Release v0.30.8

Signed-off-by: Alex Vanin <a.vanin@yadro.com>

.docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.21 as builder
+FROM golang:1.22 AS builder
 
 ARG BUILD=now
 ARG REPO=git.frostfs.info/TrueCloudLab/frostfs-s3-gw

.forgejo/workflows/builds.yml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_versions: [ '1.21', '1.22' ]
+        go_versions: [ '1.22', '1.23' ]
       fail-fast: false
     steps:
       - uses: actions/checkout@v3

.forgejo/workflows/dco.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.22'
+          go-version: '1.23'
 
       - name: Run commit format checker
         uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3

.forgejo/workflows/tests.yml

@@ -10,7 +10,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           cache: true
 
       - name: Install linters
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_versions: [ '1.21', '1.22' ]
+        go_versions: [ '1.22', '1.23' ]
       fail-fast: false
     steps:
       - uses: actions/checkout@v3

.forgejo/workflows/vulncheck.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.22'
+          go-version: '1.23'
 
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest

.golangci.yml

@@ -12,7 +12,8 @@ run:
 # output configuration options
 output:
   # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: tab
+  formats:
+    - format: tab
 
 # all available settings of specific linters
 linters-settings:

CHANGELOG.md

@@ -4,6 +4,54 @@ This document outlines major changes between releases.
 
 ## [Unreleased]
 
+## [0.30.8] - 2024-10-18
+
+### Fixed 
+- Error handling for correct connection switch in SDK Pool (#517)
+
+## [0.30.7] - 2024-10-03
+
+### Fixed
+- Correct aws-chunk encoding size handling (#511)
+
+
+## [0.30.6] - 2024-09-17
+
+### Fixed
+- Object size of objects upload with aws-chunked encoding (#450)
+- Object size of objects upload with negative Content-Length (#486)
+
+## [0.30.5] - 2024-09-16
+
+### Fixed
+- Panic catchers for fuzzing tests (#492)
+
+## [0.30.4] - 2024-09-03
+
+### Added
+- Fuzzing tests (#480)
+
+## [0.30.3] - 2024-08-27
+
+### Fixed
+- Empty listing when multipart upload contains more than 1000 parts (#471)
+
+## [0.30.2] - 2024-08-20
+
+### Fixed
+- Error counting in pool component before connection switch (#468)
+
+### Added
+- Log of endpoint address during tree pool errors (#468)
+
+## [0.30.1] - 2024-07-25
+
+### Fixed
+- Redundant system node removal in tree service (#437)
+
+### Added
+- Log details on SDK Pool health status change (#439)
+
 ## [0.30.0] - Kangshung -2024-07-19
 
 ### Fixed
@@ -233,4 +281,12 @@ To see CHANGELOG for older versions, refer to https://github.com/nspcc-dev/neofs
 [0.29.2]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.29.1...v0.29.2
 [0.29.3]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.29.2...v0.29.3
 [0.30.0]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.29.3...v0.30.0
-[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.0...master
+[0.30.1]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.0...v0.30.1
+[0.30.2]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.1...v0.30.2
+[0.30.3]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.2...v0.30.3
+[0.30.4]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.3...v0.30.4
+[0.30.5]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.4...v0.30.5
+[0.30.6]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.5...v0.30.6
+[0.30.7]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.6...v0.30.7
+[0.30.8]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.7...v0.30.8
+[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.30.8...master

Makefile

@@ -4,8 +4,8 @@
 REPO ?= $(shell go list -m)
 VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")
 GO_VERSION ?= 1.22
-LINT_VERSION ?= 1.56.1
-TRUECLOUDLAB_LINT_VERSION ?= 0.0.5
+LINT_VERSION ?= 1.60.1
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.6
 BINDIR = bin
 
 METRICS_DUMP_OUT ?= ./metrics-dump.json
@@ -23,6 +23,12 @@ OUTPUT_LINT_DIR ?= $(shell pwd)/bin
 LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION)
 TMP_DIR := .cache
 
+# Variables for fuzzing
+FUZZ_NGFUZZ_DIR ?= ""
+FUZZ_TIMEOUT ?= 30
+FUZZ_FUNCTIONS ?= "all"
+FUZZ_AUX ?= ""
+
 .PHONY: all $(BINS) $(BINDIR) dep docker/ test cover format image image-push dirty-image lint docker/lint pre-commit unpre-commit version clean protoc
 
 # .deb package versioning
@@ -76,6 +82,34 @@ cover:
 	@go test -v -race ./... -coverprofile=coverage.txt -covermode=atomic
 	@go tool cover -html=coverage.txt -o coverage.html
 
+# Run fuzzing
+CLANG := $(shell which clang-17 2>/dev/null)
+.PHONY: check-clang all
+check-clang:
+ifeq ($(CLANG),)
+	@echo "clang-17 is not installed. Please install it before proceeding - https://apt.llvm.org/llvm.sh "
+	@exit 1
+endif
+
+.PHONY: check-ngfuzz all
+check-ngfuzz:
+	@if [ -z "$(FUZZ_NGFUZZ_DIR)" ]; then \
+		echo "Please set a variable FUZZ_NGFUZZ_DIR to specify path to the ngfuzz"; \
+		exit 1; \
+	fi
+
+.PHONY: install-fuzzing-deps
+install-fuzzing-deps: check-clang check-ngfuzz
+
+.PHONY: fuzz
+fuzz: install-fuzzing-deps  
+	@START_PATH=$$(pwd); \
+	ROOT_PATH=$$(realpath --relative-to=$(FUZZ_NGFUZZ_DIR) $$START_PATH) ; \
+	cd $(FUZZ_NGFUZZ_DIR) && \
+	./ngfuzz -clean && \
+	./ngfuzz -fuzz $(FUZZ_FUNCTIONS) -rootdir $$ROOT_PATH -timeout $(FUZZ_TIMEOUT) $(FUZZ_AUX) && \
+	./ngfuzz -report
+
 # Reformat code
 format:
 	@echo "⇒ Processing gofmt check"

README.md

@@ -93,6 +93,24 @@ HTTP/1.1 200 OK
 
 Also, you can configure domains using `.env` variables or `yaml` file.
 
+## Fuzzing   
+To run fuzzing tests use the following command:  
+
+```shell
+$ make fuzz
+```   
+
+This command will install dependencies for the fuzzing process and run existing fuzzing tests.   
+
+You can also use the following arguments:
+
+```
+FUZZ_TIMEOUT - time to run each fuzzing test (default 30) 
+FUZZ_FUNCTIONS - fuzzing tests that will be started (default "all")
+FUZZ_AUX - additional parameters for the fuzzer (for example, "-debug")
+FUZZ_NGFUZZ_DIR - path to ngfuzz tool
+````
+
 ## Documentation
 
 - [Configuration](./docs/configuration.md)

VERSION

@@ -1 +1 @@
-v0.30.0
+v0.30.8

api/auth/center_fuzz_test.go

@@ -0,0 +1,88 @@
+//go:build gofuzz
+// +build gofuzz
+
+package auth
+
+import (
+	"strings"
+	"testing"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	utils "github.com/trailofbits/go-fuzz-utils"
+)
+
+const (
+	fuzzSuccessExitCode = 0
+	fuzzFailExitCode    = -1
+)
+
+func InitFuzzAuthenticate() {
+}
+
+func DoFuzzAuthenticate(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	var accessKeyAddr oid.Address
+	err = tp.Fill(accessKeyAddr)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	accessKeyID := strings.ReplaceAll(accessKeyAddr.String(), "/", "0")
+	secretKey, err := tp.GetString()
+	awsCreds := credentials.NewStaticCredentials(accessKeyID, secretKey, "")
+
+	reqData := RequestData{
+		Method:   "GET",
+		Endpoint: "http://localhost:8084",
+		Bucket:   "my-bucket",
+		Object:   "@obj/name",
+	}
+	presignData := PresignData{
+		Service:  "s3",
+		Region:   "spb",
+		Lifetime: 10 * time.Minute,
+		SignTime: time.Now().UTC(),
+	}
+
+	req, err := PresignRequest(awsCreds, reqData, presignData)
+	if req == nil {
+		return fuzzFailExitCode
+	}
+
+	expBox := &accessbox.Box{
+		Gate: &accessbox.GateData{
+			SecretKey: secretKey,
+		},
+	}
+
+	mock := newTokensFrostfsMock()
+	mock.addBox(accessKeyAddr, expBox)
+
+	c := &Center{
+		cli:     mock,
+		reg:     NewRegexpMatcher(authorizationFieldRegexp),
+		postReg: NewRegexpMatcher(postPolicyCredentialRegexp),
+	}
+
+	_, _ = c.Authenticate(req)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzAuthenticate(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzAuthenticate(data)
+	})
+}

api/handler/handlers_test.go

@@ -37,8 +37,12 @@ import (
 )
 
 type handlerContext struct {
+	*handlerContextBase
+	t *testing.T
+}
+
+type handlerContextBase struct {
 	owner   user.ID
-	t       *testing.T
 	h       *handler
 	tp      *layer.TestFrostFS
 	tree    *tree.Tree
@@ -50,19 +54,19 @@ type handlerContext struct {
 	cache         *layer.Cache
 }
 
