[#1380] neofs-cli: move container command to a separate package

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>

cmd/neofs-cli/modules/container.go

@@ -1,777 +0,0 @@
-package cmd
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-	"github.com/nspcc-dev/neofs-api-go/v2/refs"
-	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
-	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
-	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
-	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
-	objectCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/object"
-	sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
-	"github.com/nspcc-dev/neofs-sdk-go/acl"
-	"github.com/nspcc-dev/neofs-sdk-go/container"
-	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/object"
-	"github.com/nspcc-dev/neofs-sdk-go/policy"
-	"github.com/nspcc-dev/neofs-sdk-go/session"
-	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
-	"github.com/nspcc-dev/neofs-sdk-go/user"
-	versionSDK "github.com/nspcc-dev/neofs-sdk-go/version"
-	"github.com/spf13/cobra"
-)
-
-const (
-	attributeDelimiter = "="
-
-	awaitTimeout = 120 // in seconds
-)
-
-// keywords of predefined basic ACL values
-const (
-	basicACLPrivate  = "private"
-	basicACLReadOnly = "public-read"
-	basicACLPublic   = "public-read-write"
-	basicACLAppend   = "public-append"
-
-	basicACLNoFinalPrivate  = "eacl-private"
-	basicACLNoFinalReadOnly = "eacl-public-read"
-	basicACLNoFinalPublic   = "eacl-public-read-write"
-	basicACLNoFinalAppend   = "eacl-public-append"
-)
-
-var wellKnownBasicACL = map[string]acl.BasicACL{
-	basicACLPublic:   acl.PublicBasicRule,
-	basicACLPrivate:  acl.PrivateBasicRule,
-	basicACLReadOnly: acl.ReadOnlyBasicRule,
-	basicACLAppend:   acl.PublicAppendRule,
-
-	basicACLNoFinalPublic:   acl.EACLPublicBasicRule,
-	basicACLNoFinalPrivate:  acl.EACLPrivateBasicRule,
-	basicACLNoFinalReadOnly: acl.EACLReadOnlyBasicRule,
-	basicACLNoFinalAppend:   acl.EACLPublicAppendRule,
-}
-
-var (
-	containerOwner string
-
-	containerACL         string
-	containerNonce       string
-	containerPolicy      string
-	containerAttributes  []string
-	containerAwait       bool
-	containerName        string
-	containerNoTimestamp bool
-	containerSubnet      string
-
-	containerID string
-
-	containerPathFrom string
-	containerPathTo   string
-
-	containerJSON bool
-
-	eaclPathFrom string
-)
-
-var (
-	errDeleteTimeout  = errors.New("timeout: container has not been removed from sidechain")
-	errCreateTimeout  = errors.New("timeout: container has not been persisted on sidechain")
-	errSetEACLTimeout = errors.New("timeout: EACL has not been persisted on sidechain")
-)
-
-// containerCmd represents the container command
-var containerCmd = &cobra.Command{
-	Use:   "container",
-	Short: "Operations with containers",
-	Long:  "Operations with containers",
-	PersistentPreRun: func(cmd *cobra.Command, args []string) {
-		// bind exactly that cmd's flags to
-		// the viper before execution
-		commonflags.Bind(cmd)
-		commonflags.BindAPI(cmd)
-	},
-}
-
-var listContainersCmd = &cobra.Command{
-	Use:   "list",
-	Short: "List all created containers",
-	Long:  "List all created containers",
-	Run: func(cmd *cobra.Command, args []string) {
-		var idUser user.ID
-
-		key := key.GetOrGenerate(cmd)
-
-		if containerOwner == "" {
-			user.IDFromKey(&idUser, key.PublicKey)
-		} else {
-			err := idUser.DecodeString(containerOwner)
-			common.ExitOnErr(cmd, "invalid user ID: %w", err)
-		}
-
-		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
-
-		var prm internalclient.ListContainersPrm
-		prm.SetClient(cli)
-		prm.SetAccount(idUser)
-
-		res, err := internalclient.ListContainers(prm)
-		common.ExitOnErr(cmd, "rpc error: %w", err)
-
-		// print to stdout
-		prettyPrintContainerList(cmd, res.IDList())
-	},
-}
-
-var createContainerCmd = &cobra.Command{
-	Use:   "create",
-	Short: "Create new container",
-	Long: `Create new container and register it in the NeoFS. 
