[#1696] qos: Fix internal tag adjust

If request has no tag, but request's public key is netmap node's key or
one of allowed internal tag keys from config, then request must use
internal IO tag.

Change-Id: Iff93b626941a81b088d8999b3f2947f9501dcdf8
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>

.ci/Jenkinsfile

@@ -0,0 +1,83 @@
+def golang = ['1.23', '1.24']
+def golangDefault = "golang:${golang.last()}"
+
+async {
+
+    for (version in golang) {
+        def go = version
+
+        task("test/go${go}") {
+            container("golang:${go}") {
+                sh 'make test'
+            }
+        }
+
+        task("build/go${go}") {
+            container("golang:${go}") {
+                for (app in ['cli', 'node', 'ir', 'adm', 'lens']) {
+                    sh """
+                        make bin/frostfs-${app}
+                        bin/frostfs-${app} --version
+                    """
+                }
+            }
+        }
+    }
+
+    task('test/race') {
+        container(golangDefault) {
+            sh 'make test GOFLAGS="-count=1 -race"'
+        }
+    }
+
+    task('lint') {
+        container(golangDefault) {
+            sh 'make lint-install lint'
+        }
+    }
+
+    task('staticcheck') {
+        container(golangDefault) {
+            sh 'make staticcheck-install staticcheck-run'
+        }
+    }
+
+    task('gopls') {
+        container(golangDefault) {
+            sh 'make gopls-install gopls-run'
+        }
+    }
+
+    task('gofumpt') {
+        container(golangDefault) {
+            sh '''
+                make fumpt-install
+                make fumpt
+                git diff --exit-code --quiet
+            '''
+        }
+    }
+
+    task('vulncheck') {
+        container(golangDefault) {
+            sh '''
+                go install golang.org/x/vuln/cmd/govulncheck@latest
+                govulncheck ./...
+            '''
+        }
+    }
+
+    task('pre-commit') {
+        dockerfile("""
+            FROM ${golangDefault}
+            RUN apt update && \
+                apt install -y --no-install-recommends pre-commit
+        """) {
+            withEnv(['SKIP=make-lint,go-staticcheck-repo-mod,go-unit-tests,gofumpt']) {
+                sh 'pre-commit run --color=always --hook-stage=manual --all-files'
+            }
+        }
+    }
+}
+
+// TODO: dco check

.forgejo/workflows/build.yml

@@ -1,6 +1,10 @@
 name: Build
 
-on: [pull_request]
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   build:
@@ -8,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.23', '1.24' ]
 
     steps:
       - uses: actions/checkout@v3

.forgejo/workflows/dco.yml

@@ -13,7 +13,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.22'
+          go-version: '1.24'
 
       - name: Run commit format checker
         uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3

.forgejo/workflows/oci-image.yml

@@ -0,0 +1,28 @@
+name: OCI image
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  image:
+    name: Build container images
+    runs-on: docker
+    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
+    steps:
+      - name: Clone git repo
+        uses: actions/checkout@v3
+
+      - name: Build OCI image
+        run: make images
+
+      - name: Push image to OCI registry
+        run: |
+          echo "$REGISTRY_PASSWORD" \
+            | docker login --username truecloudlab --password-stdin git.frostfs.info
+          make push-images
+        if: >-
+          startsWith(github.ref, 'refs/tags/v') &&
+          (github.event_name == 'workflow_dispatch' || github.event_name == 'push')
+        env:
+          REGISTRY_PASSWORD: ${{secrets.FORGEJO_OCI_REGISTRY_PUSH_TOKEN}}

.forgejo/workflows/pre-commit.yml

@@ -1,5 +1,10 @@
 name: Pre-commit hooks
-on: [pull_request]
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   precommit:
@@ -16,7 +21,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.23
+          go-version: 1.24
       - name: Set up Python
         run: |
           apt update

.forgejo/workflows/tests.yml

@@ -1,5 +1,10 @@
 name: Tests and linters
-on: [pull_request]
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   lint:
@@ -11,7 +16,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.23'
+          go-version: '1.24'
           cache: true
 
       - name: Install linters
@@ -25,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.23', '1.24' ]
       fail-fast: false
     steps:
       - uses: actions/checkout@v3
@@ -48,7 +53,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.22'
+          go-version: '1.24'
           cache: true
 
       - name: Run tests
@@ -63,7 +68,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.23'
+          go-version: '1.24'
           cache: true
 
       - name: Install staticcheck
@@ -99,7 +104,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.23'
+          go-version: '1.24'
           cache: true
 
       - name: Install gofumpt

.forgejo/workflows/vulncheck.yml

@@ -1,5 +1,10 @@
 name: Vulncheck
-on: [pull_request]
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   vulncheck:
@@ -13,7 +18,8 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.23'
+          go-version: '1.24'
+          check-latest: true
 
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest

.golangci.yml

@@ -22,6 +22,11 @@ linters-settings:
     # 'default' case is present, even if all enum members aren't listed in the
     # switch
     default-signifies-exhaustive: true
+  gci:
+    sections:
+      - standard
+      - default
+    custom-order: true
   govet:
     # report about shadowed variables
     check-shadowing: false
@@ -72,6 +77,7 @@ linters:
     - durationcheck
     - exhaustive
     - copyloopvar
+    - gci
     - gofmt
     - goimports
     - misspell
@@ -87,5 +93,9 @@ linters:
     - perfsprint
     - testifylint
     - protogetter
+    - intrange
+    - tenv
+    - unconvert
+    - unparam
   disable-all: true
   fast: false

.woodpecker/pre-commit.yml

@@ -1,11 +0,0 @@
-pipeline:
-  # Kludge for non-root containers under WoodPecker
-  fix-ownership:
-    image: alpine:latest
-    commands: chown -R 1234:1234 .
-
-  pre-commit:
-    image: git.frostfs.info/truecloudlab/frostfs-ci:v0.36
-    commands:
-      - export HOME="$(getent passwd $(id -u) | cut '-d:' -f6)"
-      - pre-commit run --hook-stage manual

CHANGELOG.md

@@ -9,6 +9,30 @@ Changelog for FrostFS Node
 ### Removed
 ### Updated
 
+## [v0.44.0] - 2024-25-11 - Rongbuk
+
+### Added
+- Allow to prioritize nodes during GET traversal via attributes (#1439)
+- Add metrics for the frostfsid cache (#1464)
+- Customize constant attributes attached to every tracing span (#1488)
+- Manage additional keys in the `frostfsid` contract (#1505)
+- Describe `--rule` flag in detail for `frostfs-cli ape-manager` subcommands (#1519)
+
+### Changed
+- Support richer interaction with the console in `frostfs-cli container policy-playground` (#1396)
+- Print address in base58 format in `frostfs-adm morph policy set-admin` (#1515)
+
+### Fixed
+- Fix EC object search (#1408)
+- Fix EC object put when one of the nodes is unavailable (#1427)
+
+### Removed
+- Drop most of the eACL-related code (#1425)
+- Remove `--basic-acl` flag from `frostfs-cli container create` (#1483)
+
+### Upgrading from v0.43.0
+The metabase schema has changed completely, resync is required.
+
 ## [v0.42.0]
 
 ### Added

CODEOWNERS

@@ -0,0 +1,3 @@
+.*          @TrueCloudLab/storage-core-committers @TrueCloudLab/storage-core-developers
+.forgejo/.* @potyarkin
+Makefile    @potyarkin

Makefile

@@ -1,5 +1,6 @@
 #!/usr/bin/make -f
 SHELL = bash
+.SHELLFLAGS = -euo pipefail -c
 
 REPO ?= $(shell go list -m)
 VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")
@@ -7,16 +8,16 @@ VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8
 HUB_IMAGE ?= git.frostfs.info/truecloudlab/frostfs
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"
 
-GO_VERSION ?= 1.22
-LINT_VERSION ?= 1.60.3
-TRUECLOUDLAB_LINT_VERSION ?= 0.0.7
+GO_VERSION ?= 1.23
+LINT_VERSION ?= 1.62.2
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.8
 PROTOC_VERSION ?= 25.0
-PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-api-go/v2)
+PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-sdk-go)
 PROTOC_OS_VERSION=osx-x86_64
 ifeq ($(shell uname), Linux)
 	PROTOC_OS_VERSION=linux-x86_64
 endif
-STATICCHECK_VERSION ?= 2024.1.1
+STATICCHECK_VERSION ?= 2025.1.1
 ARCH = amd64
 
 BIN = bin
@@ -42,7 +43,7 @@ GOFUMPT_VERSION ?= v0.7.0
 GOFUMPT_DIR ?= $(abspath $(BIN))/gofumpt
 GOFUMPT_VERSION_DIR ?= $(GOFUMPT_DIR)/$(GOFUMPT_VERSION)
 
-GOPLS_VERSION ?= v0.15.1
+GOPLS_VERSION ?= v0.17.1
 GOPLS_DIR ?= $(abspath $(BIN))/gopls
 GOPLS_VERSION_DIR ?= $(GOPLS_DIR)/$(GOPLS_VERSION)
 GOPLS_TEMP_FILE := $(shell mktemp)
@@ -115,13 +116,13 @@ protoc:
 # Install protoc
 protoc-install:
 	@rm -rf $(PROTOBUF_DIR)
-	@mkdir $(PROTOBUF_DIR)
+	@mkdir -p $(PROTOBUF_DIR)
 	@echo "⇒ Installing protoc... "
 	@wget -q -O $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip 'https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(PROTOC_OS_VERSION).zip'
 	@unzip -q -o $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip -d $(PROTOC_DIR)
 	@rm $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip
 	@echo "⇒ Instaling protogen FrostFS plugin..."
-	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/protogen@$(PROTOGEN_FROSTFS_VERSION)
+	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/util/protogen@$(PROTOGEN_FROSTFS_VERSION)
 
 # Build FrostFS component's docker image
 image-%:
@@ -139,6 +140,15 @@ images: image-storage image-ir image-cli image-adm
 # Build dirty local Docker images
 dirty-images: image-dirty-storage image-dirty-ir image-dirty-cli image-dirty-adm
 
+# Push FrostFS components' docker image to the registry
+push-image-%:
+	@echo "⇒ Publish FrostFS $* docker image "
+	@docker push $(HUB_IMAGE)-$*:$(HUB_TAG)
+
+# Push all Docker images to the registry
+.PHONY: push-images
+push-images: push-image-storage push-image-ir push-image-cli push-image-adm
+
 # Run `make %` in Golang container
 docker/%:
 	docker run --rm -t \
@@ -160,7 +170,7 @@ imports:
 # Install gofumpt
 fumpt-install:
 	@rm -rf $(GOFUMPT_DIR)
-	@mkdir $(GOFUMPT_DIR)
+	@mkdir -p $(GOFUMPT_DIR)
 	@GOBIN=$(GOFUMPT_VERSION_DIR) go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION)
 
 # Run gofumpt
@@ -177,14 +187,37 @@ test:
 	@echo "⇒ Running go test"
 	@GOFLAGS="$(GOFLAGS)" go test ./...
 
+# Install Gerrit commit-msg hook
+review-install: GIT_HOOK_DIR := $(shell git rev-parse --git-dir)/hooks
+review-install:
+	@git config remote.review.url \
+		|| git remote add review ssh://review.frostfs.info:2222/TrueCloudLab/frostfs-node
+	@mkdir -p $(GIT_HOOK_DIR)/
+	@curl -Lo $(GIT_HOOK_DIR)/commit-msg https://review.frostfs.info/tools/hooks/commit-msg
+	@chmod +x $(GIT_HOOK_DIR)/commit-msg
+	@echo -e '#!/bin/sh\n"$$(git rev-parse --git-path hooks)"/commit-msg "$$1"' >$(GIT_HOOK_DIR)/prepare-commit-msg
+	@chmod +x $(GIT_HOOK_DIR)/prepare-commit-msg
+
+# Create a PR in Gerrit
+review: BRANCH ?= master
+review:
+	@git push review HEAD:refs/for/$(BRANCH) \
+		--push-option r=e.stratonikov@yadro.com \
+		--push-option r=d.stepanov@yadro.com \
+		--push-option r=an.nikiforov@yadro.com \
+		--push-option r=a.arifullin@yadro.com \
+		--push-option r=ekaterina.lebedeva@yadro.com \
+		--push-option r=a.savchuk@yadro.com \
+		--push-option r=a.chuprov@yadro.com
+
 # Run pre-commit
 pre-commit-run:
 	@pre-commit run -a --hook-stage manual
 
 # Install linters
-lint-install:
+lint-install: $(BIN)
 	@rm -rf $(OUTPUT_LINT_DIR)
-	@mkdir $(OUTPUT_LINT_DIR)
+	@mkdir -p $(OUTPUT_LINT_DIR)
 	@mkdir -p $(TMP_DIR)
 	@rm -rf $(TMP_DIR)/linters
 	@git -c advice.detachedHead=false clone --branch v$(TRUECLOUDLAB_LINT_VERSION) https://git.frostfs.info/TrueCloudLab/linters.git $(TMP_DIR)/linters
@@ -203,7 +236,7 @@ lint:
 # Install staticcheck
 staticcheck-install:
 	@rm -rf $(STATICCHECK_DIR)
-	@mkdir $(STATICCHECK_DIR)
+	@mkdir -p $(STATICCHECK_DIR)
 	@GOBIN=$(STATICCHECK_VERSION_DIR) go install honnef.co/go/tools/cmd/staticcheck@$(STATICCHECK_VERSION)
 
 # Run staticcheck
@@ -216,7 +249,7 @@ staticcheck-run:
 # Install gopls
 gopls-install:
 	@rm -rf $(GOPLS_DIR)
-	@mkdir $(GOPLS_DIR)
+	@mkdir -p $(GOPLS_DIR)
 	@GOBIN=$(GOPLS_VERSION_DIR) go install golang.org/x/tools/gopls@$(GOPLS_VERSION)
 
 # Run gopls
@@ -270,10 +303,12 @@ env-up: all
 		echo "Frostfs contracts not found"; exit 1; \
 	fi
 	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph init --contracts ${FROSTFS_CONTRACTS_PATH}
-	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet01.json --gas 10.0
-	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet02.json --gas 10.0
-	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet03.json --gas 10.0
-	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet04.json --gas 10.0
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --gas 10.0 \
+		--storage-wallet ./dev/storage/wallet01.json \
+		--storage-wallet ./dev/storage/wallet02.json \
+		--storage-wallet ./dev/storage/wallet03.json \
+		--storage-wallet ./dev/storage/wallet04.json
+
 	@if [ ! -f "$(LOCODE_DB_PATH)" ]; then \
 		make locode-download; \
 	fi
@@ -282,7 +317,6 @@ env-up: all
 
 # Shutdown dev environment
 env-down:
-	docker compose -f dev/docker-compose.yml down
-	docker volume rm -f frostfs-node_neo-go
+	docker compose -f dev/docker-compose.yml down -v
 	rm -rf ./$(TMP_DIR)/state
 	rm -rf ./$(TMP_DIR)/storage

README.md

@@ -1,5 +1,5 @@
 <p align="center">
-  <img src="./.github/logo.svg" width="500px" alt="FrostFS">
+  <img src="./.forgejo/logo.svg" width="500px" alt="FrostFS">
 </p>
 
