnrMultipartsMap, ok := t.multiparts[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	multiparts := cnrMultipartsMap[objectName]
@@ -344,7 +345,7 @@ func (t *TreeServiceMock) GetMultipartUpload(_ context.Context, bktInfo *data.Bu
 		}
 	}
 
-	return nil, ErrNodeNotFound
+	return nil, frostfs.ErrNodeNotFound
 }
 
 func (t *TreeServiceMock) AddPart(ctx context.Context, bktInfo *data.BucketInfo, multipartNodeID uint64, info *data.PartInfo) (oldObjIDsToDelete []oid.ID, err error) {
@@ -387,7 +388,7 @@ LOOP:
 	}
 
 	if foundMultipart == nil {
-		return nil, ErrNodeNotFound
+		return nil, frostfs.ErrNodeNotFound
 	}
 
 	partsMap := t.parts[foundMultipart.UploadID]
@@ -411,18 +412,18 @@ func (t *TreeServiceMock) PutBucketLifecycleConfiguration(_ context.Context, bkt
 
 	t.system[bktInfo.CID.EncodeToString()] = systemMap
 
-	return nil, ErrNoNodeToRemove
+	return nil, frostfs.ErrNoNodeToRemove
 }
 
 func (t *TreeServiceMock) GetBucketLifecycleConfiguration(_ context.Context, bktInfo *data.BucketInfo) (oid.Address, error) {
 	systemMap, ok := t.system[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return oid.Address{}, ErrNodeNotFound
+		return oid.Address{}, frostfs.ErrNodeNotFound
 	}
 
 	node, ok := systemMap["lifecycle"]
 	if !ok {
-		return oid.Address{}, ErrNodeNotFound
+		return oid.Address{}, frostfs.ErrNodeNotFound
 	}
 
 	return newAddress(bktInfo.CID, node.OID), nil
@@ -431,12 +432,12 @@ func (t *TreeServiceMock) GetBucketLifecycleConfiguration(_ context.Context, bkt
 func (t *TreeServiceMock) DeleteBucketLifecycleConfiguration(_ context.Context, bktInfo *data.BucketInfo) ([]oid.Address, error) {
 	systemMap, ok := t.system[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return nil, ErrNoNodeToRemove
+		return nil, frostfs.ErrNoNodeToRemove
 	}
 
 	node, ok := systemMap["lifecycle"]
 	if !ok {
-		return nil, ErrNoNodeToRemove
+		return nil, frostfs.ErrNoNodeToRemove
 	}
 
 	delete(systemMap, "lifecycle")
@@ -461,7 +462,7 @@ LOOP:
 	}
 
 	if uploadID == "" {
-		return ErrNodeNotFound
+		return frostfs.ErrNodeNotFound
 	}
 
 	delete(t.parts, uploadID)

api/layer/tree_service.go

@@ -2,7 +2,6 @@ package layer
 
 import (
 	"context"
-	"errors"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -72,14 +71,3 @@ type TreeService interface {
 	// GetObjectTaggingAndLock unifies GetObjectTagging and GetLock methods in single tree service invocation.
 	GetObjectTaggingAndLock(ctx context.Context, bktInfo *data.BucketInfo, objVersion *data.NodeVersion) (map[string]string, *data.LockInfo, error)
 }
-
-var (
-	// ErrNodeNotFound is returned from Tree service in case of not found error.
-	ErrNodeNotFound = errors.New("not found")
-
-	// ErrNodeAccessDenied is returned from Tree service in case of access denied error.
-	ErrNodeAccessDenied = errors.New("access denied")
-
-	// ErrNoNodeToRemove is returned from Tree service in case of the lack of node with OID to remove.
-	ErrNoNodeToRemove = errors.New("no node to remove")
-)

api/layer/util.go

@@ -3,9 +3,7 @@ package layer
 import (
 	"encoding/hex"
 	"fmt"
-	"os"
 	"strconv"
-	"strings"
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
@@ -13,9 +11,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 )
 
-// PathSeparator is a path components separator string.
-const PathSeparator = string(os.PathSeparator)
-
 func userHeaders(attrs []object.Attribute) map[string]string {
 	result := make(map[string]string, len(attrs))
 
@@ -111,9 +106,3 @@ func filepathFromObject(o *object.Object) string {
 	objID, _ := o.ID()
 	return objID.EncodeToString()
 }
-
-// NameFromString splits name into a base file name and a directory path.
-func NameFromString(name string) (string, string) {
-	ind := strings.LastIndex(name, PathSeparator)
-	return name[ind+1:], name[:ind+1]
-}

api/layer/versioning_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	bearertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer/test"
@@ -154,7 +155,7 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext {
 	tp := NewTestFrostFS(key)
 
 	bktName := "testbucket1"
-	res, err := tp.CreateContainer(ctx, PrmContainerCreate{
+	res, err := tp.CreateContainer(ctx, frostfs.PrmContainerCreate{
 		Name: bktName,
 	})
 	require.NoError(t, err)

api/middleware/auth.go

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	frostfsErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
@@ -58,8 +58,8 @@ func Auth(center Center, log *zap.Logger) Func {
 				} else {
 					reqLogOrDefault(ctx, log).Error(logs.FailedToPassAuthentication, zap.Error(err))
 					err = frostfsErrors.UnwrapErr(err)
-					if _, ok := err.(apiErrors.Error); !ok {
+					if _, ok := err.(apierr.Error); !ok {
-						err = apiErrors.GetAPIError(apiErrors.ErrAccessDenied)
+						err = apierr.GetAPIError(apierr.ErrAccessDenied)
 					}
 					if _, wrErr := WriteErrorResponse(w, GetReqInfo(r.Context()), err); wrErr != nil {
 						reqLogOrDefault(ctx, log).Error(logs.FailedToWriteResponse, zap.Error(wrErr))

api/middleware/policy.go

@@ -11,8 +11,8 @@ import (
 	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	frostfsErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
@@ -145,11 +145,11 @@ func policyCheck(r *http.Request, cfg PolicyConfig) error {
 	case st == chain.Allow:
 		return nil
 	case st != chain.NoRuleFound:
-		return apiErr.GetAPIErrorWithError(apiErr.ErrAccessDenied, fmt.Errorf("policy check: %s", st.String()))
+		return apierr.GetAPIErrorWithError(apierr.ErrAccessDenied, fmt.Errorf("policy check: %s", st.String()))
 	}
 
 	if cfg.Settings.PolicyDenyByDefault() {
-		return apiErr.GetAPIErrorWithError(apiErr.ErrAccessDenied, fmt.Errorf("policy check: %s", st.String()))
+		return apierr.GetAPIErrorWithError(apierr.ErrAccessDenied, fmt.Errorf("policy check: %s", st.String()))
 	}
 
 	return nil
@@ -461,7 +461,7 @@ func determineRequestTags(r *http.Request, decoder XMLDecoder, op string) (map[s
 	if strings.HasSuffix(op, PutObjectTaggingOperation) || strings.HasSuffix(op, PutBucketTaggingOperation) {
 		tagging := new(data.Tagging)
 		if err := decoder.NewXMLDecoder(r.Body).Decode(tagging); err != nil {
-			return nil, fmt.Errorf("%w: %s", apiErr.GetAPIError(apiErr.ErrMalformedXML), err.Error())
+			return nil, fmt.Errorf("%w: %s", apierr.GetAPIError(apierr.ErrMalformedXML), err.Error())
 		}
 		GetReqInfo(r.Context()).Tagging = tagging
 