-It will be stored in sidechain when inner ring will accepts it.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		placementPolicy, err := parseContainerPolicy(containerPolicy)
-		common.ExitOnErr(cmd, "", err)
-
-		var subnetID subnetid.ID
-
-		err = subnetID.DecodeString(containerSubnet)
-		common.ExitOnErr(cmd, "could not parse subnetID: %w", err)
-
-		placementPolicy.SetSubnetID(&subnetID)
-
-		attributes, err := parseAttributes(containerAttributes)
-		common.ExitOnErr(cmd, "", err)
-
-		basicACL, err := parseBasicACL(containerACL)
-		common.ExitOnErr(cmd, "", err)
-
-		nonce, err := parseNonce(containerNonce)
-		common.ExitOnErr(cmd, "", err)
-
-		key := key.GetOrGenerate(cmd)
-
-		cnr := container.New()
-		var tok *session.Container
-
-		sessionTokenPath, _ := cmd.Flags().GetString(commonflags.SessionToken)
-		if sessionTokenPath != "" {
-			tok = new(session.Container)
-			common.ReadSessionToken(cmd, tok, sessionTokenPath)
-
-			issuer := tok.Issuer()
-			cnr.SetOwnerID(&issuer)
-			cnr.SetSessionToken(tok)
-		} else {
-			var idOwner user.ID
-			user.IDFromKey(&idOwner, key.PublicKey)
-
-			cnr.SetOwnerID(&idOwner)
-		}
-
-		ver := versionSDK.Current()
-
-		cnr.SetVersion(&ver)
-		cnr.SetPlacementPolicy(placementPolicy)
-		cnr.SetBasicACL(basicACL)
-		cnr.SetAttributes(attributes)
-		cnr.SetNonceUUID(nonce)
-		cnr.SetSessionToken(tok)
-
-		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
-
-		var putPrm internalclient.PutContainerPrm
-		putPrm.SetClient(cli)
-		putPrm.SetContainer(*cnr)
-
-		res, err := internalclient.PutContainer(putPrm)
-		common.ExitOnErr(cmd, "rpc error: %w", err)
-
-		id := res.ID()
-
-		cmd.Println("container ID:", id)
-
-		if containerAwait {
-			cmd.Println("awaiting...")
-
-			var getPrm internalclient.GetContainerPrm
-			getPrm.SetClient(cli)
-			getPrm.SetContainer(id)
-
-			for i := 0; i < awaitTimeout; i++ {
-				time.Sleep(1 * time.Second)
-
-				_, err := internalclient.GetContainer(getPrm)
-				if err == nil {
-					cmd.Println("container has been persisted on sidechain")
-					return
-				}
-			}
-
-			common.ExitOnErr(cmd, "", errCreateTimeout)
-		}
-	},
-}
-
-var deleteContainerCmd = &cobra.Command{
-	Use:   "delete",
-	Short: "Delete existing container",
-	Long: `Delete existing container. 
-Only owner of the container has a permission to remove container.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		id, err := parseContainerID(containerID)
-		common.ExitOnErr(cmd, "", err)
-
-		var tok *session.Container
-
-		sessionTokenPath, _ := cmd.Flags().GetString(commonflags.SessionToken)
-		if sessionTokenPath != "" {
-			tok = new(session.Container)
-			common.ReadSessionToken(cmd, tok, sessionTokenPath)
-		}
-
-		var (
-			delPrm internalclient.DeleteContainerPrm
-			getPrm internalclient.GetContainerPrm
-		)
-
-		prepareAPIClient(cmd, &delPrm, &getPrm)
-		delPrm.SetContainer(*id)
-
-		if tok != nil {
-			delPrm.WithinSession(*tok)
-		}
-
-		_, err = internalclient.DeleteContainer(delPrm)
-		common.ExitOnErr(cmd, "rpc error: %w", err)
-
-		cmd.Println("container delete method invoked")
-
-		if containerAwait {
-			cmd.Println("awaiting...")
-
-			getPrm.SetContainer(*id)
-
-			for i := 0; i < awaitTimeout; i++ {
-				time.Sleep(1 * time.Second)
-
-				_, err := internalclient.GetContainer(getPrm)
-				if err != nil {
-					cmd.Println("container has been removed:", containerID)
-					return
-				}
-			}
-
-			common.ExitOnErr(cmd, "", errDeleteTimeout)
-		}
-	},
-}
-
-var listContainerObjectsCmd = &cobra.Command{
-	Use:   "list-objects",
-	Short: "List existing objects in container",
-	Long:  `List existing objects in container`,
-	Run: func(cmd *cobra.Command, args []string) {
-		id, err := parseContainerID(containerID)
-		common.ExitOnErr(cmd, "", err)
-
-		filters := new(object.SearchFilters)
-		filters.AddRootFilter() // search only user created objects
-
-		pk := key.GetOrGenerate(cmd)
-
-		var prm internalclient.SearchObjectsPrm
-		sessionCli.Prepare(cmd, *id, nil, pk, &prm)
-		objectCli.Prepare(cmd, &prm)
-		prm.SetContainerID(*id)
-		prm.SetFilters(*filters)