 <p align="center">
@@ -98,7 +98,7 @@ See `frostfs-contract`'s README.md for build instructions.
 4. To create container and put object into it run (container and object IDs will be different):
 
 ```
-./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl public-read-write --await
+./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --await
 Enter password >  <- press ENTER, the is no password for wallet
 CID: CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju
 

VERSION

@@ -1 +1 @@
-v0.42.0
+v0.44.0

cmd/frostfs-adm/internal/commonflags/flags.go

@@ -16,10 +16,18 @@ const (
 	EndpointFlagDesc  = "N3 RPC node endpoint"
 	EndpointFlagShort = "r"
 
+	WalletPath          = "wallet"
+	WalletPathShorthand = "w"
+	WalletPathUsage     = "Path to the wallet"
+
 	AlphabetWalletsFlag     = "alphabet-wallets"
 	AlphabetWalletsFlagDesc = "Path to alphabet wallets dir"
 
+	AdminWalletPath  = "wallet-admin"
+	AdminWalletUsage = "Path to the admin wallet"
+
 	LocalDumpFlag                   = "local-dump"
+	ProtoConfigPath                 = "protocol"
 	ContractsInitFlag               = "contracts"
 	ContractsInitFlagDesc           = "Path to archive with compiled FrostFS contracts (the default is to fetch the latest release from the official repository)"
 	ContractsURLFlag                = "contracts-url"

cmd/frostfs-adm/internal/modules/config/config.go

@@ -128,7 +128,7 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	tmpl.AlphabetDir = filepath.Join(appDir, "alphabet-wallets")
 
 	var i innerring.GlagoliticLetter
-	for i = 0; i < innerring.GlagoliticLetter(credSize); i++ {
+	for i = range innerring.GlagoliticLetter(credSize) {
 		tmpl.Glagolitics = append(tmpl.Glagolitics, i.String())
 	}
 

cmd/frostfs-adm/internal/modules/metabase/upgrade.go

@@ -28,6 +28,7 @@ const (
 var (
 	errNoPathsFound          = errors.New("no metabase paths found")
 	errNoMorphEndpointsFound = errors.New("no morph endpoints found")
+	errUpgradeFailed         = errors.New("upgrade failed")
 )
 
 var UpgradeCmd = &cobra.Command{
@@ -91,14 +92,19 @@ func upgrade(cmd *cobra.Command, _ []string) error {
 	if err := eg.Wait(); err != nil {
 		return err
 	}
+	allSuccess := true
 	for mb, ok := range result {
 		if ok {
 			cmd.Println(mb, ": success")
 		} else {
 			cmd.Println(mb, ": failed")
+			allSuccess = false
 		}
 	}
-	return nil
+	if allSuccess {
+		return nil
+	}
+	return errUpgradeFailed
 }
 
 func getMetabasePaths(appCfg *config.Config) ([]string, error) {
@@ -135,7 +141,7 @@ func createContainerInfoProvider(cli *client.Client) (container.InfoProvider, er
 	if err != nil {
 		return nil, fmt.Errorf("resolve container contract hash: %w", err)
 	}
-	cc, err := morphcontainer.NewFromMorph(cli, sh, 0, morphcontainer.TryNotary())
+	cc, err := morphcontainer.NewFromMorph(cli, sh, 0)
 	if err != nil {
 		return nil, fmt.Errorf("create morph container client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/ape/ape.go

@@ -5,35 +5,19 @@ import (
 	"encoding/json"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
 const (
-	namespaceTarget   = "namespace"
-	containerTarget   = "container"
-	userTarget        = "user"
-	groupTarget       = "group"
-	jsonFlag          = "json"
-	jsonFlagDesc      = "Output rule chains in JSON format"
-	chainIDFlag       = "chain-id"
-	chainIDDesc       = "Rule chain ID"
-	ruleFlag          = "rule"
-	ruleFlagDesc      = "Rule chain in text format"
-	pathFlag          = "path"
-	pathFlagDesc      = "path to encoded chain in JSON or binary format"
-	targetNameFlag    = "target-name"
-	targetNameDesc    = "Resource name in APE resource name format"
-	targetTypeFlag    = "target-type"
-	targetTypeDesc    = "Resource type(container/namespace)"
-	addrAdminFlag     = "addr"
-	addrAdminDesc     = "The address of the admins wallet"
-	chainNameFlag     = "chain-name"
-	chainNameFlagDesc = "Chain name(ingress|s3)"
+	jsonFlag      = "json"
+	jsonFlagDesc  = "Output rule chains in JSON format"
+	addrAdminFlag = "addr"
+	addrAdminDesc = "The address of the admins wallet"
 )
 
 var (
@@ -101,17 +85,17 @@ func initAddRuleChainCmd() {
 	addRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	addRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 
-	addRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(targetTypeFlag)
-	addRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(targetNameFlag)
+	addRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	addRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
 
-	addRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(chainIDFlag)
-	addRuleChainCmd.Flags().StringArray(ruleFlag, []string{}, ruleFlagDesc)
-	addRuleChainCmd.Flags().String(pathFlag, "", pathFlagDesc)
-	addRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
-	addRuleChainCmd.MarkFlagsMutuallyExclusive(ruleFlag, pathFlag)
+	addRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
+	addRuleChainCmd.Flags().StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
+	addRuleChainCmd.Flags().String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
+	addRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
+	addRuleChainCmd.MarkFlagsMutuallyExclusive(apeCmd.RuleFlag, apeCmd.PathFlag)
 }
 
 func initRemoveRuleChainCmd() {
@@ -120,26 +104,25 @@ func initRemoveRuleChainCmd() {
 	removeRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	removeRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 
-	removeRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(targetTypeFlag)
-	removeRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(targetNameFlag)
-	removeRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
-	removeRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	removeRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	removeRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
+	removeRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	removeRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
 	removeRuleChainCmd.Flags().Bool(commonflags.AllFlag, false, "Remove all chains for target")
-	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, chainIDFlag)
+	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, apeCmd.ChainIDFlag)
 }
 
 func initListRuleChainsCmd() {
 	Cmd.AddCommand(listRuleChainsCmd)
 
 	listRuleChainsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listRuleChainsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
-	_ = listRuleChainsCmd.MarkFlagRequired(targetTypeFlag)
-	listRuleChainsCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = listRuleChainsCmd.MarkFlagRequired(targetNameFlag)
+	listRuleChainsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
+	_ = listRuleChainsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	listRuleChainsCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
 	listRuleChainsCmd.Flags().Bool(jsonFlag, false, jsonFlagDesc)
-	listRuleChainsCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	listRuleChainsCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
 }
 
 func initSetAdminCmd() {
@@ -161,15 +144,15 @@ func initListTargetsCmd() {
 	Cmd.AddCommand(listTargetsCmd)
 
 	listTargetsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listTargetsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
-	_ = listTargetsCmd.MarkFlagRequired(targetTypeFlag)
+	listTargetsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
+	_ = listTargetsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }
 
 func addRuleChain(cmd *cobra.Command, _ []string) {
-	chain := parseChain(cmd)
+	chain := apeCmd.ParseChain(cmd)
 	target := parseTarget(cmd)
 	pci, ac := newPolicyContractInterface(cmd)
-	h, vub, err := pci.AddMorphRuleChain(parseChainName(cmd), target, chain)
+	h, vub, err := pci.AddMorphRuleChain(apeCmd.ParseChainName(cmd), target, chain)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = ac.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "add rule chain error: %w", err)
@@ -181,14 +164,14 @@ func removeRuleChain(cmd *cobra.Command, _ []string) {
 	pci, ac := newPolicyContractInterface(cmd)
 	removeAll, _ := cmd.Flags().GetBool(commonflags.AllFlag)
 	if removeAll {
-		h, vub, err := pci.RemoveMorphRuleChainsByTarget(parseChainName(cmd), target)
+		h, vub, err := pci.RemoveMorphRuleChainsByTarget(apeCmd.ParseChainName(cmd), target)
 		cmd.Println("Waiting for transaction to persist...")
 		_, err = ac.Wait(h, vub, err)
 		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
 		cmd.Println("All chains for target removed successfully")
 	} else {
-		chainID := parseChainID(cmd)
-		h, vub, err := pci.RemoveMorphRuleChain(parseChainName(cmd), target, chainID)
+		chainID := apeCmd.ParseChainID(cmd)
+		h, vub, err := pci.RemoveMorphRuleChain(apeCmd.ParseChainName(cmd), target, chainID)
 		cmd.Println("Waiting for transaction to persist...")
 		_, err = ac.Wait(h, vub, err)
 		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
@@ -199,7 +182,7 @@ func removeRuleChain(cmd *cobra.Command, _ []string) {
 func listRuleChains(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
 	pci, _ := newPolicyContractReaderInterface(cmd)
-	chains, err := pci.ListMorphRuleChains(parseChainName(cmd), target)
+	chains, err := pci.ListMorphRuleChains(apeCmd.ParseChainName(cmd), target)
 	commonCmd.ExitOnErr(cmd, "list rule chains error: %w", err)
 	if len(chains) == 0 {
 		return
@@ -210,14 +193,14 @@ func listRuleChains(cmd *cobra.Command, _ []string) {
 		prettyJSONFormat(cmd, chains)
 	} else {
 		for _, c := range chains {
-			parseutil.PrintHumanReadableAPEChain(cmd, c)
+			apeCmd.PrintHumanReadableAPEChain(cmd, c)
 		}
 	}
 }
 
 func setAdmin(cmd *cobra.Command, _ []string) {
 	s, _ := cmd.Flags().GetString(addrAdminFlag)
-	addr, err := util.Uint160DecodeStringLE(s)
+	addr, err := address.StringToUint160(s)
 	commonCmd.ExitOnErr(cmd, "can't decode admin addr: %w", err)
 	pci, ac := newPolicyContractInterface(cmd)
 	h, vub, err := pci.SetAdmin(addr)
@@ -231,12 +214,11 @@ func getAdmin(cmd *cobra.Command, _ []string) {
 	pci, _ := newPolicyContractReaderInterface(cmd)
 	addr, err := pci.GetAdmin()
 	commonCmd.ExitOnErr(cmd, "unable to get admin: %w", err)
-	cmd.Println(addr.StringLE())
+	cmd.Println(address.Uint160ToString(addr))
 }
 
 func listTargets(cmd *cobra.Command, _ []string) {
-	typ, err := parseTargetType(cmd)
-	commonCmd.ExitOnErr(cmd, "parse target type error: %w", err)
+	typ := apeCmd.ParseTargetType(cmd)
 	pci, inv := newPolicyContractReaderInterface(cmd)
 
 	sid, it, err := pci.ListTargetsIterator(typ)

cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go

@@ -2,13 +2,14 @@ package ape
 
 import (
 	"errors"
-	"strings"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	morph "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
@@ -18,90 +19,29 @@ import (
 	"github.com/spf13/viper"
 )
 
-const (
-	ingress = "ingress"
-	s3      = "s3"
-)
-
-var mChainName = map[string]apechain.Name{
-	ingress: apechain.Ingress,
-	s3:      apechain.S3,
-}
-
-var (
-	errUnknownTargetType    = errors.New("unknown target type")
-	errChainIDCannotBeEmpty = errors.New("chain id cannot be empty")
-	errRuleIsNotParsed      = errors.New("rule is not passed")
-	errUnsupportedChainName = errors.New("unsupported chain name")
-)
+var errUnknownTargetType = errors.New("unknown target type")
 
 func parseTarget(cmd *cobra.Command) policyengine.Target {
-	name, _ := cmd.Flags().GetString(targetNameFlag)
-	typ, err := parseTargetType(cmd)
-
-	// interpret "root" namespace as empty
-	if typ == policyengine.Namespace && name == "root" {
-		name = ""
-	}
-
-	commonCmd.ExitOnErr(cmd, "read target type error: %w", err)
-
-	return policyengine.Target{
-		Name: name,
-		Type: typ,
-	}
-}
-
-func parseTargetType(cmd *cobra.Command) (policyengine.TargetType, error) {
-	typ, _ := cmd.Flags().GetString(targetTypeFlag)
+	typ := apeCmd.ParseTargetType(cmd)
+	name, _ := cmd.Flags().GetString(apeCmd.TargetNameFlag)
 	switch typ {
-	case namespaceTarget:
-		return policyengine.Namespace, nil
-	case containerTarget:
-		return policyengine.Container, nil
-	case userTarget:
-		return policyengine.User, nil
-	case groupTarget:
-		return policyengine.Group, nil
+	case policyengine.Namespace:
+		if name == "root" {
+			name = ""
+		}
+		return policyengine.NamespaceTarget(name)
+	case policyengine.Container:
+		var cnr cid.ID
+		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
+		return policyengine.ContainerTarget(name)
+	case policyengine.User:
+		return policyengine.UserTarget(name)
+	case policyengine.Group:
+		return policyengine.GroupTarget(name)
+	default:
+		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
 	}
-	return -1, errUnknownTargetType
-}
-
-func parseChainID(cmd *cobra.Command) apechain.ID {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
-			errChainIDCannotBeEmpty)
-	}
-	return apechain.ID(chainID)
-}
-
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chain := new(apechain.Chain)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errRuleIsNotParsed)
-	}
-
-	chain.ID = parseChainID(cmd)
-
-	cmd.Println("Parsed chain:")
-	parseutil.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}
-
-func parseChainName(cmd *cobra.Command) apechain.Name {
-	chainName, _ := cmd.Flags().GetString(chainNameFlag)
-	apeChainName, ok := mChainName[strings.ToLower(chainName)]
-	if !ok {
-		commonCmd.ExitOnErr(cmd, "", errUnsupportedChainName)
-	}
-	return apeChainName
+	panic("unreachable")
 }
 
 // invokerAdapter adapats invoker.Invoker to ContractStorageInvoker interface.
@@ -115,16 +55,15 @@ func (n *invokerAdapter) GetRPCInvoker() invoker.RPCInvoke {
 }
 
 func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorageReader, *invoker.Invoker) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	inv := invoker.New(c, nil)
-	var ch util.Uint160
 	r := management.NewReader(inv)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
 
-	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	ch, err := helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
 	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
 
 	invokerAdapter := &invokerAdapter{
@@ -136,10 +75,11 @@ func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorag
 }
 
 func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *helper.LocalActor) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
-	ac, err := helper.NewLocalActor(cmd, c)
+	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
+	ac, err := helper.NewLocalActor(c, &helper.AlphabetWallets{Path: walletDir, Label: constants.ConsensusAccountName})
 	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
 
 	var ch util.Uint160

cmd/frostfs-adm/internal/modules/morph/balance/balance.go

@@ -51,7 +51,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		nmHash          util.Uint160
 	)
 
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return err
 	}

cmd/frostfs-adm/internal/modules/morph/config/config.go

@@ -26,7 +26,7 @@ import (
 const forceConfigSet = "force"
 
 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@@ -65,14 +65,14 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 			nbuf := make([]byte, 8)
 			copy(nbuf[:], v)
 			n := binary.LittleEndian.Uint64(nbuf)
-			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%d (int)\n", k, n)))
+			_, _ = tw.Write(fmt.Appendf(nil, "%s:\t%d (int)\n", k, n))
 		case netmap.HomomorphicHashingDisabledKey, netmap.MaintenanceModeAllowedConfig:
 			if len(v) == 0 || len(v) > 1 {
 				return helper.InvalidConfigValueErr(k)
 			}
-			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%t (bool)\n", k, v[0] == 1)))
+			_, _ = tw.Write(fmt.Appendf(nil, "%s:\t%t (bool)\n", k, v[0] == 1))
 		default:
-			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%s (hex)\n", k, hex.EncodeToString(v))))
+			_, _ = tw.Write(fmt.Appendf(nil, "%s:\t%s (hex)\n", k, hex.EncodeToString(v)))
 		}
 	}
 

cmd/frostfs-adm/internal/modules/morph/constants/const.go

@@ -4,7 +4,6 @@ import "time"
 
 const (
 	ConsensusAccountName = "consensus"
-	ProtoConfigPath      = "protocol"
 
 	// MaxAlphabetNodes is the maximum number of candidates allowed, which is currently limited by the size
 	// of the invocation script.

cmd/frostfs-adm/internal/modules/morph/container/container.go

@@ -76,7 +76,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}
 
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@@ -157,7 +157,7 @@ func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invo
 }
 
 func listContainers(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go

@@ -36,7 +36,7 @@ type contractDumpInfo struct {
 }
 
 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@@ -219,8 +219,8 @@ func printContractInfo(cmd *cobra.Command, infos []contractDumpInfo) {
 		if info.version == "" {
 			info.version = "unknown"
 		}
-		_, _ = tw.Write([]byte(fmt.Sprintf("%s\t(%s):\t%s\n",
-			info.name, info.version, info.hash.StringLE())))
+		_, _ = tw.Write(fmt.Appendf(nil, "%s\t(%s):\t%s\n",
+			info.name, info.version, info.hash.StringLE()))
 	}
 	_ = tw.Flush()
 

cmd/frostfs-adm/internal/modules/morph/frostfsid/additional_keys.go

@@ -0,0 +1,83 @@
+package frostfsid
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	frostfsidAddSubjectKeyCmd = &cobra.Command{
+		Use:   "add-subject-key",
+		Short: "Add a public key to the subject in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidAddSubjectKey,
+	}
+	frostfsidRemoveSubjectKeyCmd = &cobra.Command{
+		Use:   "remove-subject-key",
+		Short: "Remove a public key from the subject in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidRemoveSubjectKey,
+	}
+)
+
+func initFrostfsIDAddSubjectKeyCmd() {
+	Cmd.AddCommand(frostfsidAddSubjectKeyCmd)
+
+	ff := frostfsidAddSubjectKeyCmd.Flags()
+	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+
+	ff.String(subjectAddressFlag, "", "Subject address")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
+
+	ff.String(subjectKeyFlag, "", "Public key to add")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
+}
+
+func initFrostfsIDRemoveSubjectKeyCmd() {
+	Cmd.AddCommand(frostfsidRemoveSubjectKeyCmd)
+
+	ff := frostfsidRemoveSubjectKeyCmd.Flags()
+	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+
+	ff.String(subjectAddressFlag, "", "Subject address")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
+