@@ -473,7 +473,7 @@ func determineRequestTags(r *http.Request, decoder XMLDecoder, op string) (map[s
 	if tagging := r.Header.Get(amzTagging); len(tagging) > 0 {
 		queries, err := url.ParseQuery(tagging)
 		if err != nil {
-			return nil, apiErr.GetAPIError(apiErr.ErrInvalidArgument)
+			return nil, apierr.GetAPIError(apierr.ErrInvalidArgument)
 		}
 		for key := range queries {
 			tags[fmt.Sprintf(s3.PropertyKeyFormatRequestTag, key)] = queries.Get(key)

api/middleware/response.go

@@ -62,7 +62,7 @@ const (
 	hdrSSE = "X-Amz-Server-Side-Encryption"
 
 	// hdrSSECustomerKey is the HTTP header key referencing the
-	// SSE-C client-provided key..
+	// SSE-C client-provided key.
 	hdrSSECustomerKey = hdrSSE + "-Customer-Key"
 
 	// hdrSSECopyKey is the HTTP header key referencing the SSE-C
@@ -74,7 +74,7 @@ var (
 	xmlHeader = []byte(xml.Header)
 )
 
-// Non exhaustive list of AWS S3 standard error responses -
+// Non-exhaustive list of AWS S3 standard error responses -
 // http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
 var s3ErrorResponseMap = map[string]string{
 	"AccessDenied":                      "Access Denied.",

api/router_mock_test.go

@@ -10,7 +10,7 @@ import (
 	"testing"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
@@ -159,14 +159,14 @@ type resourceTaggingMock struct {
 
 func (m *resourceTaggingMock) GetBucketTagging(context.Context, *data.BucketInfo) (map[string]string, error) {
 	if m.noSuchBucketKey {
-		return nil, apiErrors.GetAPIError(apiErrors.ErrNoSuchKey)
+		return nil, apierr.GetAPIError(apierr.ErrNoSuchKey)
 	}
 	return m.bucketTags, nil
 }
 
 func (m *resourceTaggingMock) GetObjectTagging(context.Context, *data.GetObjectTaggingParams) (string, map[string]string, error) {
 	if m.noSuchObjectKey {
-		return "", nil, apiErrors.GetAPIError(apiErrors.ErrNoSuchKey)
+		return "", nil, apierr.GetAPIError(apierr.ErrNoSuchKey)
 	}
 	return "", m.objectTags, nil
 }
@@ -573,7 +573,7 @@ func (h *handlerMock) ResolveBucket(ctx context.Context, name string) (*data.Buc
 	reqInfo := middleware.GetReqInfo(ctx)
 	bktInfo, ok := h.buckets[reqInfo.Namespace+name]
 	if !ok {
-		return nil, apiErrors.GetAPIError(apiErrors.ErrNoSuchBucket)
+		return nil, apierr.GetAPIError(apierr.ErrNoSuchBucket)
 	}
 	return bktInfo, nil
 }

api/router_test.go

@@ -14,7 +14,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	apierr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	s3middleware "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/metrics"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
@@ -214,18 +214,18 @@ func TestPolicyChecker(t *testing.T) {
 	deleteObject(chiRouter, ns2, bktName2, objName2, nil)
 
 	// check we cannot access 'bucket' in custom namespace
-	putObjectErr(chiRouter, ns2, bktName1, objName2, nil, apiErrors.ErrAccessDenied)
+	putObjectErr(chiRouter, ns2, bktName1, objName2, nil, apierr.ErrAccessDenied)
-	deleteObjectErr(chiRouter, ns2, bktName1, objName2, nil, apiErrors.ErrAccessDenied)
+	deleteObjectErr(chiRouter, ns2, bktName1, objName2, nil, apierr.ErrAccessDenied)
 }
 
 func TestPolicyCheckerError(t *testing.T) {
 	chiRouter := prepareRouter(t)
 	ns1, bktName1, objName1 := "", "bucket", "object"
-	putObjectErr(chiRouter, ns1, bktName1, objName1, nil, apiErrors.ErrNoSuchBucket)
+	putObjectErr(chiRouter, ns1, bktName1, objName1, nil, apierr.ErrNoSuchBucket)
 
 	chiRouter = prepareRouter(t)
 	chiRouter.cfg.FrostfsID.(*frostFSIDMock).userGroupsError = true
-	putObjectErr(chiRouter, ns1, bktName1, objName1, nil, apiErrors.ErrInternalError)
+	putObjectErr(chiRouter, ns1, bktName1, objName1, nil, apierr.ErrInternalError)
 }
 
 func TestPolicyCheckerReqTypeDetermination(t *testing.T) {
@@ -283,7 +283,7 @@ func TestDefaultBehaviorPolicyChecker(t *testing.T) {
 
 	// check we cannot access if rules not found when settings is enabled
 	chiRouter.middlewareSettings.denyByDefault = true
-	createBucketErr(chiRouter, ns, bktName, nil, apiErrors.ErrAccessDenied)
+	createBucketErr(chiRouter, ns, bktName, nil, apierr.ErrAccessDenied)
 }
 
 func TestDefaultPolicyCheckerWithUserTags(t *testing.T) {
@@ -294,7 +294,7 @@ func TestDefaultPolicyCheckerWithUserTags(t *testing.T) {
 	allowOperations(router, ns, []string{"s3:CreateBucket"}, engineiam.Conditions{
 		engineiam.CondStringEquals: engineiam.Condition{fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-test"): []string{"test"}},
 	})
-	createBucketErr(router, ns, bktName, nil, apiErrors.ErrAccessDenied)
+	createBucketErr(router, ns, bktName, nil, apierr.ErrAccessDenied)
 
 	tags := make(map[string]string)
 	tags["tag-test"] = "test"
@@ -321,8 +321,8 @@ func TestRequestParametersCheck(t *testing.T) {
 		})
 
 		listObjectsV1(router, ns, bktName, prefix, "", "")
-		listObjectsV1Err(router, ns, bktName, "", "", "", apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", "", apierr.ErrAccessDenied)
-		listObjectsV1Err(router, ns, bktName, "invalid", "", "", apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "invalid", "", "", apierr.ErrAccessDenied)
 	})
 
 	t.Run("delimiter parameter, prohibit specific value", func(t *testing.T) {
@@ -344,7 +344,7 @@ func TestRequestParametersCheck(t *testing.T) {
 
 		listObjectsV1(router, ns, bktName, "", "", "")
 		listObjectsV1(router, ns, bktName, "", "some-delimiter", "")
-		listObjectsV1Err(router, ns, bktName, "", delimiter, "", apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", delimiter, "", apierr.ErrAccessDenied)
 	})
 
 	t.Run("max-keys parameter, allow specific value", func(t *testing.T) {
@@ -365,9 +365,9 @@ func TestRequestParametersCheck(t *testing.T) {
 		})
 
 		listObjectsV1(router, ns, bktName, "", "", strconv.Itoa(maxKeys))
-		listObjectsV1Err(router, ns, bktName, "", "", "", apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", "", apierr.ErrAccessDenied)
-		listObjectsV1Err(router, ns, bktName, "", "", strconv.Itoa(maxKeys-1), apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", strconv.Itoa(maxKeys-1), apierr.ErrAccessDenied)
-		listObjectsV1Err(router, ns, bktName, "", "", "invalid", apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", "invalid", apierr.ErrAccessDenied)
 	})
 
 	t.Run("max-keys parameter, allow range of values", func(t *testing.T) {
@@ -389,7 +389,7 @@ func TestRequestParametersCheck(t *testing.T) {
 
 		listObjectsV1(router, ns, bktName, "", "", strconv.Itoa(maxKeys))
 		listObjectsV1(router, ns, bktName, "", "", strconv.Itoa(maxKeys-1))
-		listObjectsV1Err(router, ns, bktName, "", "", strconv.Itoa(maxKeys+1), apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", strconv.Itoa(maxKeys+1), apierr.ErrAccessDenied)
 	})
 
 	t.Run("max-keys parameter, prohibit specific value", func(t *testing.T) {
@@ -411,7 +411,7 @@ func TestRequestParametersCheck(t *testing.T) {
 
 		listObjectsV1(router, ns, bktName, "", "", "")
 		listObjectsV1(router, ns, bktName, "", "", strconv.Itoa(maxKeys-1))
-		listObjectsV1Err(router, ns, bktName, "", "", strconv.Itoa(maxKeys), apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", strconv.Itoa(maxKeys), apierr.ErrAccessDenied)
 	})
 }
 