-
-		res, err := internalclient.SearchObjects(prm)
-		common.ExitOnErr(cmd, "rpc error: %w", err)
-
-		objectIDs := res.IDList()
-
-		for i := range objectIDs {
-			cmd.Println(objectIDs[i])
-		}
-	},
-}
-
-var getContainerInfoCmd = &cobra.Command{
-	Use:   "get",
-	Short: "Get container field info",
-	Long:  `Get container field info`,
-	Run: func(cmd *cobra.Command, args []string) {
-		var cnr *container.Container
-
-		if containerPathFrom != "" {
-			data, err := os.ReadFile(containerPathFrom)
-			common.ExitOnErr(cmd, "can't read file: %w", err)
-
-			cnr = container.New()
-			err = cnr.Unmarshal(data)
-			common.ExitOnErr(cmd, "can't unmarshal container: %w", err)
-		} else {
-			id, err := parseContainerID(containerID)
-			common.ExitOnErr(cmd, "", err)
-
-			var prm internalclient.GetContainerPrm
-
-			prepareAPIClient(cmd, &prm)
-			prm.SetContainer(*id)
-
-			res, err := internalclient.GetContainer(prm)
-			common.ExitOnErr(cmd, "rpc error: %w", err)
-
-			cnr = res.Container()
-		}
-
-		prettyPrintContainer(cmd, cnr, containerJSON)
-
-		if containerPathTo != "" {
-			var (
-				data []byte
-				err  error
-			)
-
-			if containerJSON {
-				data, err = cnr.MarshalJSON()
-				common.ExitOnErr(cmd, "can't JSON encode container: %w", err)
-			} else {
-				data, err = cnr.Marshal()
-				common.ExitOnErr(cmd, "can't binary encode container: %w", err)
-			}
-
-			err = os.WriteFile(containerPathTo, data, 0644)
-			common.ExitOnErr(cmd, "can't write container to file: %w", err)
-		}
-	},
-}
-
-var getExtendedACLCmd = &cobra.Command{
-	Use:   "get-eacl",
-	Short: "Get extended ACL table of container",
-	Long:  `Get extended ACL talbe of container`,
-	Run: func(cmd *cobra.Command, args []string) {
-		id, err := parseContainerID(containerID)
-		common.ExitOnErr(cmd, "", err)
-
-		var eaclPrm internalclient.EACLPrm
-
-		prepareAPIClient(cmd, &eaclPrm)
-		eaclPrm.SetContainer(*id)
-
-		res, err := internalclient.EACL(eaclPrm)
-		common.ExitOnErr(cmd, "rpc error: %w", err)
-
-		eaclTable := res.EACL()
-
-		sig := eaclTable.Signature()
-
-		// TODO(@cthulhu-rider): #1387 avoid type conversion
-		var sigV2 refs.Signature
-		sig.WriteToV2(&sigV2)
-
-		if containerPathTo == "" {
-			cmd.Println("eACL: ")
-			prettyPrintEACL(cmd, eaclTable)
-
-			var sigV2 refs.Signature
-			sig.WriteToV2(&sigV2)
-
-			cmd.Println("Signature:")
-			common.PrettyPrintJSON(cmd, &sigV2, "signature")
-
-			return
-		}
-
-		var data []byte
-
-		if containerJSON {
-			data, err = eaclTable.MarshalJSON()
-			common.ExitOnErr(cmd, "can't encode to JSON: %w", err)
-		} else {
-			data, err = eaclTable.Marshal()
-			common.ExitOnErr(cmd, "can't encode to binary: %w", err)
-		}
-
-		cmd.Println("dumping data to file:", containerPathTo)
-
-		cmd.Println("Signature:")
-		common.PrettyPrintJSON(cmd, &sigV2, "signature")
-
-		err = os.WriteFile(containerPathTo, data, 0644)
-		common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
-	},
-}
-
-var setExtendedACLCmd = &cobra.Command{
-	Use:   "set-eacl",
-	Short: "Set new extended ACL table for container",
-	Long: `Set new extended ACL table for container.
-Container ID in EACL table will be substituted with ID from the CLI.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		id, err := parseContainerID(containerID)
-		common.ExitOnErr(cmd, "", err)
-
-		eaclTable := common.ReadEACL(cmd, eaclPathFrom)
-
-		var tok *session.Container
-
-		sessionTokenPath, _ := cmd.Flags().GetString(commonflags.SessionToken)
-		if sessionTokenPath != "" {
-			tok = new(session.Container)
-			common.ReadSessionToken(cmd, tok, sessionTokenPath)
-		}
-
-		eaclTable.SetCID(*id)
-		eaclTable.SetSessionToken(tok)
-
-		var (
-			setEACLPrm internalclient.SetEACLPrm
-			getEACLPrm internalclient.EACLPrm
-		)
-
-		prepareAPIClient(cmd, &setEACLPrm, &getEACLPrm)
-		setEACLPrm.SetTable(*eaclTable)
-
-		_, err = internalclient.SetEACL(setEACLPrm)
-		common.ExitOnErr(cmd, "rpc error: %w", err)
-
-		if containerAwait {
-			exp, err := eaclTable.Marshal()
-			common.ExitOnErr(cmd, "broken EACL table: %w", err)
-
-			cmd.Println("awaiting...")