+	ff.String(subjectKeyFlag, "", "Public key to remove")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
+}
+
+func frostfsidAddSubjectKey(cmd *cobra.Command, _ []string) {
+	addr := getFrostfsIDSubjectAddress(cmd)
+	pub := getFrostfsIDSubjectKey(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.AddSubjectKeyCall(addr, pub))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "add subject key: %w", err)
+}
+
+func frostfsidRemoveSubjectKey(cmd *cobra.Command, _ []string) {
+	addr := getFrostfsIDSubjectAddress(cmd)
+	pub := getFrostfsIDSubjectKey(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.RemoveSubjectKeyCall(addr, pub))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "remove subject key: %w", err)
+}

cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go

@@ -34,11 +34,16 @@ const (
 	subjectNameFlag    = "subject-name"
 	subjectKeyFlag     = "subject-key"
 	subjectAddressFlag = "subject-address"
-	includeNamesFlag   = "include-names"
+	extendedFlag       = "extended"
 	groupNameFlag      = "group-name"
 	groupIDFlag        = "group-id"
 
 	rootNamespacePlaceholder = "<root>"
+
+	keyFlag       = "key"
+	keyDescFlag   = "Key for storing a value in the subject's KV storage"
+	valueFlag     = "value"
+	valueDescFlag = "Value to be stored in the subject's KV storage"
 )
 
 var (
@@ -61,7 +66,6 @@ var (
 		Use:   "list-namespaces",
 		Short: "List all namespaces in frostfsid",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListNamespaces,
@@ -91,7 +95,6 @@ var (
 		Use:   "list-subjects",
 		Short: "List subjects in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListSubjects,
@@ -121,7 +124,6 @@ var (
 		Use:   "list-groups",
 		Short: "List groups in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroups,
@@ -151,11 +153,27 @@ var (
 		Use:   "list-group-subjects",
 		Short: "List subjects in group",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroupSubjects,
 	}
+
+	frostfsidSetKVCmd = &cobra.Command{
+		Use:   "set-kv",
+		Short: "Store a key-value pair in the subject's KV storage",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidSetKV,
+	}
+	frostfsidDeleteKVCmd = &cobra.Command{
+		Use:   "delete-kv",
+		Short: "Delete a value from the subject's KV storage",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidDeleteKV,
+	}
 )
 
 func initFrostfsIDCreateNamespaceCmd() {
@@ -169,7 +187,6 @@ func initFrostfsIDCreateNamespaceCmd() {
 func initFrostfsIDListNamespacesCmd() {
 	Cmd.AddCommand(frostfsidListNamespacesCmd)
 	frostfsidListNamespacesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	frostfsidListNamespacesCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDCreateSubjectCmd() {
@@ -192,8 +209,7 @@ func initFrostfsIDListSubjectsCmd() {
 	Cmd.AddCommand(frostfsidListSubjectsCmd)
 	frostfsidListSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace to list subjects")
-	frostfsidListSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
-	frostfsidListSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	frostfsidListSubjectsCmd.Flags().Bool(extendedFlag, false, "Whether include subject info (require additional requests)")
 }
 
 func initFrostfsIDCreateGroupCmd() {
@@ -217,7 +233,6 @@ func initFrostfsIDListGroupsCmd() {
 	Cmd.AddCommand(frostfsidListGroupsCmd)
 	frostfsidListGroupsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupsCmd.Flags().String(namespaceFlag, "", "Namespace to list groups")
-	frostfsidListGroupsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDAddSubjectToGroupCmd() {
@@ -241,8 +256,22 @@ func initFrostfsIDListGroupSubjectsCmd() {
 	frostfsidListGroupSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace name")
 	frostfsidListGroupSubjectsCmd.Flags().Int64(groupIDFlag, 0, "Group id")
-	frostfsidListGroupSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
-	frostfsidListGroupSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	frostfsidListGroupSubjectsCmd.Flags().Bool(extendedFlag, false, "Whether include subject info (require additional requests)")
+}
+
+func initFrostfsIDSetKVCmd() {
+	Cmd.AddCommand(frostfsidSetKVCmd)
+	frostfsidSetKVCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidSetKVCmd.Flags().String(subjectAddressFlag, "", "Subject address")
+	frostfsidSetKVCmd.Flags().String(keyFlag, "", keyDescFlag)
+	frostfsidSetKVCmd.Flags().String(valueFlag, "", valueDescFlag)
+}
+
+func initFrostfsIDDeleteKVCmd() {
+	Cmd.AddCommand(frostfsidDeleteKVCmd)
+	frostfsidDeleteKVCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidDeleteKVCmd.Flags().String(subjectAddressFlag, "", "Subject address")
+	frostfsidDeleteKVCmd.Flags().String(keyFlag, "", keyDescFlag)
 }
 
 func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
@@ -262,7 +291,7 @@ func frostfsidListNamespaces(cmd *cobra.Command, _ []string) {
 	reader := frostfsidrpclient.NewReader(inv, hash)
 	sessionID, it, err := reader.ListNamespaces()
 	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
-	items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
+	items, err := readIterator(inv, &it, sessionID)
 	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
 
 	namespaces, err := frostfsidclient.ParseNamespaces(items)
@@ -307,34 +336,32 @@ func frostfsidDeleteSubject(cmd *cobra.Command, _ []string) {
 }
 
 func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
-	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
+	extended, _ := cmd.Flags().GetBool(extendedFlag)
 	ns := getFrostfsIDNamespace(cmd)
 	inv, _, hash := initInvoker(cmd)
 	reader := frostfsidrpclient.NewReader(inv, hash)
 	sessionID, it, err := reader.ListNamespaceSubjects(ns)
 	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
 
-	subAddresses, err := frostfsidclient.UnwrapArrayOfUint160(readIterator(inv, &it, iteratorBatchSize, sessionID))
+	subAddresses, err := frostfsidclient.UnwrapArrayOfUint160(readIterator(inv, &it, sessionID))
 	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
 
 	sort.Slice(subAddresses, func(i, j int) bool { return subAddresses[i].Less(subAddresses[j]) })
 
 	for _, addr := range subAddresses {
-		if !includeNames {
+		if !extended {
 			cmd.Println(address.Uint160ToString(addr))
 			continue
 		}
 
-		sessionID, it, err := reader.ListSubjects()
+		items, err := reader.GetSubject(addr)
 		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
 
-		items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
-		commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
-
 		subj, err := frostfsidclient.ParseSubject(items)
 		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
 
-		cmd.Printf("%s (%s)\n", address.Uint160ToString(addr), subj.Name)
+		printSubjectInfo(cmd, addr, subj)
+		cmd.Println()
 	}
 }
 
@@ -374,7 +401,7 @@ func frostfsidListGroups(cmd *cobra.Command, _ []string) {
 	sessionID, it, err := reader.ListGroups(ns)
 	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
 
-	items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
+	items, err := readIterator(inv, &it, sessionID)
 	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
 	groups, err := frostfsidclient.ParseGroups(items)
 	commonCmd.ExitOnErr(cmd, "can't parse groups: %w", err)
@@ -412,10 +439,49 @@ func frostfsidRemoveSubjectFromGroup(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "remove subject from group error: %w", err)
 }
 
+func frostfsidSetKV(cmd *cobra.Command, _ []string) {
+	subjectAddress := getFrostfsIDSubjectAddress(cmd)
+	key, _ := cmd.Flags().GetString(keyFlag)
+	value, _ := cmd.Flags().GetString(valueFlag)
+
+	if key == "" {
+		commonCmd.ExitOnErr(cmd, "", errors.New("key can't be empty"))
+	}
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	method, args := ffsid.roCli.SetSubjectKVCall(subjectAddress, key, value)
+
+	ffsid.addCall(method, args)
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "set KV: %w", err)
+}
+
+func frostfsidDeleteKV(cmd *cobra.Command, _ []string) {
+	subjectAddress := getFrostfsIDSubjectAddress(cmd)
+	key, _ := cmd.Flags().GetString(keyFlag)
+
+	if key == "" {
+		commonCmd.ExitOnErr(cmd, "", errors.New("key can't be empty"))
+	}
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	method, args := ffsid.roCli.DeleteSubjectKVCall(subjectAddress, key)
+
+	ffsid.addCall(method, args)
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "delete KV: %w", err)
+}
+
 func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 	ns := getFrostfsIDNamespace(cmd)
 	groupID := getFrostfsIDGroupID(cmd)
-	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
+	extended, _ := cmd.Flags().GetBool(extendedFlag)
 	inv, cs, hash := initInvoker(cmd)
 	_, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
 	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
@@ -424,7 +490,7 @@ func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 	sessionID, it, err := reader.ListGroupSubjects(ns, big.NewInt(groupID))
 	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
 
-	items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
+	items, err := readIterator(inv, &it, sessionID)
 	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
 
 	subjects, err := frostfsidclient.UnwrapArrayOfUint160(items, err)
@@ -433,7 +499,7 @@ func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 	sort.Slice(subjects, func(i, j int) bool { return subjects[i].Less(subjects[j]) })
 
 	for _, subjAddr := range subjects {
-		if !includeNames {
+		if !extended {
 			cmd.Println(address.Uint160ToString(subjAddr))
 			continue
 		}
@@ -442,7 +508,8 @@ func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
 		subj, err := frostfsidclient.ParseSubject(items)
 		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
-		cmd.Printf("%s (%s)\n", address.Uint160ToString(subjAddr), subj.Name)
+		printSubjectInfo(cmd, subjAddr, subj)
+		cmd.Println()
 	}
 }
 
@@ -497,32 +564,28 @@ func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
 	}
 	f.bw.Reset()
 
-	if len(f.wCtx.SentTxs) == 0 {
-		return nil, errors.New("no transactions to wait")
-	}
-
 	f.wCtx.Command.Println("Waiting for transactions to persist...")
 	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
 }
 
-func readIterator(inv *invoker.Invoker, iter *result.Iterator, batchSize int, sessionID uuid.UUID) ([]stackitem.Item, error) {
+func readIterator(inv *invoker.Invoker, iter *result.Iterator, sessionID uuid.UUID) ([]stackitem.Item, error) {
 	var shouldStop bool
 	res := make([]stackitem.Item, 0)
 	for !shouldStop {
-		items, err := inv.TraverseIterator(sessionID, iter, batchSize)
+		items, err := inv.TraverseIterator(sessionID, iter, iteratorBatchSize)
 		if err != nil {
 			return nil, err
 		}
 
 		res = append(res, items...)
-		shouldStop = len(items) < batchSize
+		shouldStop = len(items) < iteratorBatchSize
 	}
 
 	return res, nil
 }
 
 func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Uint160) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 
 	inv := invoker.New(c, nil)
@@ -536,3 +599,30 @@ func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Ui
 
 	return inv, cs, nmHash
 }
+
+func printSubjectInfo(cmd *cobra.Command, addr util.Uint160, subj *frostfsidclient.Subject) {
+	cmd.Printf("Address: %s\n", address.Uint160ToString(addr))
+	pk := "<nil>"
+	if subj.PrimaryKey != nil {
+		pk = subj.PrimaryKey.String()
+	}
+	cmd.Printf("Primary key: %s\n", pk)
+	cmd.Printf("Name: %s\n", subj.Name)
+	cmd.Printf("Namespace: %s\n", subj.Namespace)
+	if len(subj.AdditionalKeys) > 0 {
+		cmd.Printf("Additional keys:\n")
+		for _, key := range subj.AdditionalKeys {
+			k := "<nil>"
+			if key != nil {
+				k = key.String()
+			}
+			cmd.Printf("- %s\n", k)
+		}
+	}
+	if len(subj.KV) > 0 {
+		cmd.Printf("KV:\n")
+		for k, v := range subj.KV {
+			cmd.Printf("- %s: %s\n", k, v)
+		}
+	}
+}

cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go

@@ -1,59 +1,12 @@
 package frostfsid
 
 import (
-	"encoding/hex"
 	"testing"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
 
-func TestFrostfsIDConfig(t *testing.T) {
-	pks := make([]*keys.PrivateKey, 4)
-	for i := range pks {
-		pk, err := keys.NewPrivateKey()
-		require.NoError(t, err)
-		pks[i] = pk
-	}
-
-	fmts := []string{
-		pks[0].GetScriptHash().StringLE(),
-		address.Uint160ToString(pks[1].GetScriptHash()),
-		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
-		hex.EncodeToString(pks[3].PublicKey().Bytes()),
-	}
-
-	for i := range fmts {
-		v := viper.New()
-		v.Set("frostfsid.admin", fmts[i])
-
-		actual, found, err := helper.GetFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.True(t, found)
-		require.Equal(t, pks[i].GetScriptHash(), actual)
-	}
-
-	t.Run("bad key", func(t *testing.T) {
-		v := viper.New()
-		v.Set("frostfsid.admin", "abc")
-
-		_, found, err := helper.GetFrostfsIDAdmin(v)
-		require.Error(t, err)
-		require.True(t, found)
-	})
-	t.Run("missing key", func(t *testing.T) {
-		v := viper.New()
-
-		_, found, err := helper.GetFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.False(t, found)
-	})
-}
-
 func TestNamespaceRegexp(t *testing.T) {
 	for _, tc := range []struct {
 		name      string

cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go

@@ -12,4 +12,8 @@ func init() {
 	initFrostfsIDAddSubjectToGroupCmd()
 	initFrostfsIDRemoveSubjectFromGroupCmd()
 	initFrostfsIDListGroupSubjectsCmd()
+	initFrostfsIDSetKVCmd()
+	initFrostfsIDDeleteKVCmd()
+	initFrostfsIDAddSubjectKeyCmd()
+	initFrostfsIDRemoveSubjectKeyCmd()
 }

cmd/frostfs-adm/internal/modules/morph/generate/generate.go

@@ -12,7 +12,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
@@ -141,60 +140,29 @@ func addMultisigAccount(w *wallet.Wallet, m int, name, password string, pubs key
 }
 
 func generateStorageCreds(cmd *cobra.Command, _ []string) error {
-	return refillGas(cmd, storageGasConfigFlag, true)
-}
-
-func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error) {
-	// storage wallet path is not part of the config
-	storageWalletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
-	// wallet address is not part of the config
-	walletAddress, _ := cmd.Flags().GetString(walletAddressFlag)
-
-	var gasReceiver util.Uint160
-
-	if len(walletAddress) != 0 {
-		gasReceiver, err = address.StringToUint160(walletAddress)
-		if err != nil {
-			return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
-		}
-	} else {
-		if storageWalletPath == "" {
-			return fmt.Errorf("missing wallet path (use '--%s <out.json>')", commonflags.StorageWalletFlag)
-		}
-
-		var w *wallet.Wallet
-
-		if createWallet {
-			w, err = wallet.NewWallet(storageWalletPath)
-		} else {
-			w, err = wallet.NewWalletFromFile(storageWalletPath)
-		}
-
-		if err != nil {
-			return fmt.Errorf("can't create wallet: %w", err)
-		}
-
-		if createWallet {
-			var password string
-
-			label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
-			password, err := config.GetStoragePassword(viper.GetViper(), label)
-			if err != nil {
-				return fmt.Errorf("can't fetch password: %w", err)
-			}
-
-			if label == "" {
-				label = constants.SingleAccountName
-			}
-
-			if err := w.CreateAccount(label, password); err != nil {
-				return fmt.Errorf("can't create account: %w", err)
-			}
-		}
-
-		gasReceiver = w.Accounts[0].Contract.ScriptHash()
+	walletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
+	w, err := wallet.NewWallet(walletPath)
+	if err != nil {
+		return fmt.Errorf("create wallet: %w", err)
 	}
 
+	label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
+	password, err := config.GetStoragePassword(viper.GetViper(), label)
+	if err != nil {
+		return fmt.Errorf("can't fetch password: %w", err)
+	}
+
+	if label == "" {
+		label = constants.SingleAccountName
+	}
+
+	if err := w.CreateAccount(label, password); err != nil {
+		return fmt.Errorf("can't create account: %w", err)
+	}
+	return refillGas(cmd, storageGasConfigFlag, w.Accounts[0].ScriptHash())
+}
+
+func refillGas(cmd *cobra.Command, gasFlag string, gasReceivers ...util.Uint160) (err error) {
 	gasStr := viper.GetString(gasFlag)
 
 	gasAmount, err := helper.ParseGASAmount(gasStr)
@@ -208,9 +176,11 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error
 	}
 
 	bw := io.NewBufBinWriter()
-	emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
-		wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
-	emit.Opcodes(bw.BinWriter, opcode.ASSERT)
+	for _, gasReceiver := range gasReceivers {
+		emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
+			wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
+		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
+	}
 	if bw.Err != nil {
 		return fmt.Errorf("BUG: invalid transfer arguments: %w", bw.Err)
 	}

cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go

@@ -63,7 +63,7 @@ func TestGenerateAlphabet(t *testing.T) {
 	buf.Reset()
 	v.Set(commonflags.AlphabetWalletsFlag, walletDir)
 	require.NoError(t, GenerateAlphabetCmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
-	for i := uint64(0); i < size; i++ {
+	for i := range uint64(size) {
 		buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 	}
 

cmd/frostfs-adm/internal/modules/morph/generate/root.go

@@ -1,7 +1,12 @@
 package generate
 
 import (
+	"fmt"
+
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -33,7 +38,27 @@ var (
 			_ = viper.BindPFlag(commonflags.RefillGasAmountFlag, cmd.Flags().Lookup(commonflags.RefillGasAmountFlag))
 		},
 		RunE: func(cmd *cobra.Command, _ []string) error {
-			return refillGas(cmd, commonflags.RefillGasAmountFlag, false)
+			storageWalletPaths, _ := cmd.Flags().GetStringArray(commonflags.StorageWalletFlag)
+			walletAddresses, _ := cmd.Flags().GetStringArray(walletAddressFlag)
+
+			var gasReceivers []util.Uint160
+			for _, walletAddress := range walletAddresses {
+				addr, err := address.StringToUint160(walletAddress)
+				if err != nil {
+					return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
+				}
+
+				gasReceivers = append(gasReceivers, addr)
+			}
+			for _, storageWalletPath := range storageWalletPaths {
+				w, err := wallet.NewWalletFromFile(storageWalletPath)
+				if err != nil {
+					return fmt.Errorf("can't create wallet: %w", err)
+				}
+
+				gasReceivers = append(gasReceivers, w.Accounts[0].Contract.ScriptHash())
+			}
+			return refillGas(cmd, commonflags.RefillGasAmountFlag, gasReceivers...)
 		},
 	}
 	GenerateAlphabetCmd = &cobra.Command{
@@ -50,10 +75,10 @@ var (
 func initRefillGasCmd() {