@@ -439,10 +439,10 @@ func TestRequestTagsCheck(t *testing.T) {
 
 		tagging, err = xml.Marshal(data.Tagging{TagSet: []data.Tag{{Key: "key", Value: tagValue}}})
 		require.NoError(t, err)
-		putBucketTaggingErr(router, ns, bktName, tagging, apiErrors.ErrAccessDenied)
+		putBucketTaggingErr(router, ns, bktName, tagging, apierr.ErrAccessDenied)
 
 		tagging = nil
-		putBucketTaggingErr(router, ns, bktName, tagging, apiErrors.ErrMalformedXML)
+		putBucketTaggingErr(router, ns, bktName, tagging, apierr.ErrMalformedXML)
 	})
 
 	t.Run("put object with tag", func(t *testing.T) {
@@ -464,7 +464,7 @@ func TestRequestTagsCheck(t *testing.T) {
 
 		putObject(router, ns, bktName, objName, &data.Tag{Key: tagKey, Value: tagValue})
 
-		putObjectErr(router, ns, bktName, objName, &data.Tag{Key: "key", Value: tagValue}, apiErrors.ErrAccessDenied)
+		putObjectErr(router, ns, bktName, objName, &data.Tag{Key: "key", Value: tagValue}, apierr.ErrAccessDenied)
 	})
 }
 
@@ -490,7 +490,7 @@ func TestResourceTagsCheck(t *testing.T) {
 		listObjectsV1(router, ns, bktName, "", "", "")
 
 		router.cfg.Tagging.(*resourceTaggingMock).bucketTags = map[string]string{}
-		listObjectsV1Err(router, ns, bktName, "", "", "", apiErrors.ErrAccessDenied)
+		listObjectsV1Err(router, ns, bktName, "", "", "", apierr.ErrAccessDenied)
 	})
 
 	t.Run("object tagging", func(t *testing.T) {
@@ -515,22 +515,22 @@ func TestResourceTagsCheck(t *testing.T) {
 		getObject(router, ns, bktName, objName)
 
 		router.cfg.Tagging.(*resourceTaggingMock).objectTags = map[string]string{}
-		getObjectErr(router, ns, bktName, objName, apiErrors.ErrAccessDenied)
+		getObjectErr(router, ns, bktName, objName, apierr.ErrAccessDenied)
 	})
 
 	t.Run("non-existent resources", func(t *testing.T) {
 		router := prepareRouter(t)
 		ns, bktName, objName := "", "bucket", "object"
 
-		listObjectsV1Err(router, ns, bktName, "", "", "", apiErrors.ErrNoSuchBucket)
+		listObjectsV1Err(router, ns, bktName, "", "", "", apierr.ErrNoSuchBucket)
 
 		router.cfg.Tagging.(*resourceTaggingMock).noSuchBucketKey = true
 		createBucket(router, ns, bktName)
-		getBucketErr(router, ns, bktName, apiErrors.ErrNoSuchKey)
+		getBucketErr(router, ns, bktName, apierr.ErrNoSuchKey)
 
 		router.cfg.Tagging.(*resourceTaggingMock).noSuchObjectKey = true
 		createBucket(router, ns, bktName)
-		getObjectErr(router, ns, bktName, objName, apiErrors.ErrNoSuchKey)
+		getObjectErr(router, ns, bktName, objName, apierr.ErrNoSuchKey)
 	})
 }
 
@@ -548,7 +548,7 @@ func TestAccessBoxAttributesCheck(t *testing.T) {
 		engineiam.CondBool: engineiam.Condition{fmt.Sprintf(s3.PropertyKeyFormatAccessBoxAttr, attrKey): []string{attrValue}},
 	})
 
-	listObjectsV1Err(router, ns, bktName, "", "", "", apiErrors.ErrAccessDenied)
+	listObjectsV1Err(router, ns, bktName, "", "", "", apierr.ErrAccessDenied)
 
 	var attr object.Attribute
 	attr.SetKey(attrKey)
@@ -570,7 +570,7 @@ func TestSourceIPCheck(t *testing.T) {
 
 	router.middlewareSettings.sourceIPHeader = hdr
 	header := map[string][]string{hdr: {"192.0.3.0"}}
-	createBucketErr(router, ns, bktName, header, apiErrors.ErrAccessDenied)
+	createBucketErr(router, ns, bktName, header, apierr.ErrAccessDenied)
 
 	router.middlewareSettings.sourceIPHeader = ""
 	createBucket(router, ns, bktName)
@@ -586,7 +586,7 @@ func TestMFAPolicy(t *testing.T) {
 	denyOperations(router, ns, []string{"s3:CreateBucket"}, engineiam.Conditions{
 		engineiam.CondBool: engineiam.Condition{s3.PropertyKeyAccessBoxAttrMFA: []string{"false"}},
 	})
-	createBucketErr(router, ns, bktName, nil, apiErrors.ErrAccessDenied)
+	createBucketErr(router, ns, bktName, nil, apierr.ErrAccessDenied)
 
 	var attr object.Attribute
 	attr.SetKey("IAM-MFA")
@@ -630,7 +630,7 @@ func createBucket(router *routerMock, namespace, bktName string) {
 	require.Equal(router.t, s3middleware.CreateBucketOperation, resp.Method)
 }
 
-func createBucketErr(router *routerMock, namespace, bktName string, header http.Header, errCode apiErrors.ErrorCode) {
+func createBucketErr(router *routerMock, namespace, bktName string, header http.Header, errCode apierr.ErrorCode) {
 	w := createBucketBase(router, namespace, bktName, header)
 	assertAPIError(router.t, w, errCode)
 }
@@ -646,7 +646,7 @@ func createBucketBase(router *routerMock, namespace, bktName string, header http
 	return w
 }
 
-func getBucketErr(router *routerMock, namespace, bktName string, errCode apiErrors.ErrorCode) {
+func getBucketErr(router *routerMock, namespace, bktName string, errCode apierr.ErrorCode) {
 	w := getBucketBase(router, namespace, bktName)
 	assertAPIError(router.t, w, errCode)
 }
@@ -665,7 +665,7 @@ func putObject(router *routerMock, namespace, bktName, objName string, tag *data
 	return resp
 }
 
-func putObjectErr(router *routerMock, namespace, bktName, objName string, tag *data.Tag, errCode apiErrors.ErrorCode) {
+func putObjectErr(router *routerMock, namespace, bktName, objName string, tag *data.Tag, errCode apierr.ErrorCode) {
 	w := putObjectBase(router, namespace, bktName, objName, tag)
 	assertAPIError(router.t, w, errCode)
 }
@@ -690,7 +690,7 @@ func deleteObject(router *routerMock, namespace, bktName, objName string, tag *d
 	return resp
 }
 
-func deleteObjectErr(router *routerMock, namespace, bktName, objName string, tag *data.Tag, errCode apiErrors.ErrorCode) {
+func deleteObjectErr(router *routerMock, namespace, bktName, objName string, tag *data.Tag, errCode apierr.ErrorCode) {
 	w := deleteObjectBase(router, namespace, bktName, objName, tag)
 	assertAPIError(router.t, w, errCode)
 }
@@ -715,7 +715,7 @@ func putBucketTagging(router *routerMock, namespace, bktName string, tagging []b
 	return resp
 }
 