-
-			getEACLPrm.SetContainer(*id)
-
-			for i := 0; i < awaitTimeout; i++ {
-				time.Sleep(1 * time.Second)
-
-				res, err := internalclient.EACL(getEACLPrm)
-				if err == nil {
-					// compare binary values because EACL could have been set already
-					got, err := res.EACL().Marshal()
-					if err != nil {
-						continue
-					}
-
-					if bytes.Equal(exp, got) {
-						cmd.Println("EACL has been persisted on sidechain")
-						return
-					}
-				}
-			}
-
-			common.ExitOnErr(cmd, "", errSetEACLTimeout)
-		}
-	},
-}
-
-func initContainerListContainersCmd() {
-	commonflags.Init(listContainersCmd)
-
-	flags := listContainersCmd.Flags()
-
-	flags.StringVar(&containerOwner, "owner", "", "owner of containers (omit to use owner from private key)")
-}
-
-func initContainerCreateCmd() {
-	commonflags.Init(createContainerCmd)
-
-	flags := createContainerCmd.Flags()
-
-	flags.StringVar(&containerACL, "basic-acl", basicACLPrivate, fmt.Sprintf("hex encoded basic ACL value or keywords like '%s', '%s', '%s'", basicACLPublic, basicACLPrivate, basicACLNoFinalReadOnly))
-	flags.StringVarP(&containerPolicy, "policy", "p", "", "QL-encoded or JSON-encoded placement policy or path to file with it")
-	flags.StringSliceVarP(&containerAttributes, "attributes", "a", nil, "comma separated pairs of container attributes in form of Key1=Value1,Key2=Value2")
-	flags.StringVarP(&containerNonce, "nonce", "n", "", "UUIDv4 nonce value for container")
-	flags.BoolVar(&containerAwait, "await", false, "block execution until container is persisted")
-	flags.StringVar(&containerName, "name", "", "container name attribute")
-	flags.BoolVar(&containerNoTimestamp, "disable-timestamp", false, "disable timestamp container attribute")
-	flags.StringVar(&containerSubnet, "subnet", "", "string representation of container subnetwork")
-}
-
-func initContainerDeleteCmd() {
-	commonflags.Init(deleteContainerCmd)
-
-	flags := deleteContainerCmd.Flags()
-
-	flags.StringVar(&containerID, "cid", "", "container ID")
-	flags.BoolVar(&containerAwait, "await", false, "block execution until container is removed")
-}
-
-func initContainerListObjectsCmd() {
-	commonflags.Init(listContainerObjectsCmd)
-
-	flags := listContainerObjectsCmd.Flags()
-
-	flags.StringVar(&containerID, "cid", "", "container ID")
-}
-
-func initContainerInfoCmd() {
-	commonflags.Init(getContainerInfoCmd)
-
-	flags := getContainerInfoCmd.Flags()
-
-	flags.StringVar(&containerID, "cid", "", "container ID")
-	flags.StringVar(&containerPathTo, "to", "", "path to dump encoded container")
-	flags.StringVar(&containerPathFrom, "from", "", "path to file with encoded container")
-	flags.BoolVar(&containerJSON, "json", false, "print or dump container in JSON format")
-}
-
-func initContainerGetEACLCmd() {
-	commonflags.Init(getExtendedACLCmd)
-
-	flags := getExtendedACLCmd.Flags()
-
-	flags.StringVar(&containerID, "cid", "", "container ID")
-	flags.StringVar(&containerPathTo, "to", "", "path to dump encoded container (default: binary encoded)")
-	flags.BoolVar(&containerJSON, "json", false, "encode EACL table in json format")
-}
-
-func initContainerSetEACLCmd() {
-	commonflags.Init(setExtendedACLCmd)
-
-	flags := setExtendedACLCmd.Flags()
-	flags.StringVar(&containerID, "cid", "", "container ID")
-	flags.StringVar(&eaclPathFrom, "table", "", "path to file with JSON or binary encoded EACL table")
-	flags.BoolVar(&containerAwait, "await", false, "block execution until EACL is persisted")
-}
-
-func init() {
-	containerChildCommand := []*cobra.Command{
-		listContainersCmd,
-		createContainerCmd,
-		deleteContainerCmd,
-		listContainerObjectsCmd,
-		getContainerInfoCmd,
-		getExtendedACLCmd,