-func (hc *handlerContext) Handler() *handler {
+func (hc *handlerContextBase) Handler() *handler {
 	return hc.h
 }
 
-func (hc *handlerContext) MockedPool() *layer.TestFrostFS {
+func (hc *handlerContextBase) MockedPool() *layer.TestFrostFS {
 	return hc.tp
 }
 
-func (hc *handlerContext) Layer() *layer.Layer {
+func (hc *handlerContextBase) Layer() *layer.Layer {
 	return hc.h.obj
 }
 
-func (hc *handlerContext) Context() context.Context {
+func (hc *handlerContextBase) Context() context.Context {
 	return hc.context
 }
 
@@ -136,16 +140,28 @@ func (c *configMock) RetryStrategy() RetryStrategy {
 }
 
 func prepareHandlerContext(t *testing.T) *handlerContext {
-	return prepareHandlerContextBase(t, layer.DefaultCachesConfigs(zap.NewExample()))
+	hc, err := prepareHandlerContextBase(layer.DefaultCachesConfigs(zap.NewExample()))
+	require.NoError(t, err)
+	return &handlerContext{
+		handlerContextBase: hc,
+		t:                  t,
+	}
 }
 
 func prepareHandlerContextWithMinCache(t *testing.T) *handlerContext {
-	return prepareHandlerContextBase(t, getMinCacheConfig(zap.NewExample()))
+	hc, err := prepareHandlerContextBase(getMinCacheConfig(zap.NewExample()))
+	require.NoError(t, err)
+	return &handlerContext{
+		handlerContextBase: hc,
+		t:                  t,
+	}
 }
 
-func prepareHandlerContextBase(t *testing.T, cacheCfg *layer.CachesConfig) *handlerContext {
+func prepareHandlerContextBase(cacheCfg *layer.CachesConfig) (*handlerContextBase, error) {
 	key, err := keys.NewPrivateKey()
-	require.NoError(t, err)
+	if err != nil {
+		return nil, err
+	}
 
 	l := zap.NewExample()
 	tp := layer.NewTestFrostFS(key)
@@ -159,7 +175,9 @@ func prepareHandlerContextBase(t *testing.T, cacheCfg *layer.CachesConfig) *hand
 	user.IDFromKey(&owner, key.PrivateKey.PublicKey)
 
 	memCli, err := tree.NewTreeServiceClientMemory()
-	require.NoError(t, err)
+	if err != nil {
+		return nil, err
+	}
 
 	treeMock := tree.NewTree(memCli, zap.NewExample())
 
@@ -176,7 +194,9 @@ func prepareHandlerContextBase(t *testing.T, cacheCfg *layer.CachesConfig) *hand
 
 	var pp netmap.PlacementPolicy
 	err = pp.DecodeString("REP 1")
-	require.NoError(t, err)
+	if err != nil {
+		return nil, err
+	}
 
 	cfg := &configMock{
 		defaultPolicy: pp,
@@ -189,19 +209,23 @@ func prepareHandlerContextBase(t *testing.T, cacheCfg *layer.CachesConfig) *hand
 		frostfsid: newFrostfsIDMock(),
 	}
 
-	return &handlerContext{
+	accessBox, err := newTestAccessBox(key)
+	if err != nil {
+		return nil, err
+	}
+
+	return &handlerContextBase{
 		owner:   owner,
-		t:       t,
 		h:       h,
 		tp:      tp,
 		tree:    treeMock,
-		context: middleware.SetBox(context.Background(), &middleware.Box{AccessBox: newTestAccessBox(t, key)}),
+		context: middleware.SetBox(context.Background(), &middleware.Box{AccessBox: accessBox}),
 		config:  cfg,
 
 		layerFeatures: features,
 		treeMock:      memCli,
 		cache:         layerCfg.Cache,
-	}
+	}, nil
 }
 
 func getMinCacheConfig(logger *zap.Logger) *layer.CachesConfig {
@@ -392,7 +416,7 @@ func createTestObject(hc *handlerContext, bktInfo *data.BucketInfo, objName stri
 	extObjInfo, err := hc.Layer().PutObject(hc.Context(), &layer.PutObjectParams{
 		BktInfo:    bktInfo,
 		Object:     objName,
-		Size:       uint64(len(content)),
+		Size:       ptr(uint64(len(content))),
 		Reader:     bytes.NewReader(content),
 		Header:     header,
 		Encryption: encryption,
@@ -478,3 +502,7 @@ func readResponse(t *testing.T, w *httptest.ResponseRecorder, status int, model
 		require.NoError(t, err)
 	}
 }
+
+func ptr[T any](t T) *T {
+	return &t
+}

api/handler/head_test.go

@@ -119,21 +119,25 @@ func TestIsAvailableToResolve(t *testing.T) {
 	}
 }
 
-func newTestAccessBox(t *testing.T, key *keys.PrivateKey) *accessbox.Box {
+func newTestAccessBox(key *keys.PrivateKey) (*accessbox.Box, error) {
 	var err error
 	if key == nil {
 		key, err = keys.NewPrivateKey()
-		require.NoError(t, err)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	var btoken bearer.Token
 	btoken.SetImpersonate(true)
 	err = btoken.Sign(key.PrivateKey)
-	require.NoError(t, err)
+	if err != nil {
+		return nil, err
+	}
 
 	return &accessbox.Box{
 		Gate: &accessbox.GateData{
 			BearerToken: &btoken,
 		},
-	}
+	}, nil
 }

api/handler/multipart_upload.go

@@ -203,10 +203,7 @@ func (h *handler) UploadPartHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var size uint64
-	if r.ContentLength > 0 {
-		size = uint64(r.ContentLength)
-	}
+	size := h.getPutPayloadSize(r)
 
 	p := &layer.UploadPartParams{
 		Info: &layer.UploadInfoParams{

api/handler/multipart_upload_test.go

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"crypto/md5"
+	"crypto/rand"
 	"crypto/tls"
 	"encoding/base64"
 	"encoding/hex"
@@ -435,6 +436,37 @@ func TestUploadPartCheckContentSHA256(t *testing.T) {
 	}
 }
 
+func TestUploadPartWithNegativeContentLength(t *testing.T) {
+	hc := prepareHandlerContext(t)
+
+	bktName, objName := "bucket-to-upload-part", "object-multipart"
+	createTestBucket(hc, bktName)
+	partSize := 5 * 1024 * 1024
+
+	multipartUpload := createMultipartUpload(hc, bktName, objName, map[string]string{})
+
+	partBody := make([]byte, partSize)
+	_, err := rand.Read(partBody)
+	require.NoError(hc.t, err)
+
+	query := make(url.Values)
+	query.Set(uploadIDQuery, multipartUpload.UploadID)
+	query.Set(partNumberQuery, "1")
+
+	w, r := prepareTestRequestWithQuery(hc, bktName, objName, query, partBody)
+	r.ContentLength = -1
+	hc.Handler().UploadPartHandler(w, r)
+	assertStatus(hc.t, w, http.StatusOK)
+
+	completeMultipartUpload(hc, bktName, objName, multipartUpload.UploadID, []string{w.Header().Get(api.ETag)})
+	res, _ := getObject(hc, bktName, objName)
+	equalDataSlices(t, partBody, res)
+
+	resp := getObjectAttributes(hc, bktName, objName, objectParts)
+	require.Len(t, resp.ObjectParts.Parts, 1)
+	require.Equal(t, partSize, resp.ObjectParts.Parts[0].Size)
+}
+
 func uploadPartCopy(hc *handlerContext, bktName, objName, uploadID string, num int, srcObj string, start, end int) *UploadPartCopyResponse {
 	return uploadPartCopyBase(hc, bktName, objName, false, uploadID, num, srcObj, start, end)
 }

api/handler/object_list_test.go

@@ -94,7 +94,7 @@ func TestListObjectsWithOldTreeNodes(t *testing.T) {
 }
 
 func makeAllTreeObjectsOld(hc *handlerContext, bktInfo *data.BucketInfo) {
-	nodes, err := hc.treeMock.GetSubTree(hc.Context(), bktInfo, "version", []uint64{0}, 0)
+	nodes, err := hc.treeMock.GetSubTree(hc.Context(), bktInfo, "version", []uint64{0}, 0, true)
 	require.NoError(hc.t, err)
 
 	for _, node := range nodes {
@@ -142,7 +142,12 @@ func TestListObjectsContextCanceled(t *testing.T) {
 	layerCfg.SessionList.Lifetime = time.Hour
 	layerCfg.SessionList.Size = 1
 