-func putBucketTaggingErr(router *routerMock, namespace, bktName string, tagging []byte, errCode apiErrors.ErrorCode) {
+func putBucketTaggingErr(router *routerMock, namespace, bktName string, tagging []byte, errCode apierr.ErrorCode) {
 	w := putBucketTaggingBase(router, namespace, bktName, tagging)
 	assertAPIError(router.t, w, errCode)
 }
@@ -738,7 +738,7 @@ func getObject(router *routerMock, namespace, bktName, objName string) handlerRe
 	return resp
 }
 
-func getObjectErr(router *routerMock, namespace, bktName, objName string, errCode apiErrors.ErrorCode) {
+func getObjectErr(router *routerMock, namespace, bktName, objName string, errCode apierr.ErrorCode) {
 	w := getObjectBase(router, namespace, bktName, objName)
 	assertAPIError(router.t, w, errCode)
 }
@@ -757,7 +757,7 @@ func listObjectsV1(router *routerMock, namespace, bktName, prefix, delimiter, ma
 	return resp
 }
 
-func listObjectsV1Err(router *routerMock, namespace, bktName, prefix, delimiter, maxKeys string, errCode apiErrors.ErrorCode) {
+func listObjectsV1Err(router *routerMock, namespace, bktName, prefix, delimiter, maxKeys string, errCode apierr.ErrorCode) {
 	w := listObjectsV1Base(router, namespace, bktName, prefix, delimiter, maxKeys)
 	assertAPIError(router.t, w, errCode)
 }
@@ -827,7 +827,7 @@ func TestAuthenticate(t *testing.T) {
 
 	chiRouter = prepareRouter(t)
 	chiRouter.cfg.Center.(*centerMock).isError = true
-	createBucketErr(chiRouter, "", "bkt-3", nil, apiErrors.ErrAccessDenied)
+	createBucketErr(chiRouter, "", "bkt-3", nil, apierr.ErrAccessDenied)
 }
 
 func TestFrostFSIDValidation(t *testing.T) {
@@ -843,7 +843,7 @@ func TestFrostFSIDValidation(t *testing.T) {
 	// frostFSID validation failed
 	chiRouter = prepareRouter(t, frostFSIDValidation(true))
 	chiRouter.cfg.FrostfsID.(*frostFSIDMock).validateError = true
-	createBucketErr(chiRouter, "", "bkt-3", nil, apiErrors.ErrInternalError)
+	createBucketErr(chiRouter, "", "bkt-3", nil, apierr.ErrInternalError)
 }
 
 func TestRouterListObjectsV2Domains(t *testing.T) {
@@ -882,17 +882,17 @@ func readResponse(t *testing.T, w *httptest.ResponseRecorder) handlerResult {
 	return res
 }
 
-func assertAPIError(t *testing.T, w *httptest.ResponseRecorder, expectedErrorCode apiErrors.ErrorCode) {
+func assertAPIError(t *testing.T, w *httptest.ResponseRecorder, expectedErrorCode apierr.ErrorCode) {
 	actualErrorResponse := &s3middleware.ErrorResponse{}
 	err := xml.NewDecoder(w.Result().Body).Decode(actualErrorResponse)
 	require.NoError(t, err)
 
-	expectedError := apiErrors.GetAPIError(expectedErrorCode)
+	expectedError := apierr.GetAPIError(expectedErrorCode)
 
 	require.Equal(t, expectedError.HTTPStatusCode, w.Code)
 	require.Equal(t, expectedError.Code, actualErrorResponse.Code)
 
-	if expectedError.ErrCode != apiErrors.ErrInternalError {
+	if expectedError.ErrCode != apierr.ErrInternalError {
 		require.Contains(t, actualErrorResponse.Message, expectedError.Description)
 	}
 }

config/playback/playback.yaml

@@ -1,8 +1,8 @@
 endpoint: http://localhost:8084
-log: ./log/request.log
+log: ./log/multipart11.log
 credentials:
-  access_key: CAtUxDSSFtuVyVCjHTMhwx3eP3YSPo5ffwbPcnKfcdrD06WwUSn72T5EBNe3jcgjL54rmxFM6u3nUAoNBps8qJ1PD
+  access_key: CjvKZyyVWA3au4s14SzPuaxqKW7c5EBRThwt4aaWPxeu0E1CQYfJ91yxtGZ62F7rJMBf2dQXnUDsmfeRnRx6huHNt
-  secret_key: 560027d81c277de7378f71cbf12a32e4f7f541de724be59bcfdbfdc925425f30
+  secret_key: 2c318a7e56e2b69335176e7ae12f44ba15a34941e452f715e93a933514d20381
 http_timeout: 60s
 skip_verify_tls: false
 print_response_limit: 1024

internal/frostfs/authmate.go

@@ -9,7 +9,7 @@ import (
 	"time"
 
 	objectv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/authmate"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
@@ -28,18 +28,18 @@ const (
 
 // AuthmateFrostFS is a mediator which implements authmate.FrostFS through pool.Pool.
 type AuthmateFrostFS struct {
-	frostFS layer.FrostFS
+	frostFS frostfs.FrostFS
 	log     *zap.Logger
 }
 
 // NewAuthmateFrostFS creates new AuthmateFrostFS using provided pool.Pool.
-func NewAuthmateFrostFS(frostFS layer.FrostFS, log *zap.Logger) *AuthmateFrostFS {
+func NewAuthmateFrostFS(frostFS frostfs.FrostFS, log *zap.Logger) *AuthmateFrostFS {
 	return &AuthmateFrostFS{frostFS: frostFS, log: log}
 }
 
 // ContainerExists implements authmate.FrostFS interface method.
 func (x *AuthmateFrostFS) ContainerExists(ctx context.Context, idCnr cid.ID) error {
-	_, err := x.frostFS.Container(ctx, layer.PrmContainer{ContainerID: idCnr})
+	_, err := x.frostFS.Container(ctx, frostfs.PrmContainer{ContainerID: idCnr})
 	if err != nil {
 		return fmt.Errorf("get container via connection pool: %w", err)
 	}
@@ -60,7 +60,7 @@ func (x *AuthmateFrostFS) CreateContainer(ctx context.Context, prm authmate.PrmC
 	basicACL.AllowOp(acl.OpObjectHead, acl.RoleOthers)
 	basicACL.AllowOp(acl.OpObjectSearch, acl.RoleOthers)
 
-	res, err := x.frostFS.CreateContainer(ctx, layer.PrmContainerCreate{
+	res, err := x.frostFS.CreateContainer(ctx, frostfs.PrmContainerCreate{
 		Creator:  prm.Owner,
 		Policy:   prm.Policy,
 		Name:     prm.FriendlyName,
@@ -84,7 +84,7 @@ func (x *AuthmateFrostFS) GetCredsObject(ctx context.Context, addr oid.Address)
 		credObjID = last.ObjID
 	}
 
-	res, err := x.frostFS.GetObject(ctx, layer.PrmObjectGet{
+	res, err := x.frostFS.GetObject(ctx, frostfs.PrmObjectGet{
 		Container: addr.Container(),
 		Object:    credObjID,
 	})
@@ -137,7 +137,7 @@ func (x *AuthmateFrostFS) CreateObject(ctx context.Context, prm tokens.PrmObject
 		attributes = append(attributes, [2]string{attr.Key(), attr.Value()})
 	}
 