-		setExtendedACLCmd,
-	}
-
-	rootCmd.AddCommand(containerCmd)
-
-	containerCmd.AddCommand(containerChildCommand...)
-
-	// Here you will define your flags and configuration settings.
-
-	// Cobra supports Persistent Flags which will work for this command
-	// and all subcommands, e.g.:
-	// containerCmd.PersistentFlags().String("foo", "", "A help for foo")
-
-	// Cobra supports local flags which will only run when this command
-	// is called directly, e.g.:
-	// containerCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
-
-	initContainerListContainersCmd()
-	initContainerCreateCmd()
-	initContainerDeleteCmd()
-	initContainerListObjectsCmd()
-	initContainerInfoCmd()
-	initContainerGetEACLCmd()
-	initContainerSetEACLCmd()
-
-	for _, containerCommand := range containerChildCommand {
-		commonflags.InitAPI(containerCommand)
-	}
-
-	for _, cmd := range []*cobra.Command{
-		createContainerCmd,
-		deleteContainerCmd,
-		setExtendedACLCmd,
-	} {
-		commonflags.InitSession(cmd)
-	}
-}
-
-func prettyPrintContainerList(cmd *cobra.Command, list []cid.ID) {
-	for i := range list {
-		cmd.Println(list[i])
-	}
-}
-
-func parseContainerPolicy(policyString string) (*netmap.PlacementPolicy, error) {
-	_, err := os.Stat(policyString) // check if `policyString` is a path to file with placement policy
-	if err == nil {
-		common.PrintVerbose("Reading placement policy from file: %s", policyString)
-
-		data, err := os.ReadFile(policyString)
-		if err != nil {
-			return nil, fmt.Errorf("can't read file with placement policy: %w", err)
-		}
-
-		policyString = string(data)
-	}
-
-	result, err := policy.Parse(policyString)
-	if err == nil {
-		common.PrintVerbose("Parsed QL encoded policy")
-		return result, nil
-	}
-
-	result = netmap.NewPlacementPolicy()
-	if err = result.UnmarshalJSON([]byte(policyString)); err == nil {
-		common.PrintVerbose("Parsed JSON encoded policy")
-		return result, nil
-	}
-
-	return nil, errors.New("can't parse placement policy")
-}
-
-func parseAttributes(attributes []string) ([]container.Attribute, error) {
-	result := make([]container.Attribute, len(attributes), len(attributes)+2) // name + timestamp attributes
-
-	for i := range attributes {
-		kvPair := strings.Split(attributes[i], attributeDelimiter)
-		if len(kvPair) != 2 {
-			return nil, errors.New("invalid container attribute")
-		}
-
-		result[i].SetKey(kvPair[0])
-		result[i].SetValue(kvPair[1])
-	}
-
-	if !containerNoTimestamp {
-		index := len(result)
-		result = append(result, container.Attribute{})
-		result[index].SetKey(container.AttributeTimestamp)
-		result[index].SetValue(strconv.FormatInt(time.Now().Unix(), 10))
-	}
-
-	if containerName != "" {
-		index := len(result)
-		result = append(result, container.Attribute{})
-		result[index].SetKey(container.AttributeName)
-		result[index].SetValue(containerName)
-	}
-
-	return result, nil
-}
-
-func parseBasicACL(basicACL string) (acl.BasicACL, error) {
-	if value, ok := wellKnownBasicACL[basicACL]; ok {
-		return value, nil
-	}
-
-	basicACL = strings.Trim(strings.ToLower(basicACL), "0x")
-
-	value, err := strconv.ParseUint(basicACL, 16, 32)
-	if err != nil {
-		return 0, fmt.Errorf("can't parse basic ACL: %s", basicACL)
-	}
-
-	return acl.BasicACL(value), nil
-}
-
-func parseNonce(nonce string) (uuid.UUID, error) {
-	if nonce == "" {
-		result := uuid.New()
-		common.PrintVerbose("Generating container nonce: %s", result)
-
-		return result, nil
-	}
-
-	uid, err := uuid.Parse(nonce)
-	if err != nil {
-		return uuid.UUID{}, fmt.Errorf("could not parse nonce: %w", err)
-	}
-
-	return uid, nil
-}
-
-func parseContainerID(idStr string) (*cid.ID, error) {
-	if idStr == "" {