-	hc := prepareHandlerContextBase(t, layerCfg)
+	hcBase, err := prepareHandlerContextBase(layerCfg)
+	require.NoError(t, err)
+	hc := &handlerContext{
+		handlerContextBase: hcBase,
+		t:                  t,
+	}
 
 	bktName := "bucket-versioning-enabled"
 	bktInfo := createTestBucket(hc, bktName)

api/handler/put.go

@@ -241,22 +241,22 @@ func (h *handler) PutObjectHandler(w http.ResponseWriter, r *http.Request) {
 		metadata[api.ContentEncoding] = encodings
 	}
 
-	var size uint64
-	if r.ContentLength > 0 {
-		size = uint64(r.ContentLength)
-	}
+	size := h.getPutPayloadSize(r)
 
 	params := &layer.PutObjectParams{
 		BktInfo:           bktInfo,
 		Object:            reqInfo.ObjectName,
 		Reader:            body,
-		Size:              size,
 		Header:            metadata,
 		Encryption:        encryptionParams,
 		ContentMD5:        r.Header.Get(api.ContentMD5),
 		ContentSHA256Hash: r.Header.Get(api.AmzContentSha256),
 	}
 
+	if size > 0 {
+		params.Size = &size
+	}
+
 	params.CopiesNumbers, err = h.pickCopiesNumbers(metadata, reqInfo.Namespace, bktInfo.LocationConstraint)
 	if err != nil {
 		h.logAndSendError(w, "invalid copies number", reqInfo, err)
@@ -493,7 +493,7 @@ func (h *handler) PostObject(w http.ResponseWriter, r *http.Request) {
 		BktInfo: bktInfo,
 		Object:  reqInfo.ObjectName,
 		Reader:  contentReader,
-		Size:    size,
+		Size:    &size,
 		Header:  metadata,
 	}
 

api/handler/put_test.go

@@ -28,6 +28,11 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+const (
+	awsChunkedRequestExampleDecodedContentLength = 66560
+	awsChunkedRequestExampleContentLength        = 66824
+)
+
 func TestCheckBucketName(t *testing.T) {
 	for _, tc := range []struct {
 		name string
@@ -158,6 +163,10 @@ func TestPutObjectWithNegativeContentLength(t *testing.T) {
 	tc.Handler().HeadObjectHandler(w, r)
 	assertStatus(t, w, http.StatusOK)
 	require.Equal(t, strconv.Itoa(len(content)), w.Header().Get(api.ContentLength))
+
+	result := listVersions(t, tc, bktName)
+	require.Len(t, result.Version, 1)
+	require.EqualValues(t, len(content), result.Version[0].Size)
 }
 
 func TestPutObjectWithStreamBodyError(t *testing.T) {
@@ -274,12 +283,37 @@ func TestPutObjectWithStreamBodyAWSExample(t *testing.T) {
 	hc.Handler().PutObjectHandler(w, req)
 	assertStatus(t, w, http.StatusOK)
 
-	data := getObjectRange(t, hc, bktName, objName, 0, 66824)
+	w, req = prepareTestRequest(hc, bktName, objName, nil)
+	hc.Handler().HeadObjectHandler(w, req)
+	assertStatus(t, w, http.StatusOK)
+	require.Equal(t, strconv.Itoa(awsChunkedRequestExampleDecodedContentLength), w.Header().Get(api.ContentLength))
+
+	data := getObjectRange(t, hc, bktName, objName, 0, awsChunkedRequestExampleDecodedContentLength)
 	for i := range chunk {
 		require.Equal(t, chunk[i], data[i])
 	}
 }
 
+func TestPutObjectWithStreamEmptyBodyAWSExample(t *testing.T) {
+	hc := prepareHandlerContext(t)
+
+	bktName, objName := "dkirillov", "tmp"
+	createTestBucket(hc, bktName)
+
+	w, req := getEmptyChunkedRequest(hc.context, t, bktName, objName)
+	hc.Handler().PutObjectHandler(w, req)
+	assertStatus(t, w, http.StatusOK)
+
+	w, req = prepareTestRequest(hc, bktName, objName, nil)
+	hc.Handler().HeadObjectHandler(w, req)
+	assertStatus(t, w, http.StatusOK)
+	require.Equal(t, "0", w.Header().Get(api.ContentLength))
+
+	res := listObjectsV1(hc, bktName, "", "", "", -1)
+	require.Len(t, res.Contents, 1)
+	require.Empty(t, res.Contents[0].Size)
+}
+
 func TestPutChunkedTestContentEncoding(t *testing.T) {
 	hc := prepareHandlerContext(t)
 
@@ -310,6 +344,8 @@ func TestPutChunkedTestContentEncoding(t *testing.T) {
 	require.Equal(t, "gzip", resp.Header().Get(api.ContentEncoding))
 }
 
+// getChunkedRequest implements request example from
+// https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
 func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName string) (*httptest.ResponseRecorder, *http.Request, []byte) {
 	chunk := make([]byte, 65*1024)
 	for i := range chunk {
@@ -337,9 +373,9 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
 	req, err := http.NewRequest("PUT", "https://s3.amazonaws.com/"+bktName+"/"+objName, nil)
 	require.NoError(t, err)
 	req.Header.Set("content-encoding", "aws-chunked")
-	req.Header.Set("content-length", "66824")
+	req.Header.Set("content-length", strconv.Itoa(awsChunkedRequestExampleContentLength))
 	req.Header.Set("x-amz-content-sha256", "STREAMING-AWS4-HMAC-SHA256-PAYLOAD")
-	req.Header.Set("x-amz-decoded-content-length", "66560")
+	req.Header.Set("x-amz-decoded-content-length", strconv.Itoa(awsChunkedRequestExampleDecodedContentLength))
 	req.Header.Set("x-amz-storage-class", "REDUCED_REDUNDANCY")
 
 	signTime, err := time.Parse("20060102T150405Z", "20130524T000000Z")
@@ -370,6 +406,50 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
 	return w, req, chunk
 }
 
+func getEmptyChunkedRequest(ctx context.Context, t *testing.T, bktName, objName string) (*httptest.ResponseRecorder, *http.Request) {
+	AWSAccessKeyID := "48c1K4PLVb7SvmV3PjDKEuXaMh8yZMXZ8Wx9msrkKcYw06dZeaxeiPe8vyFm2WsoeVaNt7UWEjNsVkagDs8oX4XXh"
+	AWSSecretAccessKey := "09260955b4eb0279dc017ba20a1ddac909cbd226c86cbb2d868e55534c8e64b0"
+
+	//awsCreds := credentials.NewStaticCredentials(AWSAccessKeyID, AWSSecretAccessKey, "")
+	//signer := v4.NewSigner(awsCreds)
+
+	reqBody := bytes.NewBufferString("0;chunk-signature=311a7142c8f3a07972c3aca65c36484b513a8fee48ab7178c7225388f2ae9894\r\n\r\n")
+
+	req, err := http.NewRequest("PUT", "http://localhost:8084/"+bktName+"/"+objName, reqBody)
+	require.NoError(t, err)
+	req.Header.Set("Amz-Sdk-Invocation-Id", "8a8cd4be-aef8-8034-f08d-a6144ade41f9")
+	req.Header.Set("Amz-Sdk-Request", "attempt=1; max=2")
+	req.Header.Set(api.Authorization, "AWS4-HMAC-SHA256 Credential=48c1K4PLVb7SvmV3PjDKEuXaMh8yZMXZ8Wx9msrkKcYw06dZeaxeiPe8vyFm2WsoeVaNt7UWEjNsVkagDs8oX4XXh/20241003/us-east-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-encoding;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length, Signature=4b530ab4af2381f214941af591266b209968264a2c94337fa1efc048c7dff352")
+	req.Header.Set(api.ContentEncoding, "aws-chunked")
+	req.Header.Set(api.ContentLength, "86")
+	req.Header.Set(api.ContentType, "text/plain; charset=UTF-8")
+	req.Header.Set(api.AmzDate, "20241003T100055Z")
+	req.Header.Set(api.AmzContentSha256, "STREAMING-AWS4-HMAC-SHA256-PAYLOAD")
+	req.Header.Set(api.AmzDecodedContentLength, "0")
+
+	signTime, err := time.Parse("20060102T150405Z", "20241003T100055Z")
+	require.NoError(t, err)
+
+	w := httptest.NewRecorder()
+	reqInfo := middleware.NewReqInfo(w, req, middleware.ObjectRequest{Bucket: bktName, Object: objName}, "")
+	req = req.WithContext(middleware.SetReqInfo(ctx, reqInfo))
+	req = req.WithContext(middleware.SetBox(req.Context(), &middleware.Box{
+		ClientTime: signTime,
+		AuthHeaders: &middleware.AuthHeader{
+			AccessKeyID: AWSAccessKeyID,
+			SignatureV4: "4b530ab4af2381f214941af591266b209968264a2c94337fa1efc048c7dff352",
+			Region:      "us-east-1",
+		},
+		AccessBox: &accessbox.Box{
+			Gate: &accessbox.GateData{
+				SecretKey: AWSSecretAccessKey,
+			},
+		},
+	}))
+
+	return w, req
+}
+
 func TestCreateBucket(t *testing.T) {
 	hc := prepareHandlerContext(t)
 	bktName := "bkt-name"