 	RefillGasCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	RefillGasCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	RefillGasCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
-	RefillGasCmd.Flags().String(walletAddressFlag, "", "Address of wallet")
+	RefillGasCmd.Flags().StringArray(commonflags.StorageWalletFlag, nil, "Path to storage node wallet")
+	RefillGasCmd.Flags().StringArray(walletAddressFlag, nil, "Address of wallet")
 	RefillGasCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Additional amount of GAS to transfer")
-	RefillGasCmd.MarkFlagsMutuallyExclusive(walletAddressFlag, commonflags.StorageWalletFlag)
+	RefillGasCmd.MarkFlagsOneRequired(walletAddressFlag, commonflags.StorageWalletFlag)
 }
 
 func initGenerateStorageCmd() {

cmd/frostfs-adm/internal/modules/morph/helper/actor.go

@@ -3,10 +3,6 @@ package helper
 import (
 	"fmt"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
@@ -17,7 +13,6 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
-	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
@@ -29,44 +24,88 @@ type LocalActor struct {
 	rpcInvoker invoker.RPCInvoke
 }
 
+type AlphabetWallets struct {
+	Label string
+	Path  string
+}
+
+func (a *AlphabetWallets) GetAccount(v *viper.Viper) ([]*wallet.Account, error) {
+	w, err := GetAlphabetWallets(v, a.Path)
+	if err != nil {
+		return nil, err
+	}
+
+	var accounts []*wallet.Account
+	for _, wall := range w {
+		acc, err := GetWalletAccount(wall, a.Label)
+		if err != nil {
+			return nil, err
+		}
+		accounts = append(accounts, acc)
+	}
+	return accounts, nil
+}
+
+type RegularWallets struct{ Path string }
+
+func (r *RegularWallets) GetAccount() ([]*wallet.Account, error) {
+	w, err := getRegularWallet(r.Path)
+	if err != nil {
+		return nil, err
+	}
+
+	return []*wallet.Account{w.GetAccount(w.GetChangeAddress())}, nil
+}
+
 // NewLocalActor create LocalActor with accounts form provided wallets.
 // In case of empty wallets provided created actor with dummy account only for read operation.
-func NewLocalActor(cmd *cobra.Command, c actor.RPCActor) (*LocalActor, error) {
-	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
+//
+// If wallets are provided, the contract client will use accounts with accName name from these wallets.
+// To determine which account name should be used in a contract client, refer to how the contract
+// verifies the transaction signature.
+func NewLocalActor(c actor.RPCActor, alphabet *AlphabetWallets, regularWallets ...*RegularWallets) (*LocalActor, error) {
 	var act *actor.Actor
 	var accounts []*wallet.Account
-	if walletDir == "" {
-		account, err := wallet.NewAccount()
-		commonCmd.ExitOnErr(cmd, "unable to create dummy account: %w", err)
-		act, err = actor.New(c, []actor.SignerAccount{{
-			Signer: transaction.Signer{
-				Account: account.Contract.ScriptHash(),
-				Scopes:  transaction.Global,
-			},
-			Account: account,
-		}})
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		wallets, err := GetAlphabetWallets(viper.GetViper(), walletDir)
-		commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
+	var signers []actor.SignerAccount
 
-		for _, w := range wallets {
-			acc, err := GetWalletAccount(w, constants.CommitteeAccountName)
-			commonCmd.ExitOnErr(cmd, "can't find committee account: %w", err)
-			accounts = append(accounts, acc)
-		}
-		act, err = actor.New(c, []actor.SignerAccount{{
-			Signer: transaction.Signer{
-				Account: accounts[0].Contract.ScriptHash(),
-				Scopes:  transaction.Global,
-			},
-			Account: accounts[0],
-		}})
+	if alphabet != nil {
+		account, err := alphabet.GetAccount(viper.GetViper())
 		if err != nil {
 			return nil, err
 		}
+
+		accounts = append(accounts, account...)
+		signers = append(signers, actor.SignerAccount{
+			Signer: transaction.Signer{
+				Account: account[0].Contract.ScriptHash(),
+				Scopes:  transaction.Global,
+			},
+			Account: account[0],
+		})
+	}
+
+	for _, w := range regularWallets {
+		if w == nil {
+			continue
+		}
+		account, err := w.GetAccount()
+		if err != nil {
+			return nil, err
+		}
+
+		accounts = append(accounts, account...)
+		signers = append(signers, actor.SignerAccount{
+			Signer: transaction.Signer{
+				Account: account[0].Contract.ScriptHash(),
+				Scopes:  transaction.Global,
+			},
+			Account: account[0],
+		})
+	}
+
+	act, err := actor.New(c, signers)
+	if err != nil {
+		return nil, err
 	}
 	return &LocalActor{
 		neoActor:   act,

cmd/frostfs-adm/internal/modules/morph/helper/contract.go

@@ -82,7 +82,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 			h, found, err = getFrostfsIDAdminFromContract(c.ReadOnlyInvoker)
 		}
 		if method != constants.UpdateMethodName || err == nil && !found {
-			h, found, err = GetFrostfsIDAdmin(viper.GetViper())
+			h, found, err = getFrostfsIDAdmin(viper.GetViper())
 		}
 		if err != nil {
 			return nil, err

cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go

@@ -11,7 +11,7 @@ import (
 
 const frostfsIDAdminConfigKey = "frostfsid.admin"
 
-func GetFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
+func getFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
 	admin := v.GetString(frostfsIDAdminConfigKey)
 	if admin == "" {
 		return util.Uint160{}, false, nil

cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go

@@ -0,0 +1,53 @@
+package helper
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFrostfsIDConfig(t *testing.T) {
+	pks := make([]*keys.PrivateKey, 4)
+	for i := range pks {
+		pk, err := keys.NewPrivateKey()
+		require.NoError(t, err)
+		pks[i] = pk
+	}
+
+	fmts := []string{
+		pks[0].GetScriptHash().StringLE(),
+		address.Uint160ToString(pks[1].GetScriptHash()),
+		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
+		hex.EncodeToString(pks[3].PublicKey().Bytes()),
+	}
+
+	for i := range fmts {
+		v := viper.New()
+		v.Set("frostfsid.admin", fmts[i])
+
+		actual, found, err := getFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.True(t, found)
+		require.Equal(t, pks[i].GetScriptHash(), actual)
+	}
+
+	t.Run("bad key", func(t *testing.T) {
+		v := viper.New()
+		v.Set("frostfsid.admin", "abc")
+
+		_, found, err := getFrostfsIDAdmin(v)
+		require.Error(t, err)
+		require.True(t, found)
+	})
+	t.Run("missing key", func(t *testing.T) {
+		v := viper.New()
+
+		_, found, err := getFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.False(t, found)
+	})
+}

cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go

@@ -134,12 +134,12 @@ func NewInitializeContext(cmd *cobra.Command, v *viper.Viper) (*InitializeContex
 		return nil, err
 	}
 
-	accounts, err := createWalletAccounts(wallets)
+	accounts, err := getSingleAccounts(wallets)
 	if err != nil {
 		return nil, err
 	}
 
-	cliCtx, err := DefaultClientContext(c, committeeAcc)
+	cliCtx, err := defaultClientContext(c, committeeAcc)
 	if err != nil {
 		return nil, fmt.Errorf("client context: %w", err)
 	}
@@ -191,7 +191,7 @@ func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet)
 		}
 		c, err = NewLocalClient(cmd, v, wallets, ldf.Value.String())
 	} else {
-		c, err = GetN3Client(v)
+		c, err = NewRemoteClient(v)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't create N3 client: %w", err)
@@ -211,7 +211,7 @@ func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
 	return ctrPath, nil
 }
 
-func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+func getSingleAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
 	accounts := make([]*wallet.Account, len(wallets))
 	for i, w := range wallets {
 		acc, err := GetWalletAccount(w, constants.SingleAccountName)

cmd/frostfs-adm/internal/modules/morph/helper/local_client.go

@@ -8,6 +8,7 @@ import (
 	"sort"
 	"time"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/config"
@@ -47,7 +48,7 @@ type LocalClient struct {
 }
 
 func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet, dumpPath string) (*LocalClient, error) {
-	cfg, err := config.LoadFile(v.GetString(constants.ProtoConfigPath))
+	cfg, err := config.LoadFile(v.GetString(commonflags.ProtoConfigPath))
 	if err != nil {
 		return nil, err
 	}
@@ -57,17 +58,59 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		return nil, err
 	}
 
-	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ProtocolConfiguration.ValidatorsCount))
-	accounts := make([]*wallet.Account, len(wallets))
-	for i := range accounts {
-		accounts[i], err = GetWalletAccount(wallets[i], constants.ConsensusAccountName)
-		if err != nil {
-			return nil, err
+	go bc.Run()
+
+	accounts, err := getBlockSigningAccounts(cfg.ProtocolConfiguration, wallets)
+	if err != nil {
+		return nil, err
+	}
+
+	if cmd.Name() != "init" {
+		if err := restoreDump(bc, dumpPath); err != nil {
+			return nil, fmt.Errorf("restore dump: %w", err)
 		}
 	}
 
+	return &LocalClient{
+		bc:       bc,
+		dumpPath: dumpPath,
+		accounts: accounts,
+	}, nil
+}
+
+func restoreDump(bc *core.Blockchain, dumpPath string) error {
+	f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
+	if err != nil {
+		return fmt.Errorf("can't open local dump: %w", err)
+	}
+	defer f.Close()
+
+	r := io.NewBinReaderFromIO(f)
+
+	var skip uint32
+	if bc.BlockHeight() != 0 {
+		skip = bc.BlockHeight() + 1
+	}
+
+	count := r.ReadU32LE() - skip
+	if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+	accounts := make([]*wallet.Account, len(wallets))
+	for i := range accounts {
+		acc, err := GetWalletAccount(wallets[i], constants.ConsensusAccountName)
+		if err != nil {
+			return nil, err
+		}
+		accounts[i] = acc
+	}
+
 	indexMap := make(map[string]int)
-	for i, pub := range cfg.ProtocolConfiguration.StandbyCommittee {
+	for i, pub := range cfg.StandbyCommittee {
 		indexMap[pub] = i
 	}
 
@@ -76,37 +119,12 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		pj := accounts[j].PrivateKey().PublicKey().Bytes()
 		return indexMap[string(pi)] < indexMap[string(pj)]
 	})
-	sort.Slice(accounts[:cfg.ProtocolConfiguration.ValidatorsCount], func(i, j int) bool {
+	sort.Slice(accounts[:cfg.ValidatorsCount], func(i, j int) bool {
 		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
 	})
 
-	go bc.Run()
-
-	if cmd.Name() != "init" {
-		f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
-		if err != nil {
-			return nil, fmt.Errorf("can't open local dump: %w", err)
-		}
-		defer f.Close()
-
-		r := io.NewBinReaderFromIO(f)
-
-		var skip uint32
-		if bc.BlockHeight() != 0 {
-			skip = bc.BlockHeight() + 1
-		}
-
-		count := r.ReadU32LE() - skip
-		if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
-			return nil, fmt.Errorf("can't restore local dump: %w", err)
-		}
-	}
-
-	return &LocalClient{
-		bc:       bc,
-		dumpPath: dumpPath,
-		accounts: accounts[:m],
-	}, nil
+	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ValidatorsCount))
+	return accounts[:m], nil
 }
 
 func (l *LocalClient) GetBlockCount() (uint32, error) {
@@ -127,11 +145,6 @@ func (l *LocalClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*resul
 	return &a, nil
 }
 
-func (l *LocalClient) GetCommittee() (keys.PublicKeys, error) {
-	// not used by `morph init` command
-	panic("unexpected call")
-}
-
 // InvokeFunction is implemented via `InvokeScript`.
 func (l *LocalClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error
@@ -295,13 +308,7 @@ func (l *LocalClient) InvokeScript(script []byte, signers []transaction.Signer)
 }
 
 func (l *LocalClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
-	// We need to test that transaction was formed correctly to catch as many errors as we can.
-	bs := tx.Bytes()
-	_, err := transaction.NewTransactionFromBytes(bs)
-	if err != nil {
-		return tx.Hash(), fmt.Errorf("invalid transaction: %w", err)
-	}
-
+	tx = tx.Copy()
 	l.transactions = append(l.transactions, tx)
 	return tx.Hash(), nil
 }

cmd/frostfs-adm/internal/modules/morph/helper/n3client.go

@@ -10,7 +10,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
@@ -25,15 +24,10 @@ import (
 // Client represents N3 client interface capable of test-invoking scripts
 // and sending signed transactions to chain.
 type Client interface {
-	invoker.RPCInvoke
+	actor.RPCActor
 
-	GetBlockCount() (uint32, error)
 	GetNativeContracts() ([]state.Contract, error)
 	GetApplicationLog(util.Uint256, *trigger.Type) (*result.ApplicationLog, error)
-	GetVersion() (*result.Version, error)
-	SendRawTransaction(*transaction.Transaction) (util.Uint256, error)
-	GetCommittee() (keys.PublicKeys, error)
-	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 }
 
 type HashVUBPair struct {
@@ -48,7 +42,7 @@ type ClientContext struct {
 	SentTxs         []HashVUBPair
 }
 
-func GetN3Client(v *viper.Viper) (Client, error) {
+func NewRemoteClient(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
@@ -88,8 +82,14 @@ func GetN3Client(v *viper.Viper) (Client, error) {
 	return c, nil
 }
 
-func DefaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
-	commAct, err := NewActor(c, committeeAcc)
+func defaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
+	commAct, err := actor.New(c, []actor.SignerAccount{{
+		Signer: transaction.Signer{
+			Account: committeeAcc.Contract.ScriptHash(),
+			Scopes:  transaction.Global,
+		},
+		Account: committeeAcc,
+	}})
 	if err != nil {
 		return nil, err
 	}

cmd/frostfs-adm/internal/modules/morph/helper/netmap.go

@@ -3,6 +3,7 @@ package helper
 import (
 	"errors"
 	"fmt"
+	"slices"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
@@ -118,11 +119,8 @@ func MergeNetmapConfig(roInvoker *invoker.Invoker, md map[string]any) error {
 		return err
 	}
 	for k, v := range m {
-		for _, key := range NetmapConfigKeys {
-			if k == key {
-				md[k] = v
-				break
-			}
+		if slices.Contains(NetmapConfigKeys, k) {
+			md[k] = v
 		}
 	}
 	return nil

cmd/frostfs-adm/internal/modules/morph/helper/util.go

@@ -14,16 +14,36 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
+	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 )
 
+func getRegularWallet(walletPath string) (*wallet.Wallet, error) {
+	w, err := wallet.NewWalletFromFile(walletPath)
+	if err != nil {
+		return nil, err
+	}
+
+	password, err := input.ReadPassword("Enter password for wallet:")
+	if err != nil {
+		return nil, fmt.Errorf("can't fetch password: %w", err)
+	}
+
+	for i := range w.Accounts {
+		if err = w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
+			err = fmt.Errorf("can't unlock wallet: %w", err)
+			break
+		}
+	}
+
+	return w, err
+}
+
 func GetAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
 	wallets, err := openAlphabetWallets(v, walletDir)
 	if err != nil {
@@ -53,7 +73,7 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 			if errors.Is(err, os.ErrNotExist) {
 				err = nil
 			} else {
-				err = fmt.Errorf("can't open wallet: %w", err)
+				err = fmt.Errorf("can't open alphabet wallet: %w", err)
 			}
 			break
 		}
@@ -87,16 +107,6 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 	return wallets, nil
 }
 
-func NewActor(c actor.RPCActor, committeeAcc *wallet.Account) (*actor.Actor, error) {
-	return actor.New(c, []actor.SignerAccount{{
-		Signer: transaction.Signer{
-			Account: committeeAcc.Contract.ScriptHash(),
-			Scopes:  transaction.Global,
-		},
-		Account: committeeAcc,
-	}})
-}
-
 func ReadContract(ctrPath, ctrName string) (*ContractState, error) {
 	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
 	if err != nil {

cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go

@@ -62,7 +62,7 @@ func testInitialize(t *testing.T, committeeSize int) {
 	v := viper.GetViper()
 
 	require.NoError(t, generateTestData(testdataDir, committeeSize))
-	v.Set(constants.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
+	v.Set(commonflags.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
 
 	// Set to the path or remove the next statement to download from the network.
 	require.NoError(t, Cmd.Flags().Set(commonflags.ContractsInitFlag, contractsPath))

cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go

@@ -22,15 +22,14 @@ import (
 )
 
 const (
-	gasInitialTotalSupply = 30000000 * native.GASFactor
 	// initialAlphabetGASAmount represents the amount of GAS given to each alphabet node.
 	initialAlphabetGASAmount = 10_000 * native.GASFactor
 	// initialProxyGASAmount represents the amount of GAS given to a proxy contract.
 	initialProxyGASAmount = 50_000 * native.GASFactor
 )
 
-func initialCommitteeGASAmount(c *helper.InitializeContext) int64 {
-	return (gasInitialTotalSupply - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2
+func initialCommitteeGASAmount(c *helper.InitializeContext, initialGasDistribution int64) int64 {
+	return (initialGasDistribution - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2
 }
 
 func transferFunds(c *helper.InitializeContext) error {
@@ -42,6 +41,11 @@ func transferFunds(c *helper.InitializeContext) error {
 		return err
 	}
 
+	version, err := c.Client.GetVersion()
+	if err != nil {
+		return err
+	}
+
 	var transfers []transferTarget
 	for _, acc := range c.Accounts {
 		to := acc.Contract.ScriptHash()
@@ -59,7 +63,7 @@ func transferFunds(c *helper.InitializeContext) error {
 		transferTarget{
 			Token:   gas.Hash,
 			Address: c.CommitteeAcc.Contract.ScriptHash(),
-			Amount:  initialCommitteeGASAmount(c),
+			Amount:  initialCommitteeGASAmount(c, int64(version.Protocol.InitialGasDistribution)),
 		},
 		transferTarget{
 			Token:   neo.Hash,
@@ -83,16 +87,23 @@ func transferFunds(c *helper.InitializeContext) error {
 // transferFundsFinished checks balances of accounts we transfer GAS to.
 // The stage is considered finished if the balance is greater than the half of what we need to transfer.
 func transferFundsFinished(c *helper.InitializeContext) (bool, error) {
-	acc := c.Accounts[0]
-
 	r := nep17.NewReader(c.ReadOnlyInvoker, gas.Hash)
-	res, err := r.BalanceOf(acc.Contract.ScriptHash())
-	if err != nil || res.Cmp(big.NewInt(initialAlphabetGASAmount/2)) != 1 {
+	res, err := r.BalanceOf(c.ConsensusAcc.ScriptHash())
+	if err != nil {
+		return false, err
+	}
+
+	version, err := c.Client.GetVersion()
+	if err != nil || res.Cmp(big.NewInt(int64(version.Protocol.InitialGasDistribution))) != -1 {
 		return false, err
 	}
 
 	res, err = r.BalanceOf(c.CommitteeAcc.ScriptHash())
-	return res != nil && res.Cmp(big.NewInt(initialCommitteeGASAmount(c)/2)) == 1, err
+	if err != nil {
+		return false, err