-		return nil, errors.New("container ID is not set")
-	}
-
-	var id cid.ID
-
-	err := id.DecodeString(idStr)
-	if err != nil {
-		return nil, errors.New("can't decode container ID value")
-	}
-
-	return &id, nil
-}
-
-func prettyPrintContainer(cmd *cobra.Command, cnr *container.Container, jsonEncoding bool) {
-	if cnr == nil {
-		return
-	}
-
-	if jsonEncoding {
-		data, err := cnr.MarshalJSON()
-		if err != nil {
-			common.PrintVerbose("Can't convert container to json: %w", err)
-			return
-		}
-		buf := new(bytes.Buffer)
-		if err := json.Indent(buf, data, "", "  "); err != nil {
-			common.PrintVerbose("Can't pretty print json: %w", err)
-		}
-
-		cmd.Println(buf)
-
-		return
-	}
-
-	id := container.CalculateID(cnr)
-	cmd.Println("container ID:", id)
-
-	v := cnr.Version()
-	cmd.Printf("version: %d.%d\n", v.Major(), v.Minor())
-
-	cmd.Println("owner ID:", cnr.OwnerID())
-
-	basicACL := cnr.BasicACL()
-	prettyPrintBasicACL(cmd, acl.BasicACL(basicACL))
-
-	for _, attribute := range cnr.Attributes() {
-		if attribute.Key() == container.AttributeTimestamp {
-			cmd.Printf("attribute: %s=%s (%s)\n",
-				attribute.Key(),
-				attribute.Value(),
-				common.PrettyPrintUnixTime(attribute.Value()))
-
-			continue
-		}
-
-		cmd.Printf("attribute: %s=%s\n", attribute.Key(), attribute.Value())
-	}
-
-	nonce, err := cnr.NonceUUID()
-	if err == nil {
-		cmd.Println("nonce:", nonce)
-	} else {
-		cmd.Println("invalid nonce:", err)
-	}
-
-	cmd.Println("placement policy:")
-	cmd.Println(strings.Join(policy.Encode(cnr.PlacementPolicy()), "\n"))
-}
-
-func prettyPrintEACL(cmd *cobra.Command, table *eacl.Table) {
-	common.PrettyPrintJSON(cmd, table, "eACL")
-}
-
-func prettyPrintBasicACL(cmd *cobra.Command, basicACL acl.BasicACL) {
-	cmd.Printf("basic ACL: %s", basicACL)
-	for k, v := range wellKnownBasicACL {
-		if v == basicACL {
-			cmd.Printf(" (%s)\n", k)
-			return
-		}
-	}
-	cmd.Println()
-}

cmd/neofs-cli/modules/container/create.go

@@ -0,0 +1,254 @@
+package container
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	"github.com/nspcc-dev/neofs-sdk-go/acl"
+	"github.com/nspcc-dev/neofs-sdk-go/container"
+	"github.com/nspcc-dev/neofs-sdk-go/netmap"
+	"github.com/nspcc-dev/neofs-sdk-go/policy"
+	"github.com/nspcc-dev/neofs-sdk-go/session"
+	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+	versionSDK "github.com/nspcc-dev/neofs-sdk-go/version"
+	"github.com/spf13/cobra"
+)
+
+// keywords of predefined basic ACL values
+const (
+	basicACLPrivate  = "private"
+	basicACLReadOnly = "public-read"
+	basicACLPublic   = "public-read-write"
+	basicACLAppend   = "public-append"
+
+	basicACLNoFinalPrivate  = "eacl-private"
+	basicACLNoFinalReadOnly = "eacl-public-read"
+	basicACLNoFinalPublic   = "eacl-public-read-write"
+	basicACLNoFinalAppend   = "eacl-public-append"
+)
+
+var wellKnownBasicACL = map[string]acl.BasicACL{
+	basicACLPublic:   acl.PublicBasicRule,
+	basicACLPrivate:  acl.PrivateBasicRule,
+	basicACLReadOnly: acl.ReadOnlyBasicRule,
+	basicACLAppend:   acl.PublicAppendRule,
+
+	basicACLNoFinalPublic:   acl.EACLPublicBasicRule,
+	basicACLNoFinalPrivate:  acl.EACLPrivateBasicRule,
+	basicACLNoFinalReadOnly: acl.EACLReadOnlyBasicRule,
+	basicACLNoFinalAppend:   acl.EACLPublicAppendRule,
+}
+
+var (
+	containerACL         string
+	containerNonce       string
+	containerPolicy      string
+	containerAttributes  []string
+	containerAwait       bool
+	containerName        string
+	containerNoTimestamp bool
+	containerSubnet      string
+)
+
+var createContainerCmd = &cobra.Command{
+	Use:   "create",
+	Short: "Create new container",
+	Long: `Create new container and register it in the NeoFS. 