api/handler/util.go

@@ -106,6 +106,19 @@ func (h *handler) getBucketAndCheckOwner(r *http.Request, bucket string, header
 	return bktInfo, checkOwner(bktInfo, expected)
 }
 
+func (h *handler) getPutPayloadSize(r *http.Request) uint64 {
+	decodeContentSize := r.Header.Get(api.AmzDecodedContentLength)
+	decodedSize, err := strconv.Atoi(decodeContentSize)
+	if err != nil {
+		if r.ContentLength >= 0 {
+			return uint64(r.ContentLength)
+		}
+		return 0
+	}
+
+	return uint64(decodedSize)
+}
+
 func parseRange(s string) (*layer.RangeParams, error) {
 	if s == "" {
 		return nil, nil

api/layer/cors.go

@@ -49,17 +49,19 @@ func (n *Layer) PutBucketCORS(ctx context.Context, p *PutCORSParams) error {
 		return fmt.Errorf("put system object: %w", err)
 	}
 
-	objIDToDelete, err := n.treeService.PutBucketCORS(ctx, p.BktInfo, objID)
+	objIDsToDelete, err := n.treeService.PutBucketCORS(ctx, p.BktInfo, objID)
 	objIDToDeleteNotFound := errorsStd.Is(err, ErrNoNodeToRemove)
 	if err != nil && !objIDToDeleteNotFound {
 		return err
 	}
 
 	if !objIDToDeleteNotFound {
-		if err = n.objectDelete(ctx, p.BktInfo, objIDToDelete); err != nil {
-			n.reqLogger(ctx).Error(logs.CouldntDeleteCorsObject, zap.Error(err),
-				zap.String("cnrID", p.BktInfo.CID.EncodeToString()),
-				zap.String("objID", objIDToDelete.EncodeToString()))
+		for _, id := range objIDsToDelete {
+			if err = n.objectDelete(ctx, p.BktInfo, id); err != nil {
+				n.reqLogger(ctx).Error(logs.CouldntDeleteCorsObject, zap.Error(err),
+					zap.String("cnrID", p.BktInfo.CID.EncodeToString()),
+					zap.String("objID", id.EncodeToString()))
+			}
 		}
 	}
 
@@ -81,14 +83,16 @@ func (n *Layer) GetBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (*d
 }
 
 func (n *Layer) DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) error {
-	objID, err := n.treeService.DeleteBucketCORS(ctx, bktInfo)
+	objIDs, err := n.treeService.DeleteBucketCORS(ctx, bktInfo)
 	objIDNotFound := errorsStd.Is(err, ErrNoNodeToRemove)
 	if err != nil && !objIDNotFound {
 		return err
 	}
 	if !objIDNotFound {
-		if err = n.objectDelete(ctx, bktInfo, objID); err != nil {
-			return err
+		for _, id := range objIDs {
+			if err = n.objectDelete(ctx, bktInfo, id); err != nil {
+				return err
+			}
 		}
 	}
 

api/layer/layer.go

@@ -97,7 +97,7 @@ type (
 	PutObjectParams struct {
 		BktInfo           *data.BucketInfo
 		Object            string
-		Size              uint64
+		Size              *uint64
 		Reader            io.Reader
 		Header            map[string]string
 		Lock              *data.ObjectLock
@@ -512,7 +512,7 @@ func (n *Layer) CopyObject(ctx context.Context, p *CopyObjectParams) (*data.Exte
 	return n.PutObject(ctx, &PutObjectParams{
 		BktInfo:       p.DstBktInfo,
 		Object:        p.DstObject,
-		Size:          p.DstSize,
+		Size:          &p.DstSize,
 		Reader:        objPayload,
 		Header:        p.Header,
 		Encryption:    p.DstEncryption,

api/layer/multipart_upload.go

@@ -453,7 +453,7 @@ func (n *Layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
 		Object:          p.Info.Key,
 		Reader:          bytes.NewReader(partsData),
 		Header:          initMetadata,
-		Size:            multipartObjetSize,
+		Size:            &multipartObjetSize,
 		Encryption:      p.Info.Encryption,
 		CopiesNumbers:   multipartInfo.CopiesNumbers,
 		CompleteMD5Hash: hex.EncodeToString(md5Hash.Sum(nil)) + "-" + strconv.Itoa(len(p.Parts)),

api/layer/object.go

@@ -222,16 +222,20 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 
 	r := p.Reader
 	if p.Encryption.Enabled() {
-		p.Header[AttributeDecryptedSize] = strconv.FormatUint(p.Size, 10)
+		var size uint64
+		if p.Size != nil {
+			size = *p.Size
+		}
+		p.Header[AttributeDecryptedSize] = strconv.FormatUint(size, 10)
 		if err = addEncryptionHeaders(p.Header, p.Encryption); err != nil {
 			return nil, fmt.Errorf("add encryption header: %w", err)
 		}
 
 		var encSize uint64
-		if r, encSize, err = encryptionReader(p.Reader, p.Size, p.Encryption.Key()); err != nil {
+		if r, encSize, err = encryptionReader(p.Reader, size, p.Encryption.Key()); err != nil {
 			return nil, fmt.Errorf("create encrypter: %w", err)
 		}
-		p.Size = encSize
+		p.Size = &encSize
 	}
 
 	if r != nil {
@@ -250,12 +254,14 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 
 	prm := PrmObjectCreate{
 		Container:    p.BktInfo.CID,
-		PayloadSize:  p.Size,
 		Filepath:     p.Object,
 		Payload:      r,
 		CreationTime: TimeNow(ctx),
 		CopiesNumber: p.CopiesNumbers,
 	}
+	if p.Size != nil {
+		prm.PayloadSize = *p.Size
+	}
 
 	prm.Attributes = make([][2]string, 0, len(p.Header))
 
@@ -267,7 +273,8 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 	if err != nil {
 		return nil, err
 	}
-	if len(p.ContentMD5) > 0 {
+
+	if !p.Encryption.Enabled() && len(p.ContentMD5) > 0 {
 		headerMd5Hash, err := base64.StdEncoding.DecodeString(p.ContentMD5)
 		if err != nil {
 			return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidDigest)
@@ -302,19 +309,25 @@ func (n *Layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Extend
 			OID:      id,
 			ETag:     hex.EncodeToString(hash),
 			FilePath: p.Object,
-			Size:     p.Size,
 			Created:  &now,
 			Owner:    &n.gateOwner,
 		},
 		IsUnversioned: !bktSettings.VersioningEnabled(),
 		IsCombined:    p.Header[MultipartObjectSize] != "",
 	}
+
 	if len(p.CompleteMD5Hash) > 0 {
 		newVersion.MD5 = p.CompleteMD5Hash
 	} else {
 		newVersion.MD5 = hex.EncodeToString(md5Hash)
 	}
 
+	if p.Size != nil {
+		newVersion.Size = *p.Size
+	} else {
+		newVersion.Size = size
+	}
+
 	if newVersion.ID, err = n.treeService.AddVersion(ctx, p.BktInfo, newVersion); err != nil {
 		return nil, fmt.Errorf("couldn't add new verion to tree service: %w", err)
 	}

api/layer/tree_mock.go

@@ -124,7 +124,7 @@ func (t *TreeServiceMock) GetBucketCORS(_ context.Context, bktInfo *data.BucketI
 	return node.OID, nil
 }
 