-	res, err := x.frostFS.CreateObject(ctx, layer.PrmObjectCreate{
+	res, err := x.frostFS.CreateObject(ctx, frostfs.PrmObjectCreate{
 		Container:  prm.Container,
 		Filepath:   prm.Filepath,
 		Attributes: attributes,
@@ -152,7 +152,7 @@ func (x *AuthmateFrostFS) CreateObject(ctx context.Context, prm tokens.PrmObject
 
 func (x *AuthmateFrostFS) getCredVersions(ctx context.Context, addr oid.Address) (*crdt.ObjectVersions, error) {
 	objCredSystemName := credVersionSysName(addr.Container(), addr.Object())
-	credVersions, err := x.frostFS.SearchObjects(ctx, layer.PrmObjectSearch{
+	credVersions, err := x.frostFS.SearchObjects(ctx, frostfs.PrmObjectSearch{
 		Container:      addr.Container(),
 		ExactAttribute: [2]string{accessBoxCRDTNameAttr, objCredSystemName},
 	})
@@ -163,7 +163,7 @@ func (x *AuthmateFrostFS) getCredVersions(ctx context.Context, addr oid.Address)
 	versions := crdt.NewObjectVersions(objCredSystemName)
 
 	for _, id := range credVersions {
-		objVersion, err := x.frostFS.HeadObject(ctx, layer.PrmObjectHead{
+		objVersion, err := x.frostFS.HeadObject(ctx, frostfs.PrmObjectHead{
 			Container: addr.Container(),
 			Object:    id,
 		})

internal/frostfs/frostfs.go

@@ -10,8 +10,9 @@ import (
 	"time"
 
 	objectv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
-	errorsFrost "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
+	frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
@@ -89,7 +90,7 @@ func (x *FrostFS) TimeToEpoch(ctx context.Context, now, futureTime time.Time) (u
 }
 
 // Container implements layer.FrostFS interface method.
-func (x *FrostFS) Container(ctx context.Context, layerPrm layer.PrmContainer) (*container.Container, error) {
+func (x *FrostFS) Container(ctx context.Context, layerPrm frostfs.PrmContainer) (*container.Container, error) {
 	prm := pool.PrmContainerGet{
 		ContainerID: layerPrm.ContainerID,
 		Session:     layerPrm.SessionToken,
@@ -104,7 +105,7 @@ func (x *FrostFS) Container(ctx context.Context, layerPrm layer.PrmContainer) (*
 }
 
 // CreateContainer implements layer.FrostFS interface method.
-func (x *FrostFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreate) (*layer.ContainerCreateResult, error) {
+func (x *FrostFS) CreateContainer(ctx context.Context, prm frostfs.PrmContainerCreate) (*frostfs.ContainerCreateResult, error) {
 	var cnr container.Container
 	cnr.Init()
 	cnr.SetPlacementPolicy(prm.Policy)
@@ -145,14 +146,14 @@ func (x *FrostFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCre
 
 	// send request to save the container
 	idCnr, err := x.pool.PutContainer(ctx, prmPut)
-	return &layer.ContainerCreateResult{
+	return &frostfs.ContainerCreateResult{
 		ContainerID:             idCnr,
 		HomomorphicHashDisabled: container.IsHomomorphicHashingDisabled(cnr),
 	}, handleObjectError("save container via connection pool", err)
 }
 
 // UserContainers implements layer.FrostFS interface method.
-func (x *FrostFS) UserContainers(ctx context.Context, layerPrm layer.PrmUserContainers) ([]cid.ID, error) {
+func (x *FrostFS) UserContainers(ctx context.Context, layerPrm frostfs.PrmUserContainers) ([]cid.ID, error) {
 	prm := pool.PrmContainerList{
 		OwnerID: layerPrm.UserID,
 		Session: layerPrm.SessionToken,
@@ -171,7 +172,7 @@ func (x *FrostFS) DeleteContainer(ctx context.Context, id cid.ID, token *session
 }
 
 // CreateObject implements layer.FrostFS interface method.
-func (x *FrostFS) CreateObject(ctx context.Context, prm layer.PrmObjectCreate) (*layer.CreateObjectResult, error) {
+func (x *FrostFS) CreateObject(ctx context.Context, prm frostfs.PrmObjectCreate) (*frostfs.CreateObjectResult, error) {
 	attrNum := len(prm.Attributes) + 1 // + creation time
 
 	if prm.Filepath != "" {
@@ -243,7 +244,7 @@ func (x *FrostFS) CreateObject(ctx context.Context, prm layer.PrmObjectCreate) (
 		return nil, err
 	}
 
-	return &layer.CreateObjectResult{
+	return &frostfs.CreateObjectResult{
 		ObjectID:      res.ObjectID,
 		CreationEpoch: res.Epoch,
 	}, nil
@@ -264,7 +265,7 @@ func (x payloadReader) Read(p []byte) (int, error) {
 }
 
 // HeadObject implements layer.FrostFS interface method.
-func (x *FrostFS) HeadObject(ctx context.Context, prm layer.PrmObjectHead) (*object.Object, error) {
+func (x *FrostFS) HeadObject(ctx context.Context, prm frostfs.PrmObjectHead) (*object.Object, error) {
 	var addr oid.Address
 	addr.SetContainer(prm.Container)
 	addr.SetObject(prm.Object)
@@ -287,7 +288,7 @@ func (x *FrostFS) HeadObject(ctx context.Context, prm layer.PrmObjectHead) (*obj
 }
 
 // GetObject implements layer.FrostFS interface method.
-func (x *FrostFS) GetObject(ctx context.Context, prm layer.PrmObjectGet) (*layer.Object, error) {
+func (x *FrostFS) GetObject(ctx context.Context, prm frostfs.PrmObjectGet) (*frostfs.Object, error) {
 	var addr oid.Address
 	addr.SetContainer(prm.Container)
 	addr.SetObject(prm.Object)
@@ -306,14 +307,14 @@ func (x *FrostFS) GetObject(ctx context.Context, prm layer.PrmObjectGet) (*layer
 		return nil, handleObjectError("init full object reading via connection pool", err)
 	}
 
-	return &layer.Object{
+	return &frostfs.Object{
 		Header:  res.Header,
 		Payload: res.Payload,
 	}, nil
 }
 
 // RangeObject implements layer.FrostFS interface method.
-func (x *FrostFS) RangeObject(ctx context.Context, prm layer.PrmObjectRange) (io.ReadCloser, error) {
+func (x *FrostFS) RangeObject(ctx context.Context, prm frostfs.PrmObjectRange) (io.ReadCloser, error) {
 	var addr oid.Address
 	addr.SetContainer(prm.Container)
 	addr.SetObject(prm.Object)
@@ -338,7 +339,7 @@ func (x *FrostFS) RangeObject(ctx context.Context, prm layer.PrmObjectRange) (io
 }
 
 // DeleteObject implements layer.FrostFS interface method.
-func (x *FrostFS) DeleteObject(ctx context.Context, prm layer.PrmObjectDelete) error {
+func (x *FrostFS) DeleteObject(ctx context.Context, prm frostfs.PrmObjectDelete) error {
 	var addr oid.Address
 	addr.SetContainer(prm.Container)
 	addr.SetObject(prm.Object)
@@ -357,7 +358,7 @@ func (x *FrostFS) DeleteObject(ctx context.Context, prm layer.PrmObjectDelete) e
 }
 
 // SearchObjects implements layer.FrostFS interface method.
-func (x *FrostFS) SearchObjects(ctx context.Context, prm layer.PrmObjectSearch) ([]oid.ID, error) {
+func (x *FrostFS) SearchObjects(ctx context.Context, prm frostfs.PrmObjectSearch) ([]oid.ID, error) {
 	filters := object.NewSearchFilters()
 	filters.AddRootFilter()
 
@@ -403,7 +404,7 @@ func (x *FrostFS) NetworkInfo(ctx context.Context) (netmap.NetworkInfo, error) {
 	return ni, nil
 }
 