+It will be stored in sidechain when inner ring will accepts it.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		placementPolicy, err := parseContainerPolicy(containerPolicy)
+		common.ExitOnErr(cmd, "", err)
+
+		var subnetID subnetid.ID
+
+		err = subnetID.DecodeString(containerSubnet)
+		common.ExitOnErr(cmd, "could not parse subnetID: %w", err)
+
+		placementPolicy.SetSubnetID(&subnetID)
+
+		attributes, err := parseAttributes(containerAttributes)
+		common.ExitOnErr(cmd, "", err)
+
+		basicACL, err := parseBasicACL(containerACL)
+		common.ExitOnErr(cmd, "", err)
+
+		nonce, err := parseNonce(containerNonce)
+		common.ExitOnErr(cmd, "", err)
+
+		key := key.GetOrGenerate(cmd)
+
+		cnr := container.New()
+		var tok *session.Container
+
+		sessionTokenPath, _ := cmd.Flags().GetString(commonflags.SessionToken)
+		if sessionTokenPath != "" {
+			tok = new(session.Container)
+			common.ReadSessionToken(cmd, tok, sessionTokenPath)
+
+			issuer := tok.Issuer()
+			cnr.SetOwnerID(&issuer)
+			cnr.SetSessionToken(tok)
+		} else {
+			var idOwner user.ID
+			user.IDFromKey(&idOwner, key.PublicKey)
+
+			cnr.SetOwnerID(&idOwner)
+		}
+
+		ver := versionSDK.Current()
+
+		cnr.SetVersion(&ver)
+		cnr.SetPlacementPolicy(placementPolicy)
+		cnr.SetBasicACL(basicACL)
+		cnr.SetAttributes(attributes)
+		cnr.SetNonceUUID(nonce)
+		cnr.SetSessionToken(tok)
+
+		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
+
+		var putPrm internalclient.PutContainerPrm
+		putPrm.SetClient(cli)
+		putPrm.SetContainer(*cnr)
+
+		res, err := internalclient.PutContainer(putPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		id := res.ID()
+
+		cmd.Println("container ID:", id)
+
+		if containerAwait {
+			cmd.Println("awaiting...")
+
+			var getPrm internalclient.GetContainerPrm
+			getPrm.SetClient(cli)
+			getPrm.SetContainer(id)
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				_, err := internalclient.GetContainer(getPrm)
+				if err == nil {
+					cmd.Println("container has been persisted on sidechain")
+					return
+				}
+			}
+
+			common.ExitOnErr(cmd, "", errCreateTimeout)
+		}
+	},
+}
+
+func initContainerCreateCmd() {
+	commonflags.Init(createContainerCmd)
+
+	flags := createContainerCmd.Flags()
+
+	flags.StringVar(&containerACL, "basic-acl", basicACLPrivate, fmt.Sprintf("hex encoded basic ACL value or keywords like '%s', '%s', '%s'", basicACLPublic, basicACLPrivate, basicACLNoFinalReadOnly))
+	flags.StringVarP(&containerPolicy, "policy", "p", "", "QL-encoded or JSON-encoded placement policy or path to file with it")
+	flags.StringSliceVarP(&containerAttributes, "attributes", "a", nil, "comma separated pairs of container attributes in form of Key1=Value1,Key2=Value2")
+	flags.StringVarP(&containerNonce, "nonce", "n", "", "UUIDv4 nonce value for container")
+	flags.BoolVar(&containerAwait, "await", false, "block execution until container is persisted")
+	flags.StringVar(&containerName, "name", "", "container name attribute")
+	flags.BoolVar(&containerNoTimestamp, "disable-timestamp", false, "disable timestamp container attribute")
+	flags.StringVar(&containerSubnet, "subnet", "", "string representation of container subnetwork")
+}
+
+func parseContainerPolicy(policyString string) (*netmap.PlacementPolicy, error) {
+	_, err := os.Stat(policyString) // check if `policyString` is a path to file with placement policy
+	if err == nil {
+		common.PrintVerbose("Reading placement policy from file: %s", policyString)
+
+		data, err := os.ReadFile(policyString)
+		if err != nil {
+			return nil, fmt.Errorf("can't read file with placement policy: %w", err)
+		}
+
+		policyString = string(data)
+	}
+
+	result, err := policy.Parse(policyString)
+	if err == nil {
+		common.PrintVerbose("Parsed QL encoded policy")
+		return result, nil
+	}
+
+	result = netmap.NewPlacementPolicy()
+	if err = result.UnmarshalJSON([]byte(policyString)); err == nil {
+		common.PrintVerbose("Parsed JSON encoded policy")
+		return result, nil
+	}
+
+	return nil, errors.New("can't parse placement policy")
+}
+
+func parseAttributes(attributes []string) ([]container.Attribute, error) {
+	result := make([]container.Attribute, len(attributes), len(attributes)+2) // name + timestamp attributes
+
+	for i := range attributes {
+		kvPair := strings.Split(attributes[i], attributeDelimiter)
+		if len(kvPair) != 2 {
+			return nil, errors.New("invalid container attribute")
+		}
+
+		result[i].SetKey(kvPair[0])
+		result[i].SetValue(kvPair[1])
+	}
+
+	if !containerNoTimestamp {
+		index := len(result)
+		result = append(result, container.Attribute{})
+		result[index].SetKey(container.AttributeTimestamp)
+		result[index].SetValue(strconv.FormatInt(time.Now().Unix(), 10))
+	}
+
+	if containerName != "" {
+		index := len(result)
+		result = append(result, container.Attribute{})
+		result[index].SetKey(container.AttributeName)
+		result[index].SetValue(containerName)
+	}
+
+	return result, nil
+}
+
+func parseBasicACL(basicACL string) (acl.BasicACL, error) {
+	if value, ok := wellKnownBasicACL[basicACL]; ok {
+		return value, nil
+	}
+
+	basicACL = strings.Trim(strings.ToLower(basicACL), "0x")
+
+	value, err := strconv.ParseUint(basicACL, 16, 32)
+	if err != nil {
+		return 0, fmt.Errorf("can't parse basic ACL: %s", basicACL)
+	}
+
+	return acl.BasicACL(value), nil
+}
+
+func parseNonce(nonce string) (uuid.UUID, error) {
+	if nonce == "" {
+		result := uuid.New()
+		common.PrintVerbose("Generating container nonce: %s", result)
+
+		return result, nil
+	}
+
+	uid, err := uuid.Parse(nonce)
+	if err != nil {
+		return uuid.UUID{}, fmt.Errorf("could not parse nonce: %w", err)
+	}
+
+	return uid, nil
+}

cmd/neofs-cli/modules/container/delete.go

@@ -0,0 +1,75 @@
+package container
+
+import (
+	"time"
+
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/spf13/cobra"
+)
+
+var deleteContainerCmd = &cobra.Command{
+	Use:   "delete",
+	Short: "Delete existing container",
+	Long: `Delete existing container. 
+Only owner of the container has a permission to remove container.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+
+		var tok *session.Container
+
+		sessionTokenPath, _ := cmd.Flags().GetString(commonflags.SessionToken)
+		if sessionTokenPath != "" {
+			tok = new(session.Container)
+			common.ReadSessionToken(cmd, tok, sessionTokenPath)
+		}
+
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		var delPrm internalclient.DeleteContainerPrm
+		delPrm.SetClient(cli)
+		delPrm.SetContainer(id)
+
+		if tok != nil {
+			delPrm.WithinSession(*tok)
+		}
+
+		_, err := internalclient.DeleteContainer(delPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		cmd.Println("container delete method invoked")
+
+		if containerAwait {
+			cmd.Println("awaiting...")