-func (t *TreeServiceMock) PutBucketCORS(_ context.Context, bktInfo *data.BucketInfo, objID oid.ID) (oid.ID, error) {
+func (t *TreeServiceMock) PutBucketCORS(_ context.Context, bktInfo *data.BucketInfo, objID oid.ID) ([]oid.ID, error) {
 	systemMap, ok := t.system[bktInfo.CID.EncodeToString()]
 	if !ok {
 		systemMap = make(map[string]*data.BaseNodeVersion)
@@ -136,10 +136,10 @@ func (t *TreeServiceMock) PutBucketCORS(_ context.Context, bktInfo *data.BucketI
 
 	t.system[bktInfo.CID.EncodeToString()] = systemMap
 
-	return oid.ID{}, ErrNoNodeToRemove
+	return nil, ErrNoNodeToRemove
 }
 
-func (t *TreeServiceMock) DeleteBucketCORS(context.Context, *data.BucketInfo) (oid.ID, error) {
+func (t *TreeServiceMock) DeleteBucketCORS(context.Context, *data.BucketInfo) ([]oid.ID, error) {
 	panic("implement me")
 }
 

api/layer/tree_service.go

@@ -25,13 +25,13 @@ type TreeService interface {
 
 	// PutBucketCORS puts a node to a system tree and returns objectID of a previous cors config which must be deleted in FrostFS.
 	//
-	// If object id to remove is not found returns ErrNoNodeToRemove error.
-	PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) (oid.ID, error)
+	// If object ids to remove is not found returns ErrNoNodeToRemove error.
+	PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) ([]oid.ID, error)
 
 	// DeleteBucketCORS removes a node from a system tree and returns objID which must be deleted in FrostFS.
 	//
-	// If object id to remove is not found returns ErrNoNodeToRemove error.
-	DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (oid.ID, error)
+	// If object ids to remove is not found returns ErrNoNodeToRemove error.
+	DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) ([]oid.ID, error)
 
 	GetObjectTagging(ctx context.Context, bktInfo *data.BucketInfo, objVersion *data.NodeVersion) (map[string]string, error)
 	PutObjectTagging(ctx context.Context, bktInfo *data.BucketInfo, objVersion *data.NodeVersion, tagSet map[string]string) error

api/layer/versioning_test.go

@@ -23,7 +23,7 @@ func (tc *testContext) putObject(content []byte) *data.ObjectInfo {
 	extObjInfo, err := tc.layer.PutObject(tc.ctx, &PutObjectParams{
 		BktInfo: tc.bktInfo,
 		Object:  tc.obj,
-		Size:    uint64(len(content)),
+		Size:    ptr(uint64(len(content))),
 		Reader:  bytes.NewReader(content),
 		Header:  make(map[string]string),
 	})
@@ -444,3 +444,7 @@ func TestFilterVersionsByMarker(t *testing.T) {
 		})
 	}
 }
+
+func ptr[T any](t T) *T {
+	return &t
+}

go.mod

@@ -1,12 +1,12 @@
 module git.frostfs.info/TrueCloudLab/frostfs-s3-gw
 
-go 1.21
+go 1.22
 
 require (
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240716113920-f517e3949164
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240906121927-2c79f770e449
 	git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240718141740-ce8270568d36
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241016101634-0a0d659a4e5a
 	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240611102930-ac965e8d176a
 	git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02
 	github.com/aws/aws-sdk-go v1.44.6
@@ -15,7 +15,7 @@ require (
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/google/uuid v1.6.0
 	github.com/minio/sio v0.3.0
-	github.com/nspcc-dev/neo-go v0.106.2
+	github.com/nspcc-dev/neo-go v0.106.3
 	github.com/panjf2000/ants/v2 v2.5.0
 	github.com/prometheus/client_golang v1.19.0
 	github.com/prometheus/client_model v0.5.0
@@ -24,16 +24,17 @@ require (
 	github.com/spf13/viper v1.15.0
 	github.com/ssgreg/journald v1.0.0
 	github.com/stretchr/testify v1.9.0
-	github.com/urfave/cli/v2 v2.3.0
+	github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4
+	github.com/urfave/cli/v2 v2.27.2
 	go.opentelemetry.io/otel v1.16.0
 	go.opentelemetry.io/otel/trace v1.16.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.21.0
+	golang.org/x/crypto v0.27.0
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
-	golang.org/x/net v0.23.0
-	golang.org/x/text v0.14.0
-	google.golang.org/grpc v1.62.0
-	google.golang.org/protobuf v1.33.0
+	golang.org/x/net v0.29.0
+	golang.org/x/text v0.18.0
+	google.golang.org/grpc v1.66.0
+	google.golang.org/protobuf v1.34.2
 )
 
 require (
@@ -45,19 +46,19 @@ require (
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.1 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/holiman/uint256 v1.2.4 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -66,9 +67,10 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 // indirect
-	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d // indirect
+	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240727093519-1a48f1ce43ec // indirect
 	github.com/nspcc-dev/rfc6979 v0.2.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
@@ -79,7 +81,7 @@ require (
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 // indirect
 	github.com/twmb/murmur3 v1.1.8 // indirect
-	github.com/urfave/cli v1.22.5 // indirect
+	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
 	go.etcd.io/bbolt v1.3.9 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect
@@ -89,12 +91,12 @@ require (
 	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/term v0.24.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -36,16 +36,16 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240716113920-f517e3949164 h1:XxvwQKJT/f16qS3df5PBQPRYKkhy0/A7zH6644QpKD0=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240716113920-f517e3949164/go.mod h1:OBDSr+DqV1z4VDouoX3YMleNc4DPBVBWTG3WDT2PK1o=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240906121927-2c79f770e449 h1:fE1pvU+DRVfqYa2LKIKoArxj3gKkXYwfN3J2EgfM9fY=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240906121927-2c79f770e449/go.mod h1:3MxIuTOAtKhC8jU/CVPZGENoSynJ/3URsGoBN/BRiPw=
 git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
 git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0/go.mod h1:RUIKZATQLJ+TaYQa60X2fTDwfuhMfm8Ar60bQ5fr+vU=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6 h1:aGQ6QaAnTerQ5Dq5b2/f9DUQtSqPkZZ/bkMx/HKuLCo=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6/go.mod h1:W8Nn08/l6aQ7UlIbpF7FsQou7TVpcRD1ZT1KG4TrFhE=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240718141740-ce8270568d36 h1:MV/vKJWLQT34RRbXYvkNKFYGNjL5bRNuCQMXkbC7fLI=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240718141740-ce8270568d36/go.mod h1:vluJ/+yQMcq8ZIZZSA7Te+JKClr0lgtRErjICvb8wto=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241016101634-0a0d659a4e5a h1:pJvT/UoeyZDx+Ae9tKELp2ZRawzWepWw4bbLFzJoGmQ=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241016101634-0a0d659a4e5a/go.mod h1:sMaXKg4tpQnVkNphtc4UmURGuQSJY/iWdWydiOA1Xb8=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
 git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240611102930-ac965e8d176a h1:Bk1fB4cQASPKgAVGCdlBOEp5ohZfDxqK6fZM8eP+Emo=
@@ -79,8 +79,8 @@ github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -97,9 +97,9 @@ github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/Yj
 github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
 github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb h1:f0BMgIjhZy4lSRHCXFbQst85f5agZAjtDMixQqBWNpc=
 github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -132,8 +132,8 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
-github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
-github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
+github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4=
+github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -160,8 +160,6 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -248,12 +246,14 @@ github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iP
 github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU=
 github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
 github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/nspcc-dev/dbft v0.2.0 h1:sDwsQES600OSIMncV176t2SX5OvB14lzeOAyKFOkbMI=
+github.com/nspcc-dev/dbft v0.2.0/go.mod h1:oFE6paSC/yfFh9mcNU6MheMGOYXK9+sPiRk3YMoz49o=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 h1:mD9hU3v+zJcnHAVmHnZKt3I++tvn30gBj2rP2PocZMk=
 github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2/go.mod h1:U5VfmPNM88P4RORFb6KSUVBdJBDhlqggJZYGXGPxOcc=
-github.com/nspcc-dev/neo-go v0.106.2 h1:KXSJ2J5Oacc7LrX3r4jvnC8ihKqHs5NB21q4f2S3r9o=
-github.com/nspcc-dev/neo-go v0.106.2/go.mod h1:Ojwfx3/lv0VTeEHMpQ17g0wTnXcCSoFQVq5GEeCZmGo=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d h1:Vcb7YkZuUSSIC+WF/xV3UDfHbAxZgyT2zGleJP3Ig5k=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d/go.mod h1:/vrbWSHc7YS1KSYhVOyyeucXW/e+1DkVBOgnBEXUCeY=
+github.com/nspcc-dev/neo-go v0.106.3 h1:HEyhgkjQY+HfBzotMJ12xx2VuOUphkngZ4kEkjvXDtE=
+github.com/nspcc-dev/neo-go v0.106.3/go.mod h1:3vEwJ2ld12N7HRGCaH/l/7EwopplC/+8XdIdPDNmD/M=
+github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240727093519-1a48f1ce43ec h1:vDrbVXF2+2uP0RlkZmem3QYATcXCu9BzzGGCNsNcK7Q=
+github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240727093519-1a48f1ce43ec/go.mod h1:/vrbWSHc7YS1KSYhVOyyeucXW/e+1DkVBOgnBEXUCeY=
 github.com/nspcc-dev/rfc6979 v0.2.1 h1:8wWxkamHWFmO790GsewSoKUSJjVnL1fmdRpokU/RgRM=
 github.com/nspcc-dev/rfc6979 v0.2.1/go.mod h1:Tk7h5kyUWkhjyO3zUgFFhy1v2vQv3BvQEntakdtqrWc=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
@@ -269,6 +269,8 @@ github.com/panjf2000/ants/v2 v2.5.0 h1:1rWGWSnxCsQBga+nQbA4/iY6VMeNoOIAM0ZWh9u3q
 github.com/panjf2000/ants/v2 v2.5.0/go.mod h1:cU93usDlihJZ5CfRGNDYsiBYvoilLvBF5Qp/BT2GNRE=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
 github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
+github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -286,10 +288,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
 github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
@@ -321,12 +321,14 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 h1:xQdMZ1WLrgkkvOZ/LDQxjVxMLdby7osSh4ZEVa5sIjs=
 github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954/go.mod h1:u2MKkTVTVJWe5D1rCvame8WqhBd88EuIwODJZ1VHCPM=
+github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4 h1:GpfJ7OdNjS7BFTVwNCUI9L4aCJOFRbr5fdHqjdhoYE8=
+github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4/go.mod h1:f3jBhpWvuZmue0HZK52GzRHJOYHYSILs/c8+K2S/J+o=
 github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg=
 github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
-github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
-github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
-github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
+github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
+github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -372,8 +374,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -409,8 +411,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -447,8 +449,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -469,8 +471,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -516,12 +518,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -530,8 +532,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -582,8 +584,8 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -656,10 +658,10 @@ google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
-google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A=
-google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c h1:NUsgEN92SQQqzfA+YtqYNqYmB3DMMYLlIwUZAQFVFbo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -680,8 +682,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
-google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c=
+google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -695,8 +697,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