-func (x *FrostFS) PatchObject(ctx context.Context, prm layer.PrmObjectPatch) (oid.ID, error) {
+func (x *FrostFS) PatchObject(ctx context.Context, prm frostfs.PrmObjectPatch) (oid.ID, error) {
 	var addr oid.Address
 	addr.SetContainer(prm.Container)
 	addr.SetObject(prm.Object)
@@ -466,12 +467,12 @@ func handleObjectError(msg string, err error) error {
 		return nil
 	}
 
-	if reason, ok := errorsFrost.IsErrObjectAccessDenied(err); ok {
+	if reason, ok := frosterr.IsErrObjectAccessDenied(err); ok {
-		return fmt.Errorf("%s: %w: %s", msg, layer.ErrAccessDenied, reason)
+		return fmt.Errorf("%s: %w: %s", msg, layererr.ErrAccessDenied, reason)
 	}
 
-	if errorsFrost.IsTimeoutError(err) {
+	if frosterr.IsTimeoutError(err) {
-		return fmt.Errorf("%s: %w: %s", msg, layer.ErrGatewayTimeout, err.Error())
+		return fmt.Errorf("%s: %w: %s", msg, layererr.ErrGatewayTimeout, err.Error())
 	}
 
 	return fmt.Errorf("%s: %w", msg, err)

internal/frostfs/frostfs_test.go

@@ -7,8 +7,8 @@ import (
 	"testing"
 	"time"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
-	errorsFrost "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
@@ -22,17 +22,17 @@ func TestErrorChecking(t *testing.T) {
 
 	var wrappedError error
 
-	if fetchedReason, ok := errorsFrost.IsErrObjectAccessDenied(err); ok {
+	if fetchedReason, ok := frosterr.IsErrObjectAccessDenied(err); ok {
-		wrappedError = fmt.Errorf("%w: %s", layer.ErrAccessDenied, fetchedReason)
+		wrappedError = fmt.Errorf("%w: %s", layererr.ErrAccessDenied, fetchedReason)
 	}
 
-	require.ErrorIs(t, wrappedError, layer.ErrAccessDenied)
+	require.ErrorIs(t, wrappedError, layererr.ErrAccessDenied)
 	require.Contains(t, wrappedError.Error(), reason)
 }
 
 func TestErrorTimeoutChecking(t *testing.T) {
 	t.Run("simple timeout", func(t *testing.T) {
-		require.True(t, errorsFrost.IsTimeoutError(errors.New("timeout")))
+		require.True(t, frosterr.IsTimeoutError(errors.New("timeout")))
 	})
 
 	t.Run("deadline exceeded", func(t *testing.T) {
@@ -40,11 +40,11 @@ func TestErrorTimeoutChecking(t *testing.T) {
 		defer cancel()
 		<-ctx.Done()
 
-		require.True(t, errorsFrost.IsTimeoutError(ctx.Err()))
+		require.True(t, frosterr.IsTimeoutError(ctx.Err()))
 	})
 
 	t.Run("grpc deadline exceeded", func(t *testing.T) {
 		err := fmt.Errorf("wrap grpc error: %w", status.Error(codes.DeadlineExceeded, "error"))
-		require.True(t, errorsFrost.IsTimeoutError(err))
+		require.True(t, frosterr.IsTimeoutError(err))
 	})
 }

internal/frostfs/services/pool_wrapper.go

@@ -7,16 +7,17 @@ import (
 	"io"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
-	errorsFrost "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
+	frosterr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/frostfs/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
-	grpcService "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree/service"
+	grpcservice "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree/service"
 )
 
 type GetNodeByPathResponseInfoWrapper struct {
-	response *grpcService.GetNodeByPathResponse_Info
+	response *grpcservice.GetNodeByPathResponse_Info
 }
 
 func (n GetNodeByPathResponseInfoWrapper) GetNodeID() []uint64 {
@@ -40,7 +41,7 @@ func (n GetNodeByPathResponseInfoWrapper) GetMeta() []tree.Meta {
 }
 
 type GetSubTreeResponseBodyWrapper struct {
-	response *grpcService.GetSubTreeResponse_Body
+	response *grpcservice.GetSubTreeResponse_Body
 }
 
 func (n GetSubTreeResponseBodyWrapper) GetNodeID() []uint64 {
@@ -144,7 +145,7 @@ func (w *PoolWrapper) GetSubTree(ctx context.Context, bktInfo *data.BucketInfo,
 
 type SubTreeStreamImpl struct {
 	r      *treepool.SubTreeReader
-	buffer []*grpcService.GetSubTreeResponse_Body
+	buffer []*grpcservice.GetSubTreeResponse_Body
 	eof    bool
 	index  int
 	ln     int
@@ -204,7 +205,7 @@ func (w *PoolWrapper) GetSubTreeStream(ctx context.Context, bktInfo *data.Bucket
 
 	return &SubTreeStreamImpl{
 		r:      subTreeReader,
-		buffer: make([]*grpcService.GetSubTreeResponse_Body, bufSize),
+		buffer: make([]*grpcservice.GetSubTreeResponse_Body, bufSize),
 		index:  -1,
 	}, nil
 }
@@ -268,13 +269,13 @@ func handleError(err error) error {
 		return nil
 	}
 	if errors.Is(err, treepool.ErrNodeNotFound) {
-		return fmt.Errorf("%w: %s", tree.ErrNodeNotFound, err.Error())
+		return fmt.Errorf("%w: %s", frostfs.ErrNodeNotFound, err.Error())
 	}
 	if errors.Is(err, treepool.ErrNodeAccessDenied) {
-		return fmt.Errorf("%w: %s", tree.ErrNodeAccessDenied, err.Error())
+		return fmt.Errorf("%w: %s", frostfs.ErrNodeAccessDenied, err.Error())
 	}
-	if errorsFrost.IsTimeoutError(err) {
+	if frosterr.IsTimeoutError(err) {
-		return fmt.Errorf("%w: %s", tree.ErrGatewayTimeout, err.Error())
+		return fmt.Errorf("%w: %s", frostfs.ErrGatewayTimeout, err.Error())
 	}
 
 	return err

metrics/pool.go

@@ -107,8 +107,6 @@ func (m *poolMetricsCollector) updateRequestsDuration(node pool.NodeStatistic) {
 	m.requestDuration.WithLabelValues(node.Address(), methodGetContainer).Set(float64(node.AverageGetContainer().Milliseconds()))
 	m.requestDuration.WithLabelValues(node.Address(), methodListContainer).Set(float64(node.AverageListContainer().Milliseconds()))
 	m.requestDuration.WithLabelValues(node.Address(), methodDeleteContainer).Set(float64(node.AverageDeleteContainer().Milliseconds()))
-	m.requestDuration.WithLabelValues(node.Address(), methodGetContainerEacl).Set(float64(node.AverageGetContainerEACL().Milliseconds()))
-	m.requestDuration.WithLabelValues(node.Address(), methodSetContainerEacl).Set(float64(node.AverageSetContainerEACL().Milliseconds()))
 	m.requestDuration.WithLabelValues(node.Address(), methodEndpointInfo).Set(float64(node.AverageEndpointInfo().Milliseconds()))
 	m.requestDuration.WithLabelValues(node.Address(), methodNetworkInfo).Set(float64(node.AverageNetworkInfo().Milliseconds()))
 	m.requestDuration.WithLabelValues(node.Address(), methodPutObject).Set(float64(node.AveragePutObject().Milliseconds()))