+	}
+
+	return res != nil && res.Cmp(big.NewInt(initialCommitteeGASAmount(c, int64(version.Protocol.InitialGasDistribution)))) == 1, err
 }
 
 func transferGASToProxy(c *helper.InitializeContext) error {

cmd/frostfs-adm/internal/modules/morph/initialize/root.go

@@ -2,7 +2,6 @@ package initialize
 
 import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -32,7 +31,7 @@ var Cmd = &cobra.Command{
 		_ = viper.BindPFlag(commonflags.ContainerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.ContainerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.WithdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
-		_ = viper.BindPFlag(constants.ProtoConfigPath, cmd.Flags().Lookup(constants.ProtoConfigPath))
+		_ = viper.BindPFlag(commonflags.ProtoConfigPath, cmd.Flags().Lookup(commonflags.ProtoConfigPath))
 	},
 	RunE: initializeSideChainCmd,
 }
@@ -48,7 +47,7 @@ func initInitCmd() {
 	// Defaults are taken from neo-preodolenie.
 	Cmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
 	Cmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
-	Cmd.Flags().String(constants.ProtoConfigPath, "", "Path to the consensus node configuration")
+	Cmd.Flags().String(commonflags.ProtoConfigPath, "", "Path to the consensus node configuration")
 	Cmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
 	Cmd.MarkFlagsMutuallyExclusive(commonflags.ContractsInitFlag, commonflags.ContractsURLFlag)
 }

cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go

@@ -13,7 +13,7 @@ import (
 )
 
 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 
 	inv := invoker.New(c, nil)

cmd/frostfs-adm/internal/modules/morph/netmap/root.go

@@ -12,7 +12,6 @@ var (
 		Short: "List netmap candidates nodes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: listNetmapCandidatesNodes,
 	}

cmd/frostfs-adm/internal/modules/morph/nns/domains.go

@@ -6,7 +6,9 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )
 
 func initRegisterCmd() {
@@ -19,12 +21,13 @@ func initRegisterCmd() {
 	registerCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal, "SOA record RETRY parameter")
 	registerCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime), "SOA record EXPIRE parameter")
 	registerCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal, "SOA record TTL parameter")
+	registerCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 
 	_ = cobra.MarkFlagRequired(registerCmd.Flags(), nnsNameFlag)
 }
 
 func registerDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)
@@ -48,12 +51,13 @@ func initDeleteCmd() {
 	deleteCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	deleteCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	deleteCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	deleteCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 
 	_ = cobra.MarkFlagRequired(deleteCmd.Flags(), nnsNameFlag)
 }
 
 func deleteDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.DeleteDomain(name)
@@ -62,3 +66,28 @@ func deleteDomain(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "delete domain error: %w", err)
 	cmd.Println("Domain deleted successfully")
 }
+
+func initSetAdminCmd() {
+	Cmd.AddCommand(setAdminCmd)
+	setAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	setAdminCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	setAdminCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	setAdminCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
+	setAdminCmd.Flags().String(commonflags.AdminWalletPath, "", commonflags.AdminWalletUsage)
+	_ = setAdminCmd.MarkFlagRequired(commonflags.AdminWalletPath)
+
+	_ = cobra.MarkFlagRequired(setAdminCmd.Flags(), nnsNameFlag)
+}
+
+func setAdmin(cmd *cobra.Command, _ []string) {
+	c, actor := nnsWriter(cmd)
+
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	w, err := wallet.NewWalletFromFile(viper.GetString(commonflags.AdminWalletPath))
+	commonCmd.ExitOnErr(cmd, "can't get admin wallet: %w", err)
+	h, vub, err := c.SetAdmin(name, w.GetAccount(w.GetChangeAddress()).ScriptHash())
+
+	_, err = actor.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "Set admin error: %w", err)
+	cmd.Println("Set admin successfully")
+}

cmd/frostfs-adm/internal/modules/morph/nns/helper.go

@@ -1,25 +1,67 @@
 package nns
 
 import (
+	"errors"
+
 	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
-func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, util.Uint160) {
+func nnsWriter(cmd *cobra.Command) (*client.Contract, *helper.LocalActor) {
 	v := viper.GetViper()
-	c, err := helper.GetN3Client(v)
+	c, err := helper.NewRemoteClient(v)
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
-	ac, err := helper.NewLocalActor(cmd, c)
+	alphabetWalletPath := config.ResolveHomePath(v.GetString(commonflags.AlphabetWalletsFlag))
+	walletPath := config.ResolveHomePath(v.GetString(commonflags.WalletPath))
+	adminWalletPath := config.ResolveHomePath(v.GetString(commonflags.AdminWalletPath))
+
+	var (
+		alphabet       *helper.AlphabetWallets
+		regularWallets []*helper.RegularWallets
+	)
+
+	if alphabetWalletPath != "" {
+		alphabet = &helper.AlphabetWallets{Path: alphabetWalletPath, Label: constants.ConsensusAccountName}
+	}
+
+	if walletPath != "" {
+		regularWallets = append(regularWallets, &helper.RegularWallets{Path: walletPath})
+	}
+
+	if adminWalletPath != "" {
+		regularWallets = append(regularWallets, &helper.RegularWallets{Path: adminWalletPath})
+	}
+
+	if alphabet == nil && regularWallets == nil {
+		commonCmd.ExitOnErr(cmd, "", errors.New("no wallets provided"))
+	}
+
+	ac, err := helper.NewLocalActor(c, alphabet, regularWallets...)
 	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
 
 	r := management.NewReader(ac.Invoker)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-	return client.New(ac, nnsCs.Hash), ac, nnsCs.Hash
+	return client.New(ac, nnsCs.Hash), ac
+}
+
+func nnsReader(cmd *cobra.Command) (*client.ContractReader, *invoker.Invoker) {
+	c, err := helper.NewRemoteClient(viper.GetViper())
+	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
+
+	inv := invoker.New(c, nil)
+	r := management.NewReader(inv)
+	nnsCs, err := helper.GetContractByID(r, 1)
+	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
+
+	return client.NewReader(inv, nnsCs.Hash), inv
 }

cmd/frostfs-adm/internal/modules/morph/nns/record.go

@@ -8,7 +8,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 )
@@ -20,6 +19,7 @@ func initAddRecordCmd() {
 	addRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	addRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 	addRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
+	addRecordCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 
 	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsNameFlag)
 	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsRecordTypeFlag)
@@ -29,7 +29,6 @@ func initAddRecordCmd() {
 func initGetRecordsCmd() {
 	Cmd.AddCommand(getRecordsCmd)
 	getRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	getRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	getRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	getRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 
@@ -42,6 +41,7 @@ func initDelRecordsCmd() {
 	delRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	delRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	delRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
+	delRecordsCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 
 	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsNameFlag)
 	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsRecordTypeFlag)
@@ -54,6 +54,7 @@ func initDelRecordCmd() {
 	delRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	delRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 	delRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
+	delRecordCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 
 	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsNameFlag)
 	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsRecordTypeFlag)
@@ -61,7 +62,7 @@ func initDelRecordCmd() {
 }
 
 func addRecord(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
@@ -77,16 +78,16 @@ func addRecord(cmd *cobra.Command, _ []string) {
 }
 
 func getRecords(cmd *cobra.Command, _ []string) {
-	c, act, hash := getRPCClient(cmd)
+	c, inv := nnsReader(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	if recordType == "" {
-		sid, r, err := unwrap.SessionIterator(act.Invoker.Call(hash, "getAllRecords", name))
+		sid, r, err := c.GetAllRecords(name)
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		defer func() {
-			_ = act.Invoker.TerminateSession(sid)
+			_ = inv.TerminateSession(sid)
 		}()
-		items, err := act.Invoker.TraverseIterator(sid, &r, 0)
+		items, err := inv.TraverseIterator(sid, &r, 0)
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		for len(items) != 0 {
 			for j := range items {
@@ -97,7 +98,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 					recordTypeToString(nns.RecordType(rs[1].Value().(*big.Int).Int64())),
 					string(bs))
 			}
-			items, err = act.Invoker.TraverseIterator(sid, &r, 0)
+			items, err = inv.TraverseIterator(sid, &r, 0)
 			commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		}
 	} else {
@@ -114,7 +115,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 }
 
 func delRecords(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	typ, err := getRecordType(recordType)
@@ -129,7 +130,7 @@ func delRecords(cmd *cobra.Command, _ []string) {
 }
 
 func delRecord(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)

cmd/frostfs-adm/internal/modules/morph/nns/renew.go

@@ -14,7 +14,7 @@ func initRenewCmd() {
 }
 
 func renewDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.Renew(name)
 	commonCmd.ExitOnErr(cmd, "unable to renew domain: %w", err)

cmd/frostfs-adm/internal/modules/morph/nns/root.go

@@ -39,6 +39,7 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: registerDomain,
 	}
@@ -48,6 +49,7 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: deleteDomain,
 	}
@@ -75,6 +77,7 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: addRecord,
 	}
@@ -92,6 +95,7 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: delRecords,
 	}
@@ -101,9 +105,21 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: delRecord,
 	}
+	setAdminCmd = &cobra.Command{
+		Use:   "set-admin",
+		Short: "Sets admin for domain",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
+			_ = viper.BindPFlag(commonflags.AdminWalletPath, cmd.Flags().Lookup(commonflags.AdminWalletPath))
+		},
+		Run: setAdmin,
+	}
 )
 
 func init() {
@@ -116,4 +132,5 @@ func init() {
 	initGetRecordsCmd()
 	initDelRecordsCmd()
 	initDelRecordCmd()
+	initSetAdminCmd()
 }

cmd/frostfs-adm/internal/modules/morph/nns/tokens.go

@@ -18,12 +18,11 @@ const (
 func initTokensCmd() {
 	Cmd.AddCommand(tokensCmd)
 	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	tokensCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	tokensCmd.Flags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, verboseDesc)
 }
 
 func listTokens(cmd *cobra.Command, _ []string) {
-	c, _, _ := getRPCClient(cmd)
+	c, _ := nnsReader(cmd)
 	it, err := c.Tokens()
 	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
 	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
@@ -41,7 +40,7 @@ func listTokens(cmd *cobra.Command, _ []string) {
 	}
 }
 
-func getCnameRecord(c *client.Contract, token []byte) (string, error) {
+func getCnameRecord(c *client.ContractReader, token []byte) (string, error) {
 	items, err := c.GetRecords(string(token), big.NewInt(int64(nns.CNAME)))
 
 	// GetRecords returns the error "not an array" if the domain does not contain records.

cmd/frostfs-adm/internal/modules/morph/nns/update.go

@@ -30,7 +30,7 @@ func initUpdateCmd() {
 }
 
 func updateSOA(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)

cmd/frostfs-adm/internal/modules/morph/notary/notary.go

@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"math/big"
-	"strconv"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
@@ -41,7 +40,8 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 	}
 
 	accHash := w.GetChangeAddress()
-	if addr, err := cmd.Flags().GetString(walletAccountFlag); err == nil {
+	addr, _ := cmd.Flags().GetString(walletAccountFlag)
+	if addr != "" {
 		accHash, err = address.StringToUint160(addr)
 		if err != nil {
 			return fmt.Errorf("invalid address: %s", addr)
@@ -53,7 +53,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't find account for %s", accHash)
 	}
 
-	prompt := fmt.Sprintf("Enter password for %s >", address.Uint160ToString(accHash))
+	prompt := fmt.Sprintf("Enter password for %s > ", address.Uint160ToString(accHash))
 	pass, err := input.ReadPassword(prompt)
 	if err != nil {
 		return fmt.Errorf("can't get password: %v", err)
@@ -73,23 +73,16 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return err
 	}
 
-	till := int64(defaultNotaryDepositLifetime)
-	tillStr, err := cmd.Flags().GetString(notaryDepositTillFlag)
-	if err != nil {
-		return err
-	}
-	if tillStr != "" {
-		till, err = strconv.ParseInt(tillStr, 10, 64)
-		if err != nil || till <= 0 {
-			return errInvalidNotaryDepositLifetime
-		}
+	till, _ := cmd.Flags().GetInt64(notaryDepositTillFlag)
+	if till <= 0 {
+		return errInvalidNotaryDepositLifetime
 	}
 
 	return transferGas(cmd, acc, accHash, gasAmount, till)
 }
 
 func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160, gasAmount fixedn.Fixed8, till int64) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return err
 	}

cmd/frostfs-adm/internal/modules/morph/notary/root.go

@@ -20,7 +20,7 @@ func initDepositoryNotaryCmd() {
 	DepositCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
 	DepositCmd.Flags().String(walletAccountFlag, "", "Wallet account address")
 	DepositCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Amount of GAS to deposit")
-	DepositCmd.Flags().String(notaryDepositTillFlag, "", "Notary deposit duration in blocks")
+	DepositCmd.Flags().Int64(notaryDepositTillFlag, defaultNotaryDepositLifetime, "Notary deposit duration in blocks")
 }
 
 func init() {

cmd/frostfs-adm/internal/modules/morph/policy/policy.go

@@ -62,7 +62,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 }
 
 func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client:", err)
 
 	inv := invoker.New(c, nil)
@@ -80,9 +80,9 @@ func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
 	buf := bytes.NewBuffer(nil)
 	tw := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)
 
-	_, _ = tw.Write([]byte(fmt.Sprintf("Execution Fee Factor:\t%d (int)\n", execFee)))
-	_, _ = tw.Write([]byte(fmt.Sprintf("Fee Per Byte:\t%d (int)\n", feePerByte)))
-	_, _ = tw.Write([]byte(fmt.Sprintf("Storage Price:\t%d (int)\n", storagePrice)))
+	_, _ = tw.Write(fmt.Appendf(nil, "Execution Fee Factor:\t%d (int)\n", execFee))
+	_, _ = tw.Write(fmt.Appendf(nil, "Fee Per Byte:\t%d (int)\n", feePerByte))
+	_, _ = tw.Write(fmt.Appendf(nil, "Storage Price:\t%d (int)\n", storagePrice))
 
 	_ = tw.Flush()
 	cmd.Print(buf.String())

cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go

@@ -20,23 +20,32 @@ const (
 	accountAddressFlag = "account"
 )
 
+func parseAddresses(cmd *cobra.Command) []util.Uint160 {
+	var addrs []util.Uint160
+
+	accs, _ := cmd.Flags().GetStringArray(accountAddressFlag)
+	for _, acc := range accs {
+		addr, err := address.StringToUint160(acc)
+		commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
+
+		addrs = append(addrs, addr)
+	}
+	return addrs
+}
+
 func addProxyAccount(cmd *cobra.Command, _ []string) {
-	acc, _ := cmd.Flags().GetString(accountAddressFlag)
-	addr, err := address.StringToUint160(acc)
-	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
-	err = processAccount(cmd, addr, "addAccount")
+	addrs := parseAddresses(cmd)
+	err := processAccount(cmd, addrs, "addAccount")
 	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
 }
 
 func removeProxyAccount(cmd *cobra.Command, _ []string) {
-	acc, _ := cmd.Flags().GetString(accountAddressFlag)
-	addr, err := address.StringToUint160(acc)
-	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
-	err = processAccount(cmd, addr, "removeAccount")
+	addrs := parseAddresses(cmd)
+	err := processAccount(cmd, addrs, "removeAccount")
 	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
 }
 
-func processAccount(cmd *cobra.Command, addr util.Uint160, method string) error {
+func processAccount(cmd *cobra.Command, addrs []util.Uint160, method string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't initialize context: %w", err)
@@ -54,7 +63,9 @@ func processAccount(cmd *cobra.Command, addr util.Uint160, method string) error
 	}
 
 	bw := io.NewBufBinWriter()
-	emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)
+	for _, addr := range addrs {
+		emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)
+	}
 
 	if err := wCtx.SendConsensusTx(bw.Bytes()); err != nil {
 		return err

cmd/frostfs-adm/internal/modules/morph/proxy/root.go

@@ -29,13 +29,15 @@ var (
 
 func initProxyAddAccount() {
 	AddAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	AddAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
+	AddAccountCmd.Flags().StringArray(accountAddressFlag, nil, "Wallet address string")
+	_ = AddAccountCmd.MarkFlagRequired(accountAddressFlag)
 	AddAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initProxyRemoveAccount() {
 	RemoveAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	RemoveAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
+	RemoveAccountCmd.Flags().StringArray(accountAddressFlag, nil, "Wallet address string")
+	_ = AddAccountCmd.MarkFlagRequired(accountAddressFlag)
 	RemoveAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 

cmd/frostfs-adm/internal/modules/root.go

@@ -7,7 +7,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/metabase"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/storagecfg"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/autocomplete"
 	utilConfig "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/config"
@@ -41,7 +40,6 @@ func init() {
 
 	rootCmd.AddCommand(config.RootCmd)
 	rootCmd.AddCommand(morph.RootCmd)
-	rootCmd.AddCommand(storagecfg.RootCmd)
 	rootCmd.AddCommand(metabase.RootCmd)
 
 	rootCmd.AddCommand(autocomplete.Command("frostfs-adm"))

cmd/frostfs-adm/internal/modules/storagecfg/config.go

@@ -1,137 +0,0 @@