internal/frostfs/frostfs.go

@@ -237,8 +237,12 @@ func (x *FrostFS) CreateObject(ctx context.Context, prm layer.PrmObjectCreate) (
 		prmPut.UseKey(prm.PrivateKey)
 	}
 
-	idObj, err := x.pool.PutObject(ctx, prmPut)
-	return idObj, handleObjectError("save object via connection pool", err)
+	res, err := x.pool.PutObject(ctx, prmPut)
+	if err = handleObjectError("save object via connection pool", err); err != nil {
+		return oid.ID{}, err
+	}
+
+	return res.ObjectID, nil
 }
 
 // wraps io.ReadCloser and transforms Read errors related to access violation

internal/frostfs/policy/contract/contract.go

@@ -189,7 +189,7 @@ func (m *multiTX) wrapCall(method string, args []any) {
 	if err == nil {
 		return
 	}
-	if !errors.Is(commonclient.ErrTransactionTooLarge, err) {
+	if !errors.Is(err, commonclient.ErrTransactionTooLarge) {
 		m.err = err
 		return
 	}

internal/frostfs/services/pool_wrapper.go

@@ -102,14 +102,18 @@ func (w *PoolWrapper) GetNodes(ctx context.Context, prm *tree.GetNodesParams) ([
 	return res, nil
 }
 
-func (w *PoolWrapper) GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32) ([]tree.NodeResponse, error) {
+func (w *PoolWrapper) GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32, sort bool) ([]tree.NodeResponse, error) {
+	order := treepool.NoneOrder
+	if sort {
+		order = treepool.AscendingOrder
+	}
 	poolPrm := treepool.GetSubTreeParams{
 		CID:         bktInfo.CID,
 		TreeID:      treeID,
 		RootID:      rootID,
 		Depth:       depth,
 		BearerToken: getBearer(ctx, bktInfo),
-		Order:       treepool.AscendingOrder,
+		Order:       order,
 	}
 	if len(rootID) == 1 && rootID[0] == 0 {
 		// storage node interprets 'nil' value as []uint64{0}

internal/logs/logs.go

@@ -142,11 +142,13 @@ const (
 	CouldntCacheSubject                                  = "couldn't cache subject info"
 	UserGroupsListIsEmpty                                = "user groups list is empty, subject not found"
 	CouldntCacheUserKey                                  = "couldn't cache user key"
-	FoundSeveralBucketCorsNodes                          = "found several bucket cors nodes, latest be used"
-	FoundSeveralObjectTaggingNodes                       = "found several object tagging nodes, latest be used"
-	FoundSeveralBucketTaggingNodes                       = "found several bucket tagging nodes, latest be used"
-	FoundSeveralBucketSettingsNodes                      = "found several bucket settings nodes, latest be used"
+	ObjectTaggingNodeHasMultipleIDs                      = "object tagging node has multiple ids"
+	BucketTaggingNodeHasMultipleIDs                      = "bucket tagging node has multiple ids"
+	BucketSettingsNodeHasMultipleIDs                     = "bucket settings node has multiple ids"
+	BucketCORSNodeHasMultipleIDs                         = "bucket cors node has multiple ids"
+	SystemNodeHasMultipleIDs                             = "system node has multiple ids"
+	FailedToRemoveOldSystemNode                          = "failed to remove old system node"
 	UnexpectedMultiNodeIDsInSubTreeMultiParts            = "unexpected multi node ids in sub tree multi parts"
-	FoundSeveralSystemNodes                              = "found several system nodes, latest be used"
+	FoundSeveralSystemNodes                              = "found several system nodes"
 	FailedToParsePartInfo                                = "failed to parse part info"
 )

pkg/service/tree/tree.go

@@ -32,7 +32,7 @@ type (
 	// Each method must return ErrNodeNotFound or ErrNodeAccessDenied if relevant.
 	ServiceClient interface {
 		GetNodes(ctx context.Context, p *GetNodesParams) ([]NodeResponse, error)
-		GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32) ([]NodeResponse, error)
+		GetSubTree(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32, sort bool) ([]NodeResponse, error)
 		GetSubTreeStream(ctx context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32) (SubTreeStream, error)
 		AddNode(ctx context.Context, bktInfo *data.BucketInfo, treeID string, parent uint64, meta map[string]string) (uint64, error)
 		AddNodeByPath(ctx context.Context, bktInfo *data.BucketInfo, treeID string, path []string, meta map[string]string) (uint64, error)
@@ -53,6 +53,11 @@ type (
 		Meta      map[string]string
 	}
 
+	multiSystemNode struct {
+		// the first element is latest
+		nodes []*treeNode
+	}
+
 	GetNodesParams struct {
 		BktInfo    *data.BucketInfo
 		TreeID     string
@@ -268,6 +273,45 @@ func newNodeVersionFromTreeNode(log *zap.Logger, filePath string, treeNode *tree
 	return version, nil
 }
 
+func newMultiNode(nodes []NodeResponse) (*multiSystemNode, error) {
+	var (
+		err          error
+		index        int
+		maxTimestamp uint64
+	)
+
+	if len(nodes) == 0 {
+		return nil, errors.New("multi node must have at least one node")
+	}
+
+	treeNodes := make([]*treeNode, len(nodes))
+
+	for i, node := range nodes {
+		if treeNodes[i], err = newTreeNode(node); err != nil {
+			return nil, fmt.Errorf("parse system node response: %w", err)
+		}
+
+		if timestamp := getMaxTimestamp(node); timestamp > maxTimestamp {
+			index = i
+			maxTimestamp = timestamp
+		}
+	}
+
+	treeNodes[0], treeNodes[index] = treeNodes[index], treeNodes[0]
+
+	return &multiSystemNode{
+		nodes: treeNodes,
+	}, nil
+}
+
+func (m *multiSystemNode) Latest() *treeNode {
+	return m.nodes[0]
+}
+
+func (m *multiSystemNode) Old() []*treeNode {
+	return m.nodes[1:]
+}
+
 func newMultipartInfoFromTreeNode(log *zap.Logger, filePath string, treeNode *treeNode) (*data.MultipartInfo, error) {
 	uploadID, _ := treeNode.Get(uploadIDKV)
 	if uploadID == "" {
@@ -394,11 +438,13 @@ func newPartInfo(node NodeResponse) (*data.PartInfo, error) {
 }
 
 func (c *Tree) GetSettingsNode(ctx context.Context, bktInfo *data.BucketInfo) (*data.BucketSettings, error) {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{settingsFileName})
+	multiNode, err := c.getSystemNode(ctx, bktInfo, settingsFileName)
 	if err != nil {
 		return nil, fmt.Errorf("couldn't get node: %w", err)
 	}
 