pkg/retryer/retryer_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 	"time"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/retry"
 	"github.com/stretchr/testify/require"
@@ -19,7 +19,7 @@ func TestRetryer(t *testing.T) {
 		options.MaxAttempts = 3
 		options.Backoff = retry.BackoffDelayerFunc(func(int, error) (time.Duration, error) { return 0, nil })
 		options.Retryables = []retry.IsErrorRetryable{retry.IsErrorRetryableFunc(func(err error) aws.Ternary {
-			if errors.Is(err, tree.ErrNodeAccessDenied) {
+			if errors.Is(err, frostfs.ErrNodeAccessDenied) {
 				return aws.TrueTernary
 			}
 			return aws.FalseTernary
@@ -31,11 +31,11 @@ func TestRetryer(t *testing.T) {
 		err := MakeWithRetry(ctx, func() error {
 			count++
 			if count == 1 {
-				return tree.ErrNodeNotFound
+				return frostfs.ErrNodeNotFound
 			}
-			return tree.ErrNodeAccessDenied
+			return frostfs.ErrNodeAccessDenied
 		}, retryer)
-		require.ErrorIs(t, err, tree.ErrNodeNotFound)
+		require.ErrorIs(t, err, frostfs.ErrNodeNotFound)
 	})
 
 	t.Run("retry", func(t *testing.T) {
@@ -43,7 +43,7 @@ func TestRetryer(t *testing.T) {
 		err := MakeWithRetry(ctx, func() error {
 			count++
 			if count < 3 {
-				return tree.ErrNodeAccessDenied
+				return frostfs.ErrNodeAccessDenied
 			}
 			return nil
 		}, retryer)
@@ -52,8 +52,8 @@ func TestRetryer(t *testing.T) {
 
 	t.Run("retry exhausted", func(t *testing.T) {
 		err := MakeWithRetry(ctx, func() error {
-			return tree.ErrNodeAccessDenied
+			return frostfs.ErrNodeAccessDenied
 		}, retryer)
-		require.ErrorIs(t, err, tree.ErrNodeAccessDenied)
+		require.ErrorIs(t, err, frostfs.ErrNodeAccessDenied)
 	})
 }

pkg/service/tree/tree.go

@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
-	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
@@ -73,18 +73,7 @@ const (
 	FileNameKey = "FileName"
 )
 
-var (
+var errNodeDoesntContainFileName = fmt.Errorf("node doesn't contain FileName")
-	// ErrNodeNotFound is returned from ServiceClient in case of not found error.
-	ErrNodeNotFound = layer.ErrNodeNotFound
-
-	// ErrNodeAccessDenied is returned from ServiceClient service in case of access denied error.
-	ErrNodeAccessDenied = layer.ErrNodeAccessDenied
-
-	// ErrGatewayTimeout is returned from ServiceClient service in case of timeout error.
-	ErrGatewayTimeout = layer.ErrGatewayTimeout
-
-	errNodeDoesntContainFileName = fmt.Errorf("node doesn't contain FileName")
-)
 
 const (
 	versioningKV        = "Versioning"
@@ -523,7 +512,7 @@ func (c *Tree) GetSettingsNode(ctx context.Context, bktInfo *data.BucketInfo) (*
 
 func (c *Tree) PutSettingsNode(ctx context.Context, bktInfo *data.BucketInfo, settings *data.BucketSettings) error {
 	multiNode, err := c.getSystemNode(ctx, bktInfo, settingsFileName)
-	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	isErrNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return fmt.Errorf("couldn't get node: %w", err)
 	}
@@ -561,7 +550,7 @@ func (c *Tree) GetBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (oid
 
 func (c *Tree) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, addr oid.Address) ([]oid.Address, error) {
 	multiNode, err := c.getSystemNode(ctx, bktInfo, corsFilename)
-	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	isErrNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return nil, fmt.Errorf("couldn't get node: %w", err)
 	}
@@ -575,7 +564,7 @@ func (c *Tree) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, addr
 		if _, err = c.service.AddNode(ctx, bktInfo, systemTree, 0, meta); err != nil {
 			return nil, err
 		}
-		return nil, layer.ErrNoNodeToRemove
+		return nil, layererr.ErrNoNodeToRemove
 	}
 
 	latest := multiNode.Latest()
@@ -601,13 +590,13 @@ func (c *Tree) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, addr
 
 func (c *Tree) DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) ([]oid.Address, error) {
 	multiNode, err := c.getSystemNode(ctx, bktInfo, corsFilename)
-	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	isErrNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return nil, err
 	}
 
 	if isErrNotFound {
-		return nil, layer.ErrNoNodeToRemove
+		return nil, layererr.ErrNoNodeToRemove
 	}
 
 	objToDelete := c.cleanOldNodes(ctx, multiNode.nodes, bktInfo)
@@ -730,7 +719,7 @@ func (c *Tree) GetBucketTagging(ctx context.Context, bktInfo *data.BucketInfo) (
 
 func (c *Tree) PutBucketTagging(ctx context.Context, bktInfo *data.BucketInfo, tagSet map[string]string) error {
 	multiNode, err := c.getSystemNode(ctx, bktInfo, bucketTaggingFilename)
-	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	isErrNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return fmt.Errorf("couldn't get node: %w", err)
 	}
@@ -852,7 +841,7 @@ func getLatestVersionNode(nodes []NodeResponse) (NodeResponse, error) {
 	}
 
 	if targetIndexNode == -1 {
-		return nil, layer.ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	return nodes[targetIndexNode], nil
@@ -977,7 +966,7 @@ func (s *VersionsByPrefixStreamImpl) getNodeFromMainStream() (NodeResponse, erro
 	for {
 		node, err := s.mainStream.Next()
 		if err != nil {
-			if errors.Is(err, ErrNodeNotFound) {
+			if errors.Is(err, layererr.ErrNodeNotFound) {
 				return nil, io.EOF
 			}
 			return nil, fmt.Errorf("main stream next: %w", err)
@@ -1104,7 +1093,7 @@ func (c *Tree) InitVersionsByPrefixStream(ctx context.Context, bktInfo *data.Buc
 func (c *Tree) getSubTreeByPrefixMainStream(ctx context.Context, bktInfo *data.BucketInfo, treeID, prefix string) (SubTreeStream, string, []uint64, error) {
 	rootID, tailPrefix, err := c.determinePrefixNode(ctx, bktInfo, treeID, prefix)
 	if err != nil {
-		if errors.Is(err, layer.ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
 			return nil, "", nil, io.EOF
 		}
 		return nil, "", nil, err
@@ -1112,7 +1101,7 @@ func (c *Tree) getSubTreeByPrefixMainStream(ctx context.Context, bktInfo *data.B
 
 	subTree, err := c.service.GetSubTreeStream(ctx, bktInfo, treeID, rootID, 2)
 	if err != nil {
-		if errors.Is(err, layer.ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
 			return nil, "", nil, io.EOF
 		}
 		return nil, "", nil, err
@@ -1158,7 +1147,7 @@ func (c *Tree) getPrefixNodeID(ctx context.Context, bktInfo *data.BucketInfo, tr
 	}
 
 	if len(intermediateNodes) == 0 {
-		return nil, layer.ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	return intermediateNodes, nil
@@ -1167,7 +1156,7 @@ func (c *Tree) getPrefixNodeID(ctx context.Context, bktInfo *data.BucketInfo, tr
 func (c *Tree) getSubTreeByPrefix(ctx context.Context, bktInfo *data.BucketInfo, treeID, prefix string, latestOnly bool) ([]NodeResponse, string, error) {
 	rootID, tailPrefix, err := c.determinePrefixNode(ctx, bktInfo, treeID, prefix)
 	if err != nil {
-		if errors.Is(err, layer.ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
 			return nil, "", nil
 		}
 		return nil, "", err
@@ -1175,7 +1164,7 @@ func (c *Tree) getSubTreeByPrefix(ctx context.Context, bktInfo *data.BucketInfo,
 
 	subTree, err := c.service.GetSubTree(ctx, bktInfo, treeID, rootID, 2, false)
 	if err != nil {
-		if errors.Is(err, layer.ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
 			return nil, "", nil
 		}
 		return nil, "", err
@@ -1281,7 +1270,7 @@ func (c *Tree) getUnversioned(ctx context.Context, bktInfo *data.BucketInfo, tre
 	}
 
 	if len(nodes) == 0 {
-		return nil, layer.ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	if len(nodes) > 1 {
@@ -1420,7 +1409,7 @@ func (c *Tree) GetMultipartUpload(ctx context.Context, bktInfo *data.BucketInfo,
 		}
 	}
 