-package storagecfg
-
-const configTemplate = `logger:
-  level: info  # logger level: one of "debug", "info" (default), "warn", "error", "dpanic", "panic", "fatal"
-
-node:
-  wallet:
-    path: {{ .Wallet.Path }}  # path to a NEO wallet; ignored if key is presented
-    address: {{ .Wallet.Account }}  # address of a NEO account in the wallet; ignored if key is presented
-    password: {{ .Wallet.Password }}  # password for a NEO account in the wallet; ignored if key is presented
-  addresses:  # list of addresses announced by Storage node in the Network map
-    - {{ .AnnouncedAddress }}
-  attribute_0: UN-LOCODE:{{ .Attribute.Locode }}
-  relay: {{ .Relay }}  # start Storage node in relay mode without bootstrapping into the Network map
-
-grpc:
-  num: 1  # total number of listener endpoints
-  0:
-    endpoint: {{ .Endpoint }}  # endpoint for gRPC server
-    tls:{{if .TLSCert}}
-      enabled: true  # enable TLS for a gRPC connection (min version is TLS 1.2)
-      certificate: {{ .TLSCert }}  # path to TLS certificate
-      key: {{ .TLSKey }}  # path to TLS key
-    {{- else }}
-      enabled: false # disable TLS for a gRPC connection
-    {{- end}}
-
-control:
-  authorized_keys:  # list of hex-encoded public keys that have rights to use the Control Service
-    {{- range .AuthorizedKeys }}
-    - {{.}}{{end}}
-  grpc:
-    endpoint: {{.ControlEndpoint}}  # endpoint that is listened by the Control Service
-
-morph:
-  dial_timeout: 20s  # timeout for side chain NEO RPC client connection
-  cache_ttl: 15s  # use TTL cache for side chain GET operations
-  rpc_endpoint:  # side chain N3 RPC endpoints
-    {{- range .MorphRPC }}
-    - address: wss://{{.}}/ws{{end}}
-{{if not .Relay }}
-storage:
-  shard_pool_size: 15  # size of per-shard worker pools used for PUT operations
-
-  shard:
-    default: # section with the default shard parameters
-      metabase:
-        perm: 0644  # permissions for metabase files(directories: +x for current user and group)
-
-      blobstor:
-        perm: 0644  # permissions for blobstor files(directories: +x for current user and group)
-        depth: 2  # max depth of object tree storage in FS
-        small_object_size: 102400  # 100KiB, size threshold for "small" objects which are stored in key-value DB, not in FS, bytes
-        compress: true  # turn on/off Zstandard compression (level 3) of stored objects
-        compression_exclude_content_types:
-          - audio/*
-          - video/*
-
-        blobovnicza:
-          size: 1073741824  # approximate size limit of single blobovnicza instance, total size will be: size*width^(depth+1), bytes
-          depth: 1  # max depth of object tree storage in key-value DB
-          width: 4   # max width of object tree storage in key-value DB
-          opened_cache_capacity: 50  # maximum number of opened database files
-          opened_cache_ttl: 5m  # ttl for opened database file
-          opened_cache_exp_interval: 15s  # cache cleanup interval for expired blobovnicza's
-
-      gc:
-        remover_batch_size: 200  # number of objects to be removed by the garbage collector
-        remover_sleep_interval: 5m  # frequency of the garbage collector invocation
-    0:
-      mode: "read-write"  # mode of the shard, must be one of the: "read-write" (default), "read-only"
-
-      metabase:
-        path: {{ .MetabasePath }}  # path to the metabase
-
-      blobstor:
-        path: {{ .BlobstorPath }}  # path to the blobstor
-{{end}}`
-
-const (
-	neofsMainnetAddress   = "2cafa46838e8b564468ebd868dcafdd99dce6221"
-	balanceMainnetAddress = "dc1ec98d9d0c5f9dfade16144defe08cffc5ca55"
-	neofsTestnetAddress   = "b65d8243ac63983206d17e5221af0653a7266fa1"
-	balanceTestnetAddress = "e0420c216003747626670d1424569c17c79015bf"
-)
-
-var n3config = map[string]struct {
-	MorphRPC        []string
-	RPC             []string
-	NeoFSContract   string
-	BalanceContract string
-}{
-	"testnet": {
-		MorphRPC: []string{
-			"rpc01.morph.testnet.fs.neo.org:51331",
-			"rpc02.morph.testnet.fs.neo.org:51331",
-			"rpc03.morph.testnet.fs.neo.org:51331",
-			"rpc04.morph.testnet.fs.neo.org:51331",
-			"rpc05.morph.testnet.fs.neo.org:51331",
-			"rpc06.morph.testnet.fs.neo.org:51331",
-			"rpc07.morph.testnet.fs.neo.org:51331",
-		},
-		RPC: []string{
-			"rpc01.testnet.n3.nspcc.ru:21331",
-			"rpc02.testnet.n3.nspcc.ru:21331",
-			"rpc03.testnet.n3.nspcc.ru:21331",
-			"rpc04.testnet.n3.nspcc.ru:21331",
-			"rpc05.testnet.n3.nspcc.ru:21331",
-			"rpc06.testnet.n3.nspcc.ru:21331",
-			"rpc07.testnet.n3.nspcc.ru:21331",
-		},
-		NeoFSContract:   neofsTestnetAddress,
-		BalanceContract: balanceTestnetAddress,
-	},
-	"mainnet": {
-		MorphRPC: []string{
-			"rpc1.morph.fs.neo.org:40341",
-			"rpc2.morph.fs.neo.org:40341",
-			"rpc3.morph.fs.neo.org:40341",
-			"rpc4.morph.fs.neo.org:40341",
-			"rpc5.morph.fs.neo.org:40341",
-			"rpc6.morph.fs.neo.org:40341",
-			"rpc7.morph.fs.neo.org:40341",
-		},
-		RPC: []string{
-			"rpc1.n3.nspcc.ru:10331",
-			"rpc2.n3.nspcc.ru:10331",
-			"rpc3.n3.nspcc.ru:10331",
-			"rpc4.n3.nspcc.ru:10331",
-			"rpc5.n3.nspcc.ru:10331",
-			"rpc6.n3.nspcc.ru:10331",
-			"rpc7.n3.nspcc.ru:10331",
-		},
-		NeoFSContract:   neofsMainnetAddress,
-		BalanceContract: balanceMainnetAddress,
-	},
-}

cmd/frostfs-adm/internal/modules/storagecfg/root.go

@@ -1,433 +0,0 @@
-package storagecfg
-
-import (
-	"bytes"
-	"context"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"math/rand"
-	"net"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"text/template"
-	"time"
-
-	netutil "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
-	"github.com/chzyer/readline"
-	"github.com/nspcc-dev/neo-go/cli/flags"
-	"github.com/nspcc-dev/neo-go/cli/input"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/nep17"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/wallet"
-
-	"github.com/spf13/cobra"
-)
-
-const (
-	walletFlag  = "wallet"
-	accountFlag = "account"
-)
-
-const (
-	defaultControlEndpoint = "localhost:8090"
-	defaultDataEndpoint    = "localhost"
-)
-
-// RootCmd is a root command of config section.
-var RootCmd = &cobra.Command{
-	Use:   "storage-config [-w wallet] [-a acccount] [<path-to-config>]",
-	Short: "Section for storage node configuration commands",
-	Run:   storageConfig,
-}
-
-func init() {
-	fs := RootCmd.Flags()
-
-	fs.StringP(walletFlag, "w", "", "Path to wallet")
-	fs.StringP(accountFlag, "a", "", "Wallet account")
-}
-
-type config struct {
-	AnnouncedAddress string
-	AuthorizedKeys   []string
-	ControlEndpoint  string
-	Endpoint         string
-	TLSCert          string
-	TLSKey           string
-	MorphRPC         []string
-	Attribute        struct {
-		Locode string
-	}
-	Wallet struct {
-		Path     string
-		Account  string
-		Password string
-	}
-	Relay        bool
-	BlobstorPath string
-	MetabasePath string
-}
-
-func storageConfig(cmd *cobra.Command, args []string) {
-	outPath := getOutputPath(args)
-
-	historyPath := filepath.Join(os.TempDir(), "frostfs-adm.history")
-	readline.SetHistoryPath(historyPath)
-
-	var c config
-
-	c.Wallet.Path, _ = cmd.Flags().GetString(walletFlag)
-	if c.Wallet.Path == "" {
-		c.Wallet.Path = getPath("Path to the storage node wallet: ")
-	}
-
-	w, err := wallet.NewWalletFromFile(c.Wallet.Path)
-	fatalOnErr(err)
-
-	fillWalletAccount(cmd, &c, w)
-
-	accH, err := flags.ParseAddress(c.Wallet.Account)
-	fatalOnErr(err)
-
-	acc := w.GetAccount(accH)
-	if acc == nil {
-		fatalOnErr(errors.New("can't find account in wallet"))
-	}
-
-	c.Wallet.Password, err = input.ReadPassword(fmt.Sprintf("Account password for %s: ", c.Wallet.Account))
-	fatalOnErr(err)
-
-	err = acc.Decrypt(c.Wallet.Password, keys.NEP2ScryptParams())
-	fatalOnErr(err)
-
-	c.AuthorizedKeys = append(c.AuthorizedKeys, hex.EncodeToString(acc.PrivateKey().PublicKey().Bytes()))
-
-	network := readNetwork(cmd)
-
-	c.MorphRPC = n3config[network].MorphRPC
-
-	depositGas(cmd, acc, network)
-
-	c.Attribute.Locode = getString("UN-LOCODE attribute in [XX YYY] format: ")
-
-	endpoint := getDefaultEndpoint(cmd, &c)
-	c.Endpoint = getString(fmt.Sprintf("Listening address [%s]: ", endpoint))
-	if c.Endpoint == "" {
-		c.Endpoint = endpoint
-	}
-
-	c.ControlEndpoint = getString(fmt.Sprintf("Listening address (control endpoint) [%s]: ", defaultControlEndpoint))
-	if c.ControlEndpoint == "" {
-		c.ControlEndpoint = defaultControlEndpoint
-	}
-
-	c.TLSCert = getPath("TLS Certificate (optional): ")
-	if c.TLSCert != "" {
-		c.TLSKey = getPath("TLS Key: ")
-	}
-
-	c.Relay = getConfirmation(false, "Use node as a relay? yes/[no]: ")
-	if !c.Relay {
-		p := getPath("Path to the storage directory (all available storage will be used): ")
-		c.BlobstorPath = filepath.Join(p, "blob")
-		c.MetabasePath = filepath.Join(p, "meta")
-	}
-
-	out := applyTemplate(c)
-	fatalOnErr(os.WriteFile(outPath, out, 0o644))
-
-	cmd.Println("Node is ready for work! Run `frostfs-node -config " + outPath + "`")
-}
-
-func getDefaultEndpoint(cmd *cobra.Command, c *config) string {
-	var addr, port string
-	for {
-		c.AnnouncedAddress = getString("Publicly announced address: ")
-		validator := netutil.Address{}
-		err := validator.FromString(c.AnnouncedAddress)
-		if err != nil {
-			cmd.Println("Incorrect address format. See https://git.frostfs.info/TrueCloudLab/frostfs-node/src/branch/master/pkg/network/address.go for details.")
-			continue
-		}
-		uriAddr, err := url.Parse(validator.URIAddr())
-		if err != nil {
-			panic(fmt.Errorf("unexpected error: %w", err))
-		}
-		addr = uriAddr.Hostname()
-		port = uriAddr.Port()
-		ip, err := net.ResolveIPAddr("ip", addr)
-		if err != nil {
-			cmd.Printf("Can't resolve IP address %s: %v\n", addr, err)
-			continue
-		}
-
-		if !ip.IP.IsGlobalUnicast() {
-			cmd.Println("IP must be global unicast.")
-			continue
-		}
-		cmd.Printf("Resolved IP address: %s\n", ip.String())
-
-		_, err = strconv.ParseUint(port, 10, 16)
-		if err != nil {
-			cmd.Println("Port must be an integer.")
-			continue
-		}
-
-		break
-	}
-	return net.JoinHostPort(defaultDataEndpoint, port)
-}
-
-func fillWalletAccount(cmd *cobra.Command, c *config, w *wallet.Wallet) {
-	c.Wallet.Account, _ = cmd.Flags().GetString(accountFlag)
-	if c.Wallet.Account == "" {
-		addr := address.Uint160ToString(w.GetChangeAddress())
-		c.Wallet.Account = getWalletAccount(w, fmt.Sprintf("Wallet account [%s]: ", addr))
-		if c.Wallet.Account == "" {
-			c.Wallet.Account = addr
-		}
-	}
-}
-
-func readNetwork(cmd *cobra.Command) string {
-	var network string
-	for {
-		network = getString("Choose network [mainnet]/testnet: ")
-		switch network {
-		case "":
-			network = "mainnet"
-		case "testnet", "mainnet":
-		default:
-			cmd.Println(`Network must be either "mainnet" or "testnet"`)
-			continue
-		}
-		break
-	}
-	return network
-}
-
-func getOutputPath(args []string) string {
-	if len(args) != 0 {
-		return args[0]
-	}
-	outPath := getPath("File to write config at [./config.yml]: ")
-	if outPath == "" {
-		outPath = "./config.yml"
-	}
-	return outPath
-}
-
-func getWalletAccount(w *wallet.Wallet, prompt string) string {
-	addrs := make([]readline.PrefixCompleterInterface, len(w.Accounts))
-	for i := range w.Accounts {
-		addrs[i] = readline.PcItem(w.Accounts[i].Address)
-	}
-
-	readline.SetAutoComplete(readline.NewPrefixCompleter(addrs...))
-	defer readline.SetAutoComplete(nil)
-
-	s, err := readline.Line(prompt)
-	fatalOnErr(err)
-	return strings.TrimSpace(s) // autocompleter can return a string with a trailing space
-}
-
-func getString(prompt string) string {
-	s, err := readline.Line(prompt)
-	fatalOnErr(err)
-	if s != "" {
-		_ = readline.AddHistory(s)
-	}
-	return s
-}
-
-type filenameCompleter struct{}
-
-func (filenameCompleter) Do(line []rune, pos int) (newLine [][]rune, length int) {
-	prefix := string(line[:pos])
-	dir := filepath.Dir(prefix)
-	de, err := os.ReadDir(dir)
-	if err != nil {
-		return nil, 0
-	}
-
-	for i := range de {
-		name := filepath.Join(dir, de[i].Name())
-		if strings.HasPrefix(name, prefix) {
-			tail := []rune(strings.TrimPrefix(name, prefix))
-			if de[i].IsDir() {
-				tail = append(tail, filepath.Separator)
-			}
-			newLine = append(newLine, tail)
-		}
-	}
-	if pos != 0 {
-		return newLine, pos - len([]rune(dir))
-	}
-	return newLine, 0
-}
-
-func getPath(prompt string) string {
-	readline.SetAutoComplete(filenameCompleter{})
-	defer readline.SetAutoComplete(nil)
-
-	p, err := readline.Line(prompt)
-	fatalOnErr(err)
-
-	if p == "" {
-		return p
-	}
-
-	_ = readline.AddHistory(p)
-
-	abs, err := filepath.Abs(p)
-	if err != nil {
-		fatalOnErr(fmt.Errorf("can't create an absolute path: %w", err))
-	}
-
-	return abs
-}
-
-func getConfirmation(def bool, prompt string) bool {
-	for {
-		s, err := readline.Line(prompt)
-		fatalOnErr(err)
-
-		switch strings.ToLower(s) {
-		case "y", "yes":
-			return true
-		case "n", "no":
-			return false
-		default:
-			if len(s) == 0 {
-				return def
-			}
-		}
-	}
-}
-
-func applyTemplate(c config) []byte {
-	tmpl, err := template.New("config").Parse(configTemplate)
-	fatalOnErr(err)
-
-	b := bytes.NewBuffer(nil)
-	fatalOnErr(tmpl.Execute(b, c))
-
-	return b.Bytes()
-}
-
-func fatalOnErr(err error) {
-	if err != nil {
-		_, _ = fmt.Fprintf(os.Stderr, "Error: %v\n", err)
-		os.Exit(1)
-	}
-}
-
-func depositGas(cmd *cobra.Command, acc *wallet.Account, network string) {
-	sideClient := initClient(n3config[network].MorphRPC)
-	balanceHash, _ := util.Uint160DecodeStringLE(n3config[network].BalanceContract)
-
-	sideActor, err := actor.NewSimple(sideClient, acc)
-	if err != nil {
-		fatalOnErr(fmt.Errorf("creating actor over side chain client: %w", err))
-	}
-
-	sideGas := nep17.NewReader(sideActor, balanceHash)
-	accSH := acc.Contract.ScriptHash()
-
-	balance, err := sideGas.BalanceOf(accSH)
-	if err != nil {
-		fatalOnErr(fmt.Errorf("side chain balance: %w", err))
-	}
-
-	ok := getConfirmation(false, fmt.Sprintf("Current NeoFS balance is %s, make a deposit? y/[n]: ",
-		fixedn.ToString(balance, 12)))
-	if !ok {
-		return
-	}
-
-	amountStr := getString("Enter amount in GAS: ")
-	amount, err := fixedn.FromString(amountStr, 8)
-	if err != nil {
-		fatalOnErr(fmt.Errorf("invalid amount: %w", err))
-	}
-
-	mainClient := initClient(n3config[network].RPC)
-	neofsHash, _ := util.Uint160DecodeStringLE(n3config[network].NeoFSContract)
-
-	mainActor, err := actor.NewSimple(mainClient, acc)
-	if err != nil {
-		fatalOnErr(fmt.Errorf("creating actor over main chain client: %w", err))
-	}
-
-	mainGas := nep17.New(mainActor, gas.Hash)
-
-	txHash, _, err := mainGas.Transfer(accSH, neofsHash, amount, nil)
-	if err != nil {
-		fatalOnErr(fmt.Errorf("sending TX to the NeoFS contract: %w", err))
-	}
-
-	cmd.Print("Waiting for transactions to persist.")
-	tick := time.NewTicker(time.Second / 2)
-	defer tick.Stop()
-
-	timer := time.NewTimer(time.Second * 20)
-	defer timer.Stop()
-
-	at := trigger.Application
-
-loop:
-	for {
-		select {
-		case <-tick.C:
-			_, err := mainClient.GetApplicationLog(txHash, &at)
-			if err == nil {
-				cmd.Print("\n")
-				break loop
-			}
-			cmd.Print(".")
-		case <-timer.C:
-			cmd.Printf("\nTimeout while waiting for transaction to persist.\n")
-			if getConfirmation(false, "Continue configuration? yes/[no]: ") {
-				return
-			}
-			os.Exit(1)
-		}
-	}
-}
-
-func initClient(rpc []string) *rpcclient.Client {
-	var c *rpcclient.Client
-	var err error
-
-	shuffled := make([]string, len(rpc))
-	copy(shuffled, rpc)
-	rand.Shuffle(len(shuffled), func(i, j int) { shuffled[i], shuffled[j] = shuffled[j], shuffled[i] })
-
-	for _, endpoint := range shuffled {
-		c, err = rpcclient.New(context.Background(), "https://"+endpoint, rpcclient.Options{
-			DialTimeout:    time.Second * 2,
-			RequestTimeout: time.Second * 5,
-		})
-		if err != nil {
-			continue
-		}
-		if err = c.Init(); err != nil {
-			continue
-		}
-		return c
-	}
-
-	fatalOnErr(fmt.Errorf("can't create N3 client: %w", err))
-	panic("unreachable")
-}

cmd/frostfs-cli/docs/sessions.md

@@ -72,4 +72,3 @@ All other `object` sub-commands support only static sessions (2).
 List of commands supporting sessions (static only):
 - `create`
 - `delete`
-- `set-eacl`

cmd/frostfs-cli/internal/client/client.go

@@ -9,8 +9,6 @@ import (
 	"io"
 	"os"
 	"slices"
-	"sort"
-	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/accounting"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
@@ -78,13 +76,29 @@ func ListContainers(ctx context.Context, prm ListContainersPrm) (res ListContain
 // SortedIDList returns sorted list of identifiers of user's containers.
 func (x ListContainersRes) SortedIDList() []cid.ID {
 	list := x.cliRes.Containers()
-	sort.Slice(list, func(i, j int) bool {
-		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
-		return strings.Compare(lhs, rhs) < 0
-	})
+	slices.SortFunc(list, cid.ID.Cmp)
 	return list
 }
 
+func ListContainersStream(ctx context.Context, prm ListContainersPrm, processCnr func(id cid.ID) bool) (err error) {
+	cliPrm := &client.PrmContainerListStream{
+		XHeaders: prm.XHeaders,
+		OwnerID:  prm.OwnerID,
+		Session:  prm.Session,
+	}
+	rdr, err := prm.cli.ContainerListInit(ctx, *cliPrm)
+	if err != nil {
+		return fmt.Errorf("init container list: %w", err)
+	}
+
+	err = rdr.Iterate(processCnr)
+	if err != nil {
+		return fmt.Errorf("read container list: %w", err)
+	}
+
+	return
+}
+
 // PutContainerPrm groups parameters of PutContainer operation.
 type PutContainerPrm struct {
 	Client       *client.Client
@@ -659,9 +673,7 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes
 
 	for {
 		n, ok = rdr.Read(buf)
-		for i := range n {
-			list = append(list, buf[i])
-		}
+		list = append(list, buf[:n]...)
 		if !ok {
 			break
 		}
@@ -672,10 +684,7 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes
 		return nil, fmt.Errorf("read object list: %w", err)
 	}
 
-	sort.Slice(list, func(i, j int) bool {
-		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
-		return strings.Compare(lhs, rhs) < 0
-	})
+	slices.SortFunc(list, oid.ID.Cmp)
 
 	return &SearchObjectsRes{
 		ids: list,

cmd/frostfs-cli/internal/client/sdk.go

@@ -56,7 +56,7 @@ func GetSDKClient(ctx context.Context, cmd *cobra.Command, key *ecdsa.PrivateKey
 	prmDial := client.PrmDial{
 		Endpoint: addr.URIAddr(),
 		GRPCDialOptions: []grpc.DialOption{
-			grpc.WithChainUnaryInterceptor(tracing.NewUnaryClientInteceptor()),