+	node := multiNode.Latest()
+
 	settings := &data.BucketSettings{Versioning: data.VersioningUnversioned}
 	if versioningValue, ok := node.Get(versioningKV); ok {
 		settings.Versioning = versioningValue
@@ -422,7 +468,7 @@ func (c *Tree) GetSettingsNode(ctx context.Context, bktInfo *data.BucketInfo) (*
 }
 
 func (c *Tree) PutSettingsNode(ctx context.Context, bktInfo *data.BucketInfo, settings *data.BucketSettings) error {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{settingsFileName})
+	multiNode, err := c.getSystemNode(ctx, bktInfo, settingsFileName)
 	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return fmt.Errorf("couldn't get node: %w", err)
@@ -435,28 +481,35 @@ func (c *Tree) PutSettingsNode(ctx context.Context, bktInfo *data.BucketInfo, se
 		return err
 	}
 
-	ind := node.GetLatestNodeIndex()
-	if node.IsSplit() {
-		c.reqLogger(ctx).Warn(logs.FoundSeveralBucketSettingsNodes)
+	latest := multiNode.Latest()
+	ind := latest.GetLatestNodeIndex()
+	if latest.IsSplit() {
+		c.reqLogger(ctx).Error(logs.BucketSettingsNodeHasMultipleIDs, zap.Uint64s("ids", latest.ID))
 	}
 
-	return c.service.MoveNode(ctx, bktInfo, systemTree, node.ID[ind], 0, meta)
+	if err = c.service.MoveNode(ctx, bktInfo, systemTree, latest.ID[ind], 0, meta); err != nil {
+		return fmt.Errorf("move settings node: %w", err)
+	}
+
+	c.cleanOldNodes(ctx, multiNode.Old(), bktInfo)
+
+	return nil
 }
 
 func (c *Tree) GetBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (oid.ID, error) {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{corsFilename})
+	node, err := c.getSystemNode(ctx, bktInfo, corsFilename)
 	if err != nil {
 		return oid.ID{}, err
 	}
 
-	return node.ObjID, nil
+	return node.Latest().ObjID, nil
 }
 
-func (c *Tree) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) (oid.ID, error) {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{corsFilename})
+func (c *Tree) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, objID oid.ID) ([]oid.ID, error) {
+	multiNode, err := c.getSystemNode(ctx, bktInfo, corsFilename)
 	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
-		return oid.ID{}, fmt.Errorf("couldn't get node: %w", err)
+		return nil, fmt.Errorf("couldn't get node: %w", err)
 	}
 
 	meta := make(map[string]string)
@@ -465,35 +518,64 @@ func (c *Tree) PutBucketCORS(ctx context.Context, bktInfo *data.BucketInfo, objI
 
 	if isErrNotFound {
 		if _, err = c.service.AddNode(ctx, bktInfo, systemTree, 0, meta); err != nil {
-			return oid.ID{}, err
+			return nil, err
 		}
-		return oid.ID{}, layer.ErrNoNodeToRemove
+		return nil, layer.ErrNoNodeToRemove
 	}
 
-	ind := node.GetLatestNodeIndex()
-	if node.IsSplit() {
-		c.reqLogger(ctx).Warn(logs.FoundSeveralBucketCorsNodes)
+	latest := multiNode.Latest()
+	ind := latest.GetLatestNodeIndex()
+	if latest.IsSplit() {
+		c.reqLogger(ctx).Error(logs.BucketCORSNodeHasMultipleIDs)
 	}
 
-	return node.ObjID, c.service.MoveNode(ctx, bktInfo, systemTree, node.ID[ind], 0, meta)
+	if err = c.service.MoveNode(ctx, bktInfo, systemTree, latest.ID[ind], 0, meta); err != nil {
+		return nil, fmt.Errorf("move cors node: %w", err)
+	}
+
+	objToDelete := make([]oid.ID, 1, len(multiNode.nodes))
+	objToDelete[0] = latest.ObjID
+
+	objToDelete = append(objToDelete, c.cleanOldNodes(ctx, multiNode.Old(), bktInfo)...)
+
+	return objToDelete, nil
 }
 
-func (c *Tree) DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) (oid.ID, error) {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{corsFilename})
-	if err != nil && !errors.Is(err, layer.ErrNodeNotFound) {
-		return oid.ID{}, err
+func (c *Tree) DeleteBucketCORS(ctx context.Context, bktInfo *data.BucketInfo) ([]oid.ID, error) {
+	multiNode, err := c.getSystemNode(ctx, bktInfo, corsFilename)
+	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
+	if err != nil && !isErrNotFound {
+		return nil, err
 	}
 
-	if node != nil {
+	if isErrNotFound {
+		return nil, layer.ErrNoNodeToRemove
+	}
+
+	objToDelete := c.cleanOldNodes(ctx, multiNode.nodes, bktInfo)
+	if len(objToDelete) != len(multiNode.nodes) {
+		return nil, fmt.Errorf("clean old cors nodes: %w", err)
+	}
+
+	return objToDelete, nil
+}
+
+func (c *Tree) cleanOldNodes(ctx context.Context, nodes []*treeNode, bktInfo *data.BucketInfo) []oid.ID {
+	res := make([]oid.ID, 0, len(nodes))
+
+	for _, node := range nodes {
 		ind := node.GetLatestNodeIndex()
 		if node.IsSplit() {
-			c.reqLogger(ctx).Warn(logs.FoundSeveralBucketCorsNodes)
+			c.reqLogger(ctx).Error(logs.SystemNodeHasMultipleIDs, zap.String("FileName", node.Meta[FileNameKey]), zap.Uint64s("ids", node.ID))
+		}
+		if err := c.service.RemoveNode(ctx, bktInfo, systemTree, node.ID[ind]); err != nil {
+			c.reqLogger(ctx).Warn(logs.FailedToRemoveOldSystemNode, zap.String("FileName", node.Meta[FileNameKey]), zap.Uint64("id", node.ID[ind]))
+		} else {
+			res = append(res, node.ObjID)
 		}
-
-		return node.ObjID, c.service.RemoveNode(ctx, bktInfo, systemTree, node.ID[ind])
 	}
 
-	return oid.ID{}, layer.ErrNoNodeToRemove
+	return res
 }
 
 func (c *Tree) GetObjectTagging(ctx context.Context, bktInfo *data.BucketInfo, objVersion *data.NodeVersion) (map[string]string, error) {
@@ -541,7 +623,7 @@ func (c *Tree) PutObjectTagging(ctx context.Context, bktInfo *data.BucketInfo, o
 
 	ind := tagNode.GetLatestNodeIndex()
 	if tagNode.IsSplit() {
-		c.reqLogger(ctx).Warn(logs.FoundSeveralObjectTaggingNodes)
+		c.reqLogger(ctx).Error(logs.ObjectTaggingNodeHasMultipleIDs)
 	}
 
 	return c.service.MoveNode(ctx, bktInfo, versionTree, tagNode.ID[ind], objVersion.ID, treeTagSet)
@@ -552,14 +634,14 @@ func (c *Tree) DeleteObjectTagging(ctx context.Context, bktInfo *data.BucketInfo
 }
 
 func (c *Tree) GetBucketTagging(ctx context.Context, bktInfo *data.BucketInfo) (map[string]string, error) {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{bucketTaggingFilename})
+	multiNode, err := c.getSystemNode(ctx, bktInfo, bucketTaggingFilename)
 	if err != nil {
 		return nil, err
 	}
 
 	tags := make(map[string]string)
 