-	return nil, layer.ErrNodeNotFound
+	return nil, layererr.ErrNodeNotFound
 }
 
 func (c *Tree) AddPart(ctx context.Context, bktInfo *data.BucketInfo, multipartNodeID uint64, info *data.PartInfo) (oldObjIDsToDelete []oid.ID, err error) {
@@ -1498,7 +1487,7 @@ func (c *Tree) AddPart(ctx context.Context, bktInfo *data.BucketInfo, multipartN
 		return nil, err
 	}
 
-	return nil, layer.ErrNoNodeToRemove
+	return nil, layererr.ErrNoNodeToRemove
 }
 
 func (c *Tree) GetParts(ctx context.Context, bktInfo *data.BucketInfo, multipartNodeID uint64) ([]*data.PartInfoExtended, error) {
@@ -1535,7 +1524,7 @@ func (c *Tree) GetParts(ctx context.Context, bktInfo *data.BucketInfo, multipart
 
 func (c *Tree) PutBucketLifecycleConfiguration(ctx context.Context, bktInfo *data.BucketInfo, addr oid.Address) ([]oid.Address, error) {
 	multiNode, err := c.getSystemNode(ctx, bktInfo, bucketLifecycleFilename)
-	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	isErrNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return nil, fmt.Errorf("couldn't get node: %w", err)
 	}
@@ -1549,7 +1538,7 @@ func (c *Tree) PutBucketLifecycleConfiguration(ctx context.Context, bktInfo *dat
 		if _, err = c.service.AddNode(ctx, bktInfo, systemTree, 0, meta); err != nil {
 			return nil, err
 		}
-		return nil, layer.ErrNoNodeToRemove
+		return nil, layererr.ErrNoNodeToRemove
 	}
 
 	latest := multiNode.Latest()
@@ -1584,13 +1573,13 @@ func (c *Tree) GetBucketLifecycleConfiguration(ctx context.Context, bktInfo *dat
 
 func (c *Tree) DeleteBucketLifecycleConfiguration(ctx context.Context, bktInfo *data.BucketInfo) ([]oid.Address, error) {
 	multiNode, err := c.getSystemNode(ctx, bktInfo, bucketLifecycleFilename)
-	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	isErrNotFound := errors.Is(err, layererr.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return nil, err
 	}
 
 	if isErrNotFound {
-		return nil, layer.ErrNoNodeToRemove
+		return nil, layererr.ErrNoNodeToRemove
 	}
 
 	objToDelete := c.cleanOldNodes(ctx, multiNode.nodes, bktInfo)
@@ -1727,7 +1716,7 @@ func (c *Tree) addVersion(ctx context.Context, bktInfo *data.BucketInfo, treeID
 			return node.ID, c.clearOutdatedVersionInfo(ctx, bktInfo, treeID, node.ID)
 		}
 
-		if !errors.Is(err, layer.ErrNodeNotFound) {
+		if !errors.Is(err, layererr.ErrNodeNotFound) {
 			return 0, err
 		}
 	}
@@ -1760,7 +1749,7 @@ func (c *Tree) getVersions(ctx context.Context, bktInfo *data.BucketInfo, treeID
 	}
 	nodes, err := c.service.GetNodes(ctx, p)
 	if err != nil {
-		if errors.Is(err, layer.ErrNodeNotFound) {
+		if errors.Is(err, layererr.ErrNodeNotFound) {
 			return nil, nil
 		}
 		return nil, err
@@ -1827,7 +1816,7 @@ func (c *Tree) getSystemNode(ctx context.Context, bktInfo *data.BucketInfo, name
 	nodes = filterMultipartNodes(nodes)
 
 	if len(nodes) == 0 {
-		return nil, layer.ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 	if len(nodes) != 1 {
 		c.reqLogger(ctx).Warn(logs.FoundSeveralSystemNodes, zap.String("name", name))

pkg/service/tree/tree_client_in_memory.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/data"
+	layererr "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/frostfs"
 	"golang.org/x/exp/slices"
 )
 
@@ -242,7 +243,7 @@ func (c *ServiceClientMemory) GetSubTree(_ context.Context, bktInfo *data.Bucket
 
 	tr, ok := cnr.trees[treeID]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	if len(rootID) != 1 {
@@ -251,7 +252,7 @@ func (c *ServiceClientMemory) GetSubTree(_ context.Context, bktInfo *data.Bucket
 
 	node := tr.treeData.getNode(rootID[0])
 	if node == nil {
-		return nil, ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	if sort {
@@ -282,12 +283,12 @@ func (s *SubTreeStreamMemoryImpl) Next() (NodeResponse, error) {
 func (c *ServiceClientMemory) GetSubTreeStream(_ context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32) (SubTreeStream, error) {
 	cnr, ok := c.containers[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return &SubTreeStreamMemoryImpl{err: ErrNodeNotFound}, nil
+		return &SubTreeStreamMemoryImpl{err: layererr.ErrNodeNotFound}, nil
 	}
 
 	tr, ok := cnr.trees[treeID]
 	if !ok {
-		return nil, ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	if len(rootID) != 1 {
@@ -296,7 +297,7 @@ func (c *ServiceClientMemory) GetSubTreeStream(_ context.Context, bktInfo *data.
 
 	node := tr.treeData.getNode(rootID[0])
 	if node == nil {
-		return nil, ErrNodeNotFound
+		return nil, layererr.ErrNodeNotFound
 	}
 
 	sortNode(tr.treeData)
@@ -353,7 +354,7 @@ func (c *ServiceClientMemory) AddNodeBase(_ context.Context, bktInfo *data.Bucke
 
 	parentNode := tr.treeData.getNode(parent)
 	if parentNode == nil {
-		return 0, ErrNodeNotFound
+		return 0, layererr.ErrNodeNotFound
 	}
 
 	newID := tr.idCounter
@@ -418,22 +419,22 @@ func (c *ServiceClientMemory) AddNodeByPath(_ context.Context, bktInfo *data.Buc
 func (c *ServiceClientMemory) MoveNode(_ context.Context, bktInfo *data.BucketInfo, treeID string, nodeID, parentID uint64, meta map[string]string) error {
 	cnr, ok := c.containers[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	tr, ok := cnr.trees[treeID]
 	if !ok {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	node := tr.treeData.getNode(nodeID)
 	if node == nil {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	newParent := tr.treeData.getNode(parentID)
 	if newParent == nil {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	node.data.meta = metaToNodeMeta(meta)
@@ -466,17 +467,17 @@ func sortNodes(list []*treeNodeMemory) {
 func (c *ServiceClientMemory) RemoveNode(_ context.Context, bktInfo *data.BucketInfo, treeID string, nodeID uint64) error {
 	cnr, ok := c.containers[bktInfo.CID.EncodeToString()]
 	if !ok {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	tr, ok := cnr.trees[treeID]
 	if !ok {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	node := tr.treeData.getNode(nodeID)
 	if node == nil {
-		return ErrNodeNotFound
+		return layererr.ErrNodeNotFound
 	}
 
 	node.parent.removeChild(nodeID)