+			grpc.WithChainUnaryInterceptor(tracing.NewUnaryClientInterceptor()),
 			grpc.WithChainStreamInterceptor(tracing.NewStreamClientInterceptor()),
 			grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
 		},

cmd/frostfs-cli/internal/common/tracing.go

@@ -2,7 +2,7 @@ package common
 
 import (
 	"context"
-	"sort"
+	"slices"
 	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@@ -45,15 +45,11 @@ func StartClientCommandSpan(cmd *cobra.Command) {
 	})
 	commonCmd.ExitOnErr(cmd, "init tracing: %w", err)
 
-	var components sort.StringSlice
+	var components []string
 	for c := cmd; c != nil; c = c.Parent() {
 		components = append(components, c.Name())
 	}
-	for i, j := 0, len(components)-1; i < j; {
-		components.Swap(i, j)
-		i++
-		j--
-	}
+	slices.Reverse(components)
 
 	operation := strings.Join(components, ".")
 	ctx, span := tracing.StartSpanFromContext(cmd.Context(), operation)

cmd/frostfs-cli/internal/commonflags/flags.go

@@ -28,7 +28,7 @@ const (
 	RPC          = "rpc-endpoint"
 	RPCShorthand = "r"
 	RPCDefault   = ""
-	RPCUsage     = "Remote node address (as 'multiaddr' or '<host>:<port>')"
+	RPCUsage     = "Remote node address ('<host>:<port>' or 'grpcs://<host>:<port>')"
 
 	Timeout          = "timeout"
 	TimeoutShorthand = "t"

cmd/frostfs-cli/modules/ape_manager/add_chain.go

@@ -1,44 +1,19 @@
 package apemanager
 
 import (
-	"encoding/hex"
-	"errors"
+	"fmt"
 
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"github.com/spf13/cobra"
 )
 
-const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	ruleFlag       = "rule"
-	pathFlag       = "path"
-)
-
-const (
-	targetNameFlag = "target-name"
-	targetNameDesc = "Resource name in APE resource name format"
-	targetTypeFlag = "target-type"
-	targetTypeDesc = "Resource type(container/namespace)"
-)
-
-const (
-	namespaceTarget = "namespace"
-	containerTarget = "container"
-	userTarget      = "user"
-	groupTarget     = "group"
-)
-
-var errUnknownTargetType = errors.New("unknown target type")
-
 var addCmd = &cobra.Command{
 	Use:   "add",
 	Short: "Add rule chain for a target",
@@ -49,55 +24,28 @@ var addCmd = &cobra.Command{
 }
 
 func parseTarget(cmd *cobra.Command) (ct apeSDK.ChainTarget) {
-	typ, _ := cmd.Flags().GetString(targetTypeFlag)
-	name, _ := cmd.Flags().GetString(targetNameFlag)
+	t := apeCmd.ParseTarget(cmd)
 
-	ct.Name = name
+	ct.Name = t.Name
 
-	switch typ {
-	case namespaceTarget:
+	switch t.Type {
+	case engine.Namespace:
 		ct.TargetType = apeSDK.TargetTypeNamespace
-	case containerTarget:
-		var cnr cid.ID
-		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
+	case engine.Container:
 		ct.TargetType = apeSDK.TargetTypeContainer
-	case userTarget:
+	case engine.User:
 		ct.TargetType = apeSDK.TargetTypeUser
-	case groupTarget:
+	case engine.Group:
 		ct.TargetType = apeSDK.TargetTypeGroup
 	default:
-		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+		commonCmd.ExitOnErr(cmd, "conversion error: %w", fmt.Errorf("unknown type '%c'", t.Type))
 	}
 	return ct
 }
 
 func parseChain(cmd *cobra.Command) apeSDK.Chain {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-
-	chainIDRaw := []byte(chainID)
-
-	if hexEncoded {
-		var err error
-		chainIDRaw, err = hex.DecodeString(chainID)
-		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
-	}
-
-	chain := new(apechain.Chain)
-	chain.ID = apechain.ID(chainIDRaw)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", util.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errors.New("rule is not passed"))
-	}
-
-	cmd.Println("Parsed chain:")
-	util.PrintHumanReadableAPEChain(cmd, chain)
-
-	serialized := chain.Bytes()
+	c := apeCmd.ParseChain(cmd)
+	serialized := c.Bytes()
 	return apeSDK.Chain{
 		Raw: serialized,
 	}
@@ -126,13 +74,13 @@ func initAddCmd() {
 	commonflags.Init(addCmd)
 
 	ff := addCmd.Flags()
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = addCmd.MarkFlagRequired(targetTypeFlag)
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
+	ff.String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
+	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
 
-	addCmd.MarkFlagsMutuallyExclusive(pathFlag, ruleFlag)
+	addCmd.MarkFlagsMutuallyExclusive(apeCmd.PathFlag, apeCmd.RuleFlag)
 }

cmd/frostfs-cli/modules/ape_manager/list_chain.go

@@ -4,8 +4,8 @@ import (
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	apeutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
@@ -35,7 +35,7 @@ func list(cmd *cobra.Command, _ []string) {
 	for _, respChain := range resp.Chains {
 		var chain apechain.Chain
 		commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(respChain.Raw))
-		apeutil.PrintHumanReadableAPEChain(cmd, &chain)
+		apeCmd.PrintHumanReadableAPEChain(cmd, &chain)
 	}
 }
 
@@ -43,7 +43,7 @@ func initListCmd() {
 	commonflags.Init(listCmd)
 
 	ff := listCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = listCmd.MarkFlagRequired(targetTypeFlag)
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = listCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }

cmd/frostfs-cli/modules/ape_manager/remove_chain.go

@@ -1,29 +1,23 @@
 package apemanager
 
 import (
-	"encoding/hex"
-	"errors"
-
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 )
 
-var (
-	errEmptyChainID = errors.New("chain id cannot be empty")
-
-	removeCmd = &cobra.Command{
-		Use:   "remove",
-		Short: "Remove rule chain for a target",
-		Run:   remove,
-		PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-			commonflags.Bind(cmd)
-		},
-	}
-)
+var removeCmd = &cobra.Command{
+	Use:   "remove",
+	Short: "Remove rule chain for a target",
+	Run:   remove,
+	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
+		commonflags.Bind(cmd)
+	},
+}
 
 func remove(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
@@ -31,19 +25,9 @@ func remove(cmd *cobra.Command, _ []string) {
 	key := key.Get(cmd)
 	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
 
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w", errEmptyChainID)
-	}
+	chainID := apeCmd.ParseChainID(cmd)
 	chainIDRaw := []byte(chainID)
 
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-	if hexEncoded {
-		var err error
-		chainIDRaw, err = hex.DecodeString(chainID)
-		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
-	}
-
 	_, err := cli.APEManagerRemoveChain(cmd.Context(), client_sdk.PrmAPEManagerRemoveChain{
 		ChainTarget: target,
 		ChainID:     chainIDRaw,
@@ -58,9 +42,10 @@ func initRemoveCmd() {
 	commonflags.Init(removeCmd)
 
 	ff := removeCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeCmd.MarkFlagRequired(targetTypeFlag)
-	ff.String(chainIDFlag, "", "Chain id")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = removeCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	_ = removeCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
+	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
 }

cmd/frostfs-cli/modules/bearer/generate_override.go

@@ -1,31 +1,20 @@
 package bearer
 
 import (
-	"errors"
 	"fmt"
 	"os"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )
 
-var (
-	errChainIDCannotBeEmpty = errors.New("chain id cannot be empty")
-	errRuleIsNotParsed      = errors.New("rule is not passed")
-)
-
 const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	ruleFlag       = "rule"
-	pathFlag       = "path"
-	outputFlag     = "output"
+	outputFlag = "output"
 )
 
 var generateAPEOverrideCmd = &cobra.Command{
@@ -40,7 +29,7 @@ Generated APE override can be dumped to a file in JSON format that is passed to
 }
 
 func genereateAPEOverride(cmd *cobra.Command, _ []string) {
-	c := parseChain(cmd)
+	c := apeCmd.ParseChain(cmd)
 
 	targetCID, _ := cmd.Flags().GetString(commonflags.CIDFlag)
 	var cid cidSDK.ID
@@ -63,7 +52,7 @@ func genereateAPEOverride(cmd *cobra.Command, _ []string) {
 
 	outputPath, _ := cmd.Flags().GetString(outputFlag)
 	if outputPath != "" {
-		err := os.WriteFile(outputPath, []byte(overrideMarshalled), 0o644)
+		err := os.WriteFile(outputPath, overrideMarshalled, 0o644)
 		commonCmd.ExitOnErr(cmd, "dump error: %w", err)
 	} else {
 		fmt.Print("\n")
@@ -77,39 +66,11 @@ func init() {
 	ff.StringP(commonflags.CIDFlag, "", "", "Target container ID.")
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.CIDFlag)
 
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.StringArray(apeCmd.RuleFlag, []string{}, "Rule statement")
+	ff.String(apeCmd.PathFlag, "", "Path to encoded chain in JSON or binary format")
+	ff.String(apeCmd.ChainIDFlag, "", "Assign ID to the parsed chain")
+	ff.Bool(apeCmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 
 	ff.String(outputFlag, "", "Output path to dump result JSON-encoded APE override")
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), outputFlag)
 }
-
-func parseChainID(cmd *cobra.Command) apechain.ID {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
-			errChainIDCannotBeEmpty)
-	}
-	return apechain.ID(chainID)
-}
-
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chain := new(apechain.Chain)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errRuleIsNotParsed)
-	}
-
-	chain.ID = parseChainID(cmd)
-
-	cmd.Println("Parsed chain:")
-	parseutil.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}

cmd/frostfs-cli/modules/container/create.go

@@ -7,22 +7,20 @@ import (
 	"strings"
 	"time"
 
-	containerApi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	containerApi "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 
 var (
-	containerACL         string
 	containerPolicy      string
 	containerAttributes  []string
 	containerAwait       bool
@@ -89,9 +87,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
 		err = parseAttributes(&cnr, containerAttributes)
 		commonCmd.ExitOnErr(cmd, "", err)
 
-		var basicACL acl.Basic
-		commonCmd.ExitOnErr(cmd, "decode basic ACL string: %w", basicACL.DecodeString(containerACL))
-
 		tok := getSession(cmd)
 
 		if tok != nil {
@@ -105,7 +100,6 @@ It will be stored in sidechain when inner ring will accepts it.`,
 		}
 
 		cnr.SetPlacementPolicy(*placementPolicy)
-		cnr.SetBasicACL(basicACL)
 
 		var syncContainerPrm internalclient.SyncContainerPrm
 		syncContainerPrm.SetClient(cli)
@@ -163,10 +157,6 @@ func initContainerCreateCmd() {
 	flags.DurationP(commonflags.Timeout, commonflags.TimeoutShorthand, commonflags.TimeoutDefault, commonflags.TimeoutUsage)
 	flags.StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
 	flags.StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
-
-	flags.StringVar(&containerACL, "basic-acl", acl.NamePrivate, fmt.Sprintf("HEX encoded basic ACL value or keywords like '%s', '%s', '%s'",
-		acl.NamePublicRW, acl.NamePrivate, acl.NamePublicROExtended,
-	))
 	flags.StringVarP(&containerPolicy, "policy", "p", "", "QL-encoded or JSON-encoded placement policy or path to file with it")
 	flags.StringSliceVarP(&containerAttributes, "attributes", "a", nil, "Comma separated pairs of container attributes in form of Key1=Value1,Key2=Value2")
 	flags.BoolVar(&containerAwait, "await", false, "Block execution until container is persisted")

cmd/frostfs-cli/modules/container/list.go

@@ -6,8 +6,11 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 // flags of list command.
@@ -51,44 +54,60 @@ var listContainersCmd = &cobra.Command{
 
 		var prm internalclient.ListContainersPrm
 		prm.SetClient(cli)
-		prm.Account = idUser
-
-		res, err := internalclient.ListContainers(cmd.Context(), prm)
-		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
+		prm.OwnerID = idUser
 		prmGet := internalclient.GetContainerPrm{
 			Client: cli,
 		}
+		var containerIDs []cid.ID
+
+		err := internalclient.ListContainersStream(cmd.Context(), prm, func(id cid.ID) bool {
+			printContainer(cmd, prmGet, id)
+			return false
+		})
+		if err == nil {
+			return
+		}
+
+		if e, ok := status.FromError(err); ok && e.Code() == codes.Unimplemented {
+			res, err := internalclient.ListContainers(cmd.Context(), prm)
+			commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+			containerIDs = res.SortedIDList()
+		} else {
+			commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+		}
 
-		containerIDs := res.SortedIDList()
 		for _, cnrID := range containerIDs {
-			if flagVarListName == "" && !flagVarListPrintAttr {
-				cmd.Println(cnrID.String())
-				continue
-			}
-
-			prmGet.ClientParams.ContainerID = &cnrID
-			res, err := internalclient.GetContainer(cmd.Context(), prmGet)
-			if err != nil {
-				cmd.Printf("  failed to read attributes: %v\n", err)
-				continue
-			}
-
-			cnr := res.Container()
-			if cnrName := containerSDK.Name(cnr); flagVarListName != "" && cnrName != flagVarListName {
-				continue
-			}
-			cmd.Println(cnrID.String())
-
-			if flagVarListPrintAttr {
-				cnr.IterateUserAttributes(func(key, val string) {
-					cmd.Printf("  %s: %s\n", key, val)
-				})
-			}
+			printContainer(cmd, prmGet, cnrID)
 		}
 	},
 }
 
+func printContainer(cmd *cobra.Command, prmGet internalclient.GetContainerPrm, id cid.ID) {
+	if flagVarListName == "" && !flagVarListPrintAttr {
+		cmd.Println(id.String())
+		return
+	}
+
+	prmGet.ClientParams.ContainerID = &id
+	res, err := internalclient.GetContainer(cmd.Context(), prmGet)
+	if err != nil {
+		cmd.Printf("  failed to read attributes: %v\n", err)
+		return
+	}
+
+	cnr := res.Container()
+	if cnrName := containerSDK.Name(cnr); flagVarListName != "" && cnrName != flagVarListName {
+		return
+	}
+	cmd.Println(id.String())
+
+	if flagVarListPrintAttr {
+		cnr.IterateUserAttributes(func(key, val string) {
+			cmd.Printf("  %s: %s\n", key, val)
+		})
+	}
+}
+
 func initContainerListContainersCmd() {
 	commonflags.Init(listContainersCmd)
 

cmd/frostfs-cli/modules/container/policy_playground.go

@@ -1,11 +1,10 @@
 package container
 
 import (
-	"bufio"
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"fmt"
-	"io"
 	"os"
 	"strings"
 
@@ -14,6 +13,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"github.com/chzyer/readline"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -23,11 +23,11 @@ type policyPlaygroundREPL struct {
 	nodes map[string]netmap.NodeInfo
 }
 
-func newPolicyPlaygroundREPL(cmd *cobra.Command) (*policyPlaygroundREPL, error) {
+func newPolicyPlaygroundREPL(cmd *cobra.Command) *policyPlaygroundREPL {
 	return &policyPlaygroundREPL{
 		cmd:   cmd,
 		nodes: map[string]netmap.NodeInfo{},
-	}, nil
+	}
 }
 
 func (repl *policyPlaygroundREPL) handleLs(args []string) error {
@@ -163,6 +163,16 @@ func (repl *policyPlaygroundREPL) netMap() netmap.NetMap {
 	return nm
 }
 
+var policyPlaygroundCompleter = readline.NewPrefixCompleter(
+	readline.PcItem("list"),
+	readline.PcItem("ls"),
+	readline.PcItem("add"),
+	readline.PcItem("load"),
+	readline.PcItem("remove"),
+	readline.PcItem("rm"),
+	readline.PcItem("eval"),
+)
+
 func (repl *policyPlaygroundREPL) run() error {
 	if len(viper.GetString(commonflags.RPC)) > 0 {
 		key := key.GetOrGenerate(repl.cmd)
@@ -189,22 +199,38 @@ func (repl *policyPlaygroundREPL) run() error {
 		"rm":     repl.handleRemove,
 		"eval":   repl.handleEval,
 	}
-	for reader := bufio.NewReader(os.Stdin); ; {
-		fmt.Print("> ")
-		line, err := reader.ReadString('\n')
+
+	rl, err := readline.NewEx(&readline.Config{
+		Prompt:          "> ",
+		InterruptPrompt: "^C",
+		AutoComplete:    policyPlaygroundCompleter,
+	})
+	if err != nil {
+		return fmt.Errorf("error initializing readline: %w", err)
+	}
+	defer rl.Close()
+
+	var exit bool
+	for {
+		line, err := rl.Readline()
 		if err != nil {
-			if err == io.EOF {
-				return nil
+			if errors.Is(err, readline.ErrInterrupt) {
+				if exit {
+					return nil
+				}
+				exit = true
+				continue
 			}
-			return fmt.Errorf("reading line: %v", err)
+			return fmt.Errorf("reading line: %w", err)
 		}
+		exit = false
+
 		parts := strings.Fields(line)
 		if len(parts) == 0 {
 			continue
 		}
 		cmd := parts[0]
-		handler, exists := cmdHandlers[cmd]
-		if exists {
+		if handler, exists := cmdHandlers[cmd]; exists {
 			if err := handler(parts[1:]); err != nil {
 				fmt.Printf("error: %v\n", err)
 			}
@@ -220,8 +246,7 @@ var policyPlaygroundCmd = &cobra.Command{
 	Long: `A REPL for testing placement policies.
 If a wallet and endpoint is provided, the initial netmap data will be loaded from the snapshot of the node. Otherwise, an empty playground is created.`,
 	Run: func(cmd *cobra.Command, _ []string) {
-		repl, err := newPolicyPlaygroundREPL(cmd)
-		commonCmd.ExitOnErr(cmd, "could not create policy playground: %w", err)
+		repl := newPolicyPlaygroundREPL(cmd)
 		commonCmd.ExitOnErr(cmd, "policy playground failed: %w", repl.run())
 	},
 }

cmd/frostfs-cli/modules/control/add_rule.go

@@ -1,23 +1,14 @@
 package control
 
 import (
-	"encoding/hex"
-	"errors"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 
-const (
-	ruleFlag = "rule"
-	pathFlag = "path"
-)
-
 var addRuleCmd = &cobra.Command{
 	Use:   "add-rule",
 	Short: "Add local override",
@@ -31,41 +22,12 @@ control add-rule --endpoint ... -w ... --address ... --chain-id ChainID --cid ..
 	Run: addRule,
 }
 
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-
-	chainIDRaw := []byte(chainID)
-
-	if hexEncoded {
-		var err error
-		chainIDRaw, err = hex.DecodeString(chainID)
-		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
-	}
-
-	chain := new(apechain.Chain)
-	chain.ID = apechain.ID(chainIDRaw)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", util.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error", errors.New("rule is not passed"))
-	}
-
-	cmd.Println("Parsed chain:")
-	util.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}
-
 func addRule(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)
 
 	target := parseTarget(cmd)
 
-	parsed := parseChain(cmd)
+	parsed := apeCmd.ParseChain(cmd)
 
 	req := &control.AddChainLocalOverrideRequest{
 		Body: &control.AddChainLocalOverrideRequest_Body{
@@ -94,13 +56,13 @@ func initControlAddRuleCmd() {
 	initControlFlags(addRuleCmd)
 
 	ff := addRuleCmd.Flags()
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = addRuleCmd.MarkFlagRequired(targetTypeFlag)
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.StringArray(apeCmd.RuleFlag, []string{}, "Rule statement")
+	ff.String(apeCmd.PathFlag, "", "Path to encoded chain in JSON or binary format")
+	ff.String(apeCmd.ChainIDFlag, "", "Assign ID to the parsed chain")