-	for key, val := range node.Meta {
+	for key, val := range multiNode.Latest().Meta {
 		if strings.HasPrefix(key, userDefinedTagPrefix) {
 			tags[strings.TrimPrefix(key, userDefinedTagPrefix)] = val
 		}
@@ -569,7 +651,7 @@ func (c *Tree) GetBucketTagging(ctx context.Context, bktInfo *data.BucketInfo) (
 }
 
 func (c *Tree) PutBucketTagging(ctx context.Context, bktInfo *data.BucketInfo, tagSet map[string]string) error {
-	node, err := c.getSystemNode(ctx, bktInfo, []string{bucketTaggingFilename})
+	multiNode, err := c.getSystemNode(ctx, bktInfo, bucketTaggingFilename)
 	isErrNotFound := errors.Is(err, layer.ErrNodeNotFound)
 	if err != nil && !isErrNotFound {
 		return fmt.Errorf("couldn't get node: %w", err)
@@ -587,12 +669,19 @@ func (c *Tree) PutBucketTagging(ctx context.Context, bktInfo *data.BucketInfo, t
 		return err
 	}
 
-	ind := node.GetLatestNodeIndex()
-	if node.IsSplit() {
-		c.reqLogger(ctx).Warn(logs.FoundSeveralBucketTaggingNodes)
+	latest := multiNode.Latest()
+	ind := latest.GetLatestNodeIndex()
+	if latest.IsSplit() {
+		c.reqLogger(ctx).Error(logs.BucketTaggingNodeHasMultipleIDs, zap.Uint64s("ids", latest.ID))
 	}
 
-	return c.service.MoveNode(ctx, bktInfo, systemTree, node.ID[ind], 0, treeTagSet)
+	if err = c.service.MoveNode(ctx, bktInfo, systemTree, latest.ID[ind], 0, treeTagSet); err != nil {
+		return fmt.Errorf("move bucket tagging node: %w", err)
+	}
+
+	c.cleanOldNodes(ctx, multiNode.Old(), bktInfo)
+
+	return nil
 }
 
 func (c *Tree) DeleteBucketTagging(ctx context.Context, bktInfo *data.BucketInfo) error {
@@ -610,11 +699,13 @@ func (c *Tree) getTreeNode(ctx context.Context, bktInfo *data.BucketInfo, nodeID
 }
 
 func (c *Tree) getTreeNodes(ctx context.Context, bktInfo *data.BucketInfo, nodeID uint64, keys ...string) (map[string]*treeNode, error) {
-	subtree, err := c.service.GetSubTree(ctx, bktInfo, versionTree, []uint64{nodeID}, 2)
+	subtree, err := c.service.GetSubTree(ctx, bktInfo, versionTree, []uint64{nodeID}, 2, false)
 	if err != nil {
 		return nil, err
 	}
 
+	// consider using map[string][]*treeNode
+	// to be able to remove unused node, that can be added during split
 	treeNodes := make(map[string]*treeNode, len(keys))
 
 	for _, s := range subtree {
@@ -689,26 +780,6 @@ func getLatestVersionNode(nodes []NodeResponse) (NodeResponse, error) {
 	return nodes[targetIndexNode], nil
 }
 
-func getLatestNode(nodes []NodeResponse) NodeResponse {
-	if len(nodes) == 0 {
-		return nil
-	}
-
-	var (
-		index        int
-		maxTimestamp uint64
-	)
-
-	for i, node := range nodes {
-		if timestamp := getMaxTimestamp(node); timestamp > maxTimestamp {
-			index = i
-			maxTimestamp = timestamp
-		}
-	}
-
-	return nodes[index]
-}
-
 func getMaxTimestamp(node NodeResponse) uint64 {
 	var maxTimestamp uint64
 
@@ -1022,7 +1093,7 @@ func (c *Tree) getSubTreeByPrefix(ctx context.Context, bktInfo *data.BucketInfo,
 		return nil, "", err
 	}
 
-	subTree, err := c.service.GetSubTree(ctx, bktInfo, treeID, rootID, 2)
+	subTree, err := c.service.GetSubTree(ctx, bktInfo, treeID, rootID, 2, false)
 	if err != nil {
 		if errors.Is(err, layer.ErrNodeNotFound) {
 			return nil, "", nil
@@ -1180,7 +1251,11 @@ func (c *Tree) GetMultipartUploadsByPrefix(ctx context.Context, bktInfo *data.Bu
 }
 
 func (c *Tree) getSubTreeMultipartUploads(ctx context.Context, bktInfo *data.BucketInfo, nodeID []uint64, parentFilePath string) ([]*data.MultipartInfo, error) {
-	subTree, err := c.service.GetSubTree(ctx, bktInfo, systemTree, nodeID, maxGetSubTreeDepth)
+	// sorting in getSubTree leads to skipping nodes that doesn't have FileName attribute
+	// so when we are only interested in multipart nodes, we can set this flag
+	// (despite we sort multiparts in above layer anyway)
+	// to skip its children (parts) that don't have FileName
+	subTree, err := c.service.GetSubTree(ctx, bktInfo, systemTree, nodeID, maxGetSubTreeDepth, true)
 	if err != nil {
 		return nil, err
 	}
@@ -1269,7 +1344,7 @@ func (c *Tree) GetMultipartUpload(ctx context.Context, bktInfo *data.BucketInfo,
 }
 
 func (c *Tree) AddPart(ctx context.Context, bktInfo *data.BucketInfo, multipartNodeID uint64, info *data.PartInfo) (oldObjIDToDelete oid.ID, err error) {
-	parts, err := c.service.GetSubTree(ctx, bktInfo, systemTree, []uint64{multipartNodeID}, 2)
+	parts, err := c.service.GetSubTree(ctx, bktInfo, systemTree, []uint64{multipartNodeID}, 2, false)
 	if err != nil {
 		return oid.ID{}, err
 	}
@@ -1319,7 +1394,7 @@ func (c *Tree) AddPart(ctx context.Context, bktInfo *data.BucketInfo, multipartN
 }
 
 func (c *Tree) GetParts(ctx context.Context, bktInfo *data.BucketInfo, multipartNodeID uint64) ([]*data.PartInfo, error) {
-	parts, err := c.service.GetSubTree(ctx, bktInfo, systemTree, []uint64{multipartNodeID}, 2)
+	parts, err := c.service.GetSubTree(ctx, bktInfo, systemTree, []uint64{multipartNodeID}, 2, false)
 	if err != nil {
 		return nil, err
 	}
@@ -1558,11 +1633,11 @@ func metaFromMultipart(info *data.MultipartInfo, fileName string) map[string]str
 	return info.Meta
 }
 
-func (c *Tree) getSystemNode(ctx context.Context, bktInfo *data.BucketInfo, path []string) (*treeNode, error) {
+func (c *Tree) getSystemNode(ctx context.Context, bktInfo *data.BucketInfo, name string) (*multiSystemNode, error) {
 	p := &GetNodesParams{
 		BktInfo:    bktInfo,
 		TreeID:     systemTree,
-		Path:       path,
+		Path:       []string{name},
 		LatestOnly: false,
 		AllAttrs:   true,
 	}
@@ -1577,10 +1652,10 @@ func (c *Tree) getSystemNode(ctx context.Context, bktInfo *data.BucketInfo, path
 		return nil, layer.ErrNodeNotFound
 	}
 	if len(nodes) != 1 {
-		c.reqLogger(ctx).Warn(logs.FoundSeveralSystemNodes, zap.String("path", strings.Join(path, "/")))
+		c.reqLogger(ctx).Warn(logs.FoundSeveralSystemNodes, zap.String("name", name))
 	}
 
-	return newTreeNode(getLatestNode(nodes))
+	return newMultiNode(nodes)
 }
 
 func filterMultipartNodes(nodes []NodeResponse) []NodeResponse {

pkg/service/tree/tree_client_in_memory.go

@@ -234,7 +234,7 @@ func (c *ServiceClientMemory) GetNodes(_ context.Context, p *GetNodesParams) ([]
 	return res2, nil
 }
 
-func (c *ServiceClientMemory) GetSubTree(_ context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32) ([]NodeResponse, error) {
+func (c *ServiceClientMemory) GetSubTree(_ context.Context, bktInfo *data.BucketInfo, treeID string, rootID []uint64, depth uint32, sort bool) ([]NodeResponse, error) {
 	cnr, ok := c.containers[bktInfo.CID.EncodeToString()]
 	if !ok {
 		return nil, nil
@@ -254,6 +254,10 @@ func (c *ServiceClientMemory) GetSubTree(_ context.Context, bktInfo *data.Bucket
 		return nil, ErrNodeNotFound
 	}
 
+	if sort {
+		sortNode(tr.treeData)
+	}
+
 	// we depth-1 in case of uint32 and 0 as mark to get all subtree leads to overflow and depth is getting quite big to walk all tree levels
 	return node.listNodes(nil, depth-1), nil
 }