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addRuleCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	ff.Bool(apeCmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 
-	addRuleCmd.MarkFlagsMutuallyExclusive(pathFlag, ruleFlag)
+	addRuleCmd.MarkFlagsMutuallyExclusive(apeCmd.PathFlag, apeCmd.RuleFlag)
 }

cmd/frostfs-cli/modules/control/detach_shards.go

@@ -1,10 +1,10 @@
 package control
 
 import (
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/doctor.go

@@ -1,10 +1,10 @@
 package control
 
 import (
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/drop_objects.go

@@ -1,10 +1,10 @@
 package control
 
 import (
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/evacuate_shard.go

@@ -1,56 +0,0 @@
-package control
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	"github.com/spf13/cobra"
-)
-
-const ignoreErrorsFlag = "no-errors"
-
-var evacuateShardCmd = &cobra.Command{
-	Use:        "evacuate",
-	Short:      "Evacuate objects from shard",
-	Long:       "Evacuate objects from shard to other shards",
-	Run:        evacuateShard,
-	Deprecated: "use frostfs-cli control shards evacuation start",
-}
-
-func evacuateShard(cmd *cobra.Command, _ []string) {
-	pk := key.Get(cmd)
-
-	req := &control.EvacuateShardRequest{Body: new(control.EvacuateShardRequest_Body)}
-	req.Body.Shard_ID = getShardIDList(cmd)
-	req.Body.IgnoreErrors, _ = cmd.Flags().GetBool(ignoreErrorsFlag)
-
-	signRequest(cmd, pk, req)
-
-	cli := getClient(cmd, pk)
-
-	var resp *control.EvacuateShardResponse
-	var err error
-	err = cli.ExecRaw(func(client *client.Client) error {
-		resp, err = control.EvacuateShard(client, req)
-		return err
-	})
-	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
-	cmd.Printf("Objects moved: %d\n", resp.GetBody().GetCount())
-
-	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
-
-	cmd.Println("Shard has successfully been evacuated.")
-}
-
-func initControlEvacuateShardCmd() {
-	initControlFlags(evacuateShardCmd)
-
-	flags := evacuateShardCmd.Flags()
-	flags.StringSlice(shardIDFlag, nil, "List of shard IDs in base58 encoding")
-	flags.Bool(shardAllFlag, false, "Process all shards")
-	flags.Bool(ignoreErrorsFlag, false, "Skip invalid/unreadable objects")
-
-	evacuateShardCmd.MarkFlagsMutuallyExclusive(shardIDFlag, shardAllFlag)
-}

cmd/frostfs-cli/modules/control/evacuation.go

@@ -7,20 +7,21 @@ import (
 	"sync/atomic"
 	"time"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/shard"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	clientSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 )
 
 const (
-	awaitFlag      = "await"
-	noProgressFlag = "no-progress"
-	scopeFlag      = "scope"
-	repOneOnlyFlag = "rep-one-only"
+	awaitFlag        = "await"
+	noProgressFlag   = "no-progress"
+	scopeFlag        = "scope"
+	repOneOnlyFlag   = "rep-one-only"
+	ignoreErrorsFlag = "no-errors"
 
 	containerWorkerCountFlag = "container-worker-count"
 	objectWorkerCountFlag    = "object-worker-count"

cmd/frostfs-cli/modules/control/flush_cache.go

@@ -1,10 +1,10 @@
 package control
 
 import (
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/get_rule.go

@@ -3,11 +3,11 @@ package control
 import (
 	"encoding/hex"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apecmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )
@@ -24,8 +24,8 @@ func getRule(cmd *cobra.Command, _ []string) {
 
 	target := parseTarget(cmd)
 
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
+	chainID, _ := cmd.Flags().GetString(apecmd.ChainIDFlag)
+	hexEncoded, _ := cmd.Flags().GetBool(apecmd.ChainIDHexFlag)
 
 	if hexEncoded {
 		chainIDBytes, err := hex.DecodeString(chainID)
@@ -56,16 +56,16 @@ func getRule(cmd *cobra.Command, _ []string) {
 
 	var chain apechain.Chain
 	commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(resp.GetBody().GetChain()))
-	util.PrintHumanReadableAPEChain(cmd, &chain)
+	apecmd.PrintHumanReadableAPEChain(cmd, &chain)
 }
 
 func initControGetRuleCmd() {
 	initControlFlags(getRuleCmd)
 
 	ff := getRuleCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = getRuleCmd.MarkFlagRequired(targetTypeFlag)
-	ff.String(chainIDFlag, "", "Chain id")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.String(apecmd.TargetNameFlag, "", apecmd.TargetNameFlagDesc)
+	ff.String(apecmd.TargetTypeFlag, "", apecmd.TargetTypeFlagDesc)
+	_ = getRuleCmd.MarkFlagRequired(apecmd.TargetTypeFlag)
+	ff.String(apecmd.ChainIDFlag, "", "Chain id")
+	ff.Bool(apecmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 }

cmd/frostfs-cli/modules/control/healthcheck.go

@@ -3,11 +3,11 @@ package control
 import (
 	"os"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/ir_healthcheck.go

@@ -3,12 +3,12 @@ package control
 import (
 	"os"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	ircontrol "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir"
 	ircontrolsrv "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir/server"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/ir_remove_container.go

@@ -1,13 +1,13 @@
 package control
 
 import (
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	ircontrol "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir"
 	ircontrolsrv "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir/server"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/refs"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"

cmd/frostfs-cli/modules/control/ir_remove_node.go

@@ -4,11 +4,11 @@ import (
 	"encoding/hex"
 	"errors"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	ircontrol "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir"
 	ircontrolsrv "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir/server"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/ir_tick_epoch.go

@@ -1,11 +1,11 @@
 package control
 
 import (
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	ircontrol "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir"
 	ircontrolsrv "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir/server"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 

cmd/frostfs-cli/modules/control/list_rules.go

@@ -1,18 +1,16 @@
 package control
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/cli/input"
+	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"github.com/spf13/cobra"
 )
 
@@ -23,65 +21,25 @@ var listRulesCmd = &cobra.Command{
 	Run:   listRules,
 }
 
-const (
-	defaultNamespace = "root"
-	namespaceTarget  = "namespace"
-	containerTarget  = "container"
-	userTarget       = "user"
-	groupTarget      = "group"
-)
-
-const (
-	targetNameFlag = "target-name"
-	targetNameDesc = "Resource name in APE resource name format"
-	targetTypeFlag = "target-type"
-	targetTypeDesc = "Resource type(container/namespace)"
-)
-
-var (
-	errSettingDefaultValueWasDeclined = errors.New("setting default value was declined")
-	errUnknownTargetType              = errors.New("unknown target type")
-)
+var engineToControlSvcType = map[policyengine.TargetType]control.ChainTarget_TargetType{
+	policyengine.Namespace: control.ChainTarget_NAMESPACE,
+	policyengine.Container: control.ChainTarget_CONTAINER,
+	policyengine.User:      control.ChainTarget_USER,
+	policyengine.Group:     control.ChainTarget_GROUP,
+}
 
 func parseTarget(cmd *cobra.Command) *control.ChainTarget {
-	typ, _ := cmd.Flags().GetString(targetTypeFlag)
-	name, _ := cmd.Flags().GetString(targetNameFlag)
-	switch typ {
-	case namespaceTarget:
-		if name == "" {
-			ln, err := input.ReadLine(fmt.Sprintf("Target name is not set. Confirm to use %s namespace (n|Y)> ", defaultNamespace))
-			commonCmd.ExitOnErr(cmd, "read line error: %w", err)
-			ln = strings.ToLower(ln)
-			if len(ln) > 0 && (ln[0] == 'n') {
-				commonCmd.ExitOnErr(cmd, "read namespace error: %w", errSettingDefaultValueWasDeclined)
-			}
-			name = defaultNamespace
-		}
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_NAMESPACE,
-		}
-	case containerTarget:
-		var cnr cid.ID
-		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_CONTAINER,
-		}
-	case userTarget:
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_USER,
-		}
-	case groupTarget:
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_GROUP,
-		}
-	default:
-		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+	target := apeCmd.ParseTarget(cmd)
+
+	typ, ok := engineToControlSvcType[target.Type]
+	if !ok {
+		commonCmd.ExitOnErr(cmd, "%w", fmt.Errorf("unknown type '%c", target.Type))
+	}
+
+	return &control.ChainTarget{
+		Name: target.Name,
+		Type: typ,
 	}
-	return nil
 }
 
 func listRules(cmd *cobra.Command, _ []string) {
@@ -117,7 +75,7 @@ func listRules(cmd *cobra.Command, _ []string) {
 	for _, c := range chains {
 		var chain apechain.Chain
 		commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(c))
-		util.PrintHumanReadableAPEChain(cmd, &chain)
+		apeCmd.PrintHumanReadableAPEChain(cmd, &chain)
 	}
 }
 
@@ -125,7 +83,7 @@ func initControlListRulesCmd() {
 	initControlFlags(listRulesCmd)
 
 	ff := listRulesCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = listRulesCmd.MarkFlagRequired(targetTypeFlag)
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = listRulesCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }

cmd/frostfs-cli/modules/control/list_targets.go

@@ -2,26 +2,20 @@ package control
 
 import (
 	"bytes"
-	"crypto/sha256"
 	"fmt"
 	"strconv"
 	"text/tabwriter"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
-const (
-	chainNameFlag      = "chain-name"
-	chainNameFlagUsage = "Chain name(ingress|s3)"
-)
-
 var listTargetsCmd = &cobra.Command{
 	Use:   "list-targets",
 	Short: "List local targets",
@@ -32,15 +26,11 @@ var listTargetsCmd = &cobra.Command{
 func listTargets(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)
 
-	var cnr cid.ID
-	chainName, _ := cmd.Flags().GetString(chainNameFlag)
-
-	rawCID := make([]byte, sha256.Size)
-	cnr.Encode(rawCID)
+	chainName := apeCmd.ParseChainName(cmd)
 
 	req := &control.ListTargetsLocalOverridesRequest{
 		Body: &control.ListTargetsLocalOverridesRequest_Body{
-			ChainName: chainName,
+			ChainName: string(chainName),
 		},
 	}
 
@@ -72,7 +62,7 @@ func listTargets(cmd *cobra.Command, _ []string) {
 	tw := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)
 	_, _ = tw.Write([]byte("#\tName\tType\n"))
 	for i, t := range targets {
-		_, _ = tw.Write([]byte(fmt.Sprintf("%s\t%s\t%s\n", strconv.Itoa(i), t.GetName(), t.GetType())))
+		_, _ = tw.Write(fmt.Appendf(nil, "%s\t%s\t%s\n", strconv.Itoa(i), t.GetName(), t.GetType()))
 	}
 	_ = tw.Flush()
 	cmd.Print(buf.String())
@@ -82,7 +72,7 @@ func initControlListTargetsCmd() {
 	initControlFlags(listTargetsCmd)
 
 	ff := listTargetsCmd.Flags()
-	ff.String(chainNameFlag, "", chainNameFlagUsage)
+	ff.String(apeCmd.ChainNameFlag, "", apeCmd.ChainNameFlagDesc)
 
-	_ = cobra.MarkFlagRequired(ff, chainNameFlag)
+	_ = cobra.MarkFlagRequired(ff, apeCmd.ChainNameFlag)
 }

cmd/frostfs-cli/modules/control/locate.go

@@ -0,0 +1,117 @@
+package control
+
+import (
+	"bytes"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	object "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/object"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"github.com/mr-tron/base58"
+	"github.com/spf13/cobra"
+)
+
+const (
+	FullInfoFlag      = "full"
+	FullInfoFlagUsage = "Print full ShardInfo."
+)
+
+var locateObjectCmd = &cobra.Command{
+	Use:   "locate-object",
+	Short: "List shards storing the object",
+	Long:  "List shards storing the object",
+	Run:   locateObject,
+}
+
+func initControlLocateObjectCmd() {
+	initControlFlags(locateObjectCmd)
+
+	flags := locateObjectCmd.Flags()
+
+	flags.String(commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	_ = locateObjectCmd.MarkFlagRequired(commonflags.CIDFlag)
+
+	flags.String(commonflags.OIDFlag, "", commonflags.OIDFlagUsage)
+	_ = locateObjectCmd.MarkFlagRequired(commonflags.OIDFlag)
+
+	flags.Bool(commonflags.JSON, false, "Print shard info as a JSON array. Requires --full flag.")
+	flags.Bool(FullInfoFlag, false, FullInfoFlagUsage)
+}
+
+func locateObject(cmd *cobra.Command, _ []string) {
+	var cnr cid.ID
+	var obj oid.ID
+
+	_ = object.ReadObjectAddress(cmd, &cnr, &obj)
+
+	pk := key.Get(cmd)
+
+	body := new(control.ListShardsForObjectRequest_Body)
+	body.SetContainerId(cnr.EncodeToString())
+	body.SetObjectId(obj.EncodeToString())
+	req := new(control.ListShardsForObjectRequest)
+	req.SetBody(body)
+	signRequest(cmd, pk, req)
+
+	cli := getClient(cmd, pk)
+
+	var err error
+	var resp *control.ListShardsForObjectResponse
+	err = cli.ExecRaw(func(client *rawclient.Client) error {
+		resp, err = control.ListShardsForObject(client, req)
+		return err
+	})
+	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+
+	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
+
+	shardIDs := resp.GetBody().GetShard_ID()
+
+	isFull, _ := cmd.Flags().GetBool(FullInfoFlag)
+	if !isFull {
+		for _, id := range shardIDs {
+			cmd.Println(base58.Encode(id))
+		}
+		return
+	}
+
+	// get full shard info
+	listShardsReq := new(control.ListShardsRequest)
+	listShardsReq.SetBody(new(control.ListShardsRequest_Body))
+	signRequest(cmd, pk, listShardsReq)
+	var listShardsResp *control.ListShardsResponse
+	err = cli.ExecRaw(func(client *rawclient.Client) error {
+		listShardsResp, err = control.ListShards(client, listShardsReq)
+		return err
+	})
+	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+
+	verifyResponse(cmd, listShardsResp.GetSignature(), listShardsResp.GetBody())
+
+	shards := listShardsResp.GetBody().GetShards()
+	sortShardsByID(shards)
+	shards = filterShards(shards, shardIDs)
+
+	isJSON, _ := cmd.Flags().GetBool(commonflags.JSON)
+	if isJSON {
+		prettyPrintShardsJSON(cmd, shards)
+	} else {
+		prettyPrintShards(cmd, shards)
+	}
+}
+
+func filterShards(info []control.ShardInfo, ids [][]byte) []control.ShardInfo {
+	var res []control.ShardInfo
+	for _, id := range ids {
+		for _, inf := range info {
+			if bytes.Equal(inf.Shard_ID, id) {
+				res = append(res, inf)
+			}
+		}
+	}
+	return res
+}

cmd/frostfs-cli/modules/control/rebuild_shards.go

@@ -3,10 +3,10 @@ package control
 import (
 	"fmt"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/mr-tron/base58"
 	"github.com/spf13/cobra"
 )

cmd/frostfs-cli/modules/control/remove_rule.go

@@ -4,19 +4,14 @@ import (
 	"encoding/hex"
 	"errors"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apecmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 
-const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	allFlag        = "all"
-)
-
 var (
 	errEmptyChainID = errors.New("chain id cannot be empty")
 
@@ -30,8 +25,8 @@ var (
 
 func removeRule(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-	removeAll, _ := cmd.Flags().GetBool(allFlag)
+	hexEncoded, _ := cmd.Flags().GetBool(apecmd.ChainIDHexFlag)
+	removeAll, _ := cmd.Flags().GetBool(apecmd.AllFlag)
 	if removeAll {
 		req := &control.RemoveChainLocalOverridesByTargetRequest{
 			Body: &control.RemoveChainLocalOverridesByTargetRequest_Body{
@@ -52,7 +47,7 @@ func removeRule(cmd *cobra.Command, _ []string) {
 		return
 	}
 
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
+	chainID, _ := cmd.Flags().GetString(apecmd.ChainIDFlag)
 	if chainID == "" {
 		commonCmd.ExitOnErr(cmd, "read chain id error: %w", errEmptyChainID)
 	}
@@ -92,11 +87,11 @@ func initControlRemoveRuleCmd() {
 	initControlFlags(removeRuleCmd)
 
 	ff := removeRuleCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeRuleCmd.MarkFlagRequired(targetTypeFlag)
-	ff.String(chainIDFlag, "", "Chain id")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
-	ff.Bool(allFlag, false, "Remove all chains")
-	removeRuleCmd.MarkFlagsMutuallyExclusive(allFlag, chainIDFlag)
+	ff.String(apecmd.TargetNameFlag, "", apecmd.TargetNameFlagDesc)
+	ff.String(apecmd.TargetTypeFlag, "", apecmd.TargetTypeFlagDesc)
+	_ = removeRuleCmd.MarkFlagRequired(apecmd.TargetTypeFlag)
+	ff.String(apecmd.ChainIDFlag, "", apecmd.ChainIDFlagDesc)
+	ff.Bool(apecmd.ChainIDHexFlag, false, apecmd.ChainIDHexFlagDesc)
+	ff.Bool(apecmd.AllFlag, false, "Remove all chains")
+	removeRuleCmd.MarkFlagsMutuallyExclusive(apecmd.AllFlag, apecmd.ChainIDFlag)
 }

cmd/frostfs-cli/modules/control/root.go

@@ -39,6 +39,7 @@ func init() {
 		listRulesCmd,
 		getRuleCmd,
 		listTargetsCmd,
+		locateObjectCmd,
 	)
 
 	initControlHealthCheckCmd()
@@ -52,4 +53,5 @@ func init() {
 	initControlListRulesCmd()
 	initControGetRuleCmd()
 	initControlListTargetsCmd()
+	initControlLocateObjectCmd()
 }

cmd/frostfs-cli/modules/control/set_netmap_status.go

@@ -6,12 +6,12 @@ import (
 	"fmt"
 	"time"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 )
@@ -127,7 +127,7 @@ func awaitSetNetmapStatus(cmd *cobra.Command, pk *ecdsa.PrivateKey, cli *client.
 		var resp *control.GetNetmapStatusResponse
 		var err error
 		err = cli.ExecRaw(func(client *rawclient.Client) error {
-			resp, err = control.GetNetmapStatus(client, req)
+			resp, err = control.GetNetmapStatus(cmd.Context(), client, req)
 			return err
 		})
 		commonCmd.ExitOnErr(cmd, "failed to get current netmap status: %w", err)

cmd/frostfs-cli/modules/control/shards.go

@@ -13,7 +13,6 @@ var shardsCmd = &cobra.Command{
 func initControlShardsCmd() {
 	shardsCmd.AddCommand(listShardsCmd)
 	shardsCmd.AddCommand(setShardModeCmd)
-	shardsCmd.AddCommand(evacuateShardCmd)
 	shardsCmd.AddCommand(evacuationShardCmd)
 	shardsCmd.AddCommand(flushCacheCmd)
 	shardsCmd.AddCommand(doctorCmd)
@@ -23,7 +22,6 @@ func initControlShardsCmd() {
 
 	initControlShardsListCmd()
 	initControlSetShardModeCmd()
-	initControlEvacuateShardCmd()
 	initControlEvacuationShardCmd()
 	initControlFlushCacheCmd()
 	initControlDoctorCmd()

cmd/frostfs-cli/modules/control/shards_list.go

@@ -7,11 +7,11 @@ import (
 	"sort"
 	"strings"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/mr-tron/base58"
 	"github.com/spf13/cobra"
 )

cmd/frostfs-cli/modules/control/shards_set_mode.go

@@ -6,10 +6,10 @@ import (
 	"slices"
 	"strings"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/mr-tron/base58"
 	"github.com/spf13/cobra"
 )

cmd/frostfs-cli/modules/control/synchronize_tree.go

@@ -4,12 +4,12 @@ import (
 	"crypto/sha256"
 	"errors"
 
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/server/ctrlmessage"
+	rawclient "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/spf13/cobra"
 )