+
+			var getPrm internalclient.GetContainerPrm
+			getPrm.SetClient(cli)
+			getPrm.SetContainer(id)
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				_, err := internalclient.GetContainer(getPrm)
+				if err != nil {
+					cmd.Println("container has been removed:", containerID)
+					return
+				}
+			}
+
+			common.ExitOnErr(cmd, "", errDeleteTimeout)
+		}
+	},
+}
+
+func initContainerDeleteCmd() {
+	commonflags.Init(deleteContainerCmd)
+
+	flags := deleteContainerCmd.Flags()
+
+	flags.StringVar(&containerID, "cid", "", "container ID")
+	flags.BoolVar(&containerAwait, "await", false, "block execution until container is removed")
+}

cmd/neofs-cli/modules/container/get.go

@@ -0,0 +1,153 @@
+package container
+
+import (
+	"bytes"
+	"encoding/json"
+	"os"
+	"strings"
+
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	"github.com/nspcc-dev/neofs-sdk-go/acl"
+	"github.com/nspcc-dev/neofs-sdk-go/container"
+	"github.com/nspcc-dev/neofs-sdk-go/policy"
+	"github.com/spf13/cobra"
+)
+
+var (
+	containerID       string
+	containerPathFrom string
+	containerPathTo   string
+	containerJSON     bool
+)
+
+var getContainerInfoCmd = &cobra.Command{
+	Use:   "get",
+	Short: "Get container field info",
+	Long:  `Get container field info`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var cnr *container.Container
+
+		if containerPathFrom != "" {
+			data, err := os.ReadFile(containerPathFrom)
+			common.ExitOnErr(cmd, "can't read file: %w", err)
+
+			cnr = container.New()
+			err = cnr.Unmarshal(data)
+			common.ExitOnErr(cmd, "can't unmarshal container: %w", err)
+		} else {
+			id := parseContainerID(cmd)
+			pk := key.GetOrGenerate(cmd)
+			cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+			var prm internalclient.GetContainerPrm
+			prm.SetClient(cli)
+			prm.SetContainer(id)
+
+			res, err := internalclient.GetContainer(prm)
+			common.ExitOnErr(cmd, "rpc error: %w", err)
+
+			cnr = res.Container()
+		}
+
+		prettyPrintContainer(cmd, cnr, containerJSON)
+
+		if containerPathTo != "" {
+			var (
+				data []byte
+				err  error
+			)
+
+			if containerJSON {
+				data, err = cnr.MarshalJSON()
+				common.ExitOnErr(cmd, "can't JSON encode container: %w", err)
+			} else {
+				data, err = cnr.Marshal()
+				common.ExitOnErr(cmd, "can't binary encode container: %w", err)
+			}
+
+			err = os.WriteFile(containerPathTo, data, 0644)
+			common.ExitOnErr(cmd, "can't write container to file: %w", err)
+		}
+	},
+}
+
+func initContainerInfoCmd() {
+	commonflags.Init(getContainerInfoCmd)
+
+	flags := getContainerInfoCmd.Flags()
+
+	flags.StringVar(&containerID, "cid", "", "container ID")
+	flags.StringVar(&containerPathTo, "to", "", "path to dump encoded container")
+	flags.StringVar(&containerPathFrom, "from", "", "path to file with encoded container")
+	flags.BoolVar(&containerJSON, "json", false, "print or dump container in JSON format")
+}
+
+func prettyPrintContainer(cmd *cobra.Command, cnr *container.Container, jsonEncoding bool) {
+	if cnr == nil {
+		return
+	}
+
+	if jsonEncoding {
+		data, err := cnr.MarshalJSON()
+		if err != nil {
+			common.PrintVerbose("Can't convert container to json: %w", err)
+			return
+		}
+		buf := new(bytes.Buffer)
+		if err := json.Indent(buf, data, "", "  "); err != nil {
+			common.PrintVerbose("Can't pretty print json: %w", err)
+		}
+
+		cmd.Println(buf)
+
+		return
+	}
+
+	id := container.CalculateID(cnr)
+	cmd.Println("container ID:", id)
+
+	v := cnr.Version()
+	cmd.Printf("version: %d.%d\n", v.Major(), v.Minor())
+
+	cmd.Println("owner ID:", cnr.OwnerID())
+
+	basicACL := cnr.BasicACL()
+	prettyPrintBasicACL(cmd, acl.BasicACL(basicACL))
+
+	for _, attribute := range cnr.Attributes() {
+		if attribute.Key() == container.AttributeTimestamp {
+			cmd.Printf("attribute: %s=%s (%s)\n",
+				attribute.Key(),
+				attribute.Value(),
+				common.PrettyPrintUnixTime(attribute.Value()))
+
+			continue
+		}
+
+		cmd.Printf("attribute: %s=%s\n", attribute.Key(), attribute.Value())
+	}
+
+	nonce, err := cnr.NonceUUID()
+	if err == nil {
+		cmd.Println("nonce:", nonce)
+	} else {
+		cmd.Println("invalid nonce:", err)
+	}
+
+	cmd.Println("placement policy:")
+	cmd.Println(strings.Join(policy.Encode(cnr.PlacementPolicy()), "\n"))
+}
+
+func prettyPrintBasicACL(cmd *cobra.Command, basicACL acl.BasicACL) {
+	cmd.Printf("basic ACL: %s", basicACL)
+	for k, v := range wellKnownBasicACL {
+		if v == basicACL {
+			cmd.Printf(" (%s)\n", k)
+			return
+		}
+	}
+	cmd.Println()
+}

cmd/neofs-cli/modules/container/get_eacl.go

@@ -0,0 +1,79 @@
+package container
+
+import (
+	"os"
+
+	"github.com/nspcc-dev/neofs-api-go/v2/refs"
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	"github.com/spf13/cobra"
+)
+
+var getExtendedACLCmd = &cobra.Command{
+	Use:   "get-eacl",
+	Short: "Get extended ACL table of container",
+	Long:  `Get extended ACL talbe of container`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		var eaclPrm internalclient.EACLPrm
+		eaclPrm.SetClient(cli)
+		eaclPrm.SetContainer(id)
+
+		res, err := internalclient.EACL(eaclPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		eaclTable := res.EACL()
+
+		sig := eaclTable.Signature()
+
+		// TODO(@cthulhu-rider): #1387 avoid type conversion
+		var sigV2 refs.Signature
+		sig.WriteToV2(&sigV2)
+
+		if containerPathTo == "" {
+			cmd.Println("eACL: ")
+			common.PrettyPrintJSON(cmd, eaclTable, "eACL")
+
+			var sigV2 refs.Signature
+			sig.WriteToV2(&sigV2)
+
+			cmd.Println("Signature:")
+			common.PrettyPrintJSON(cmd, &sigV2, "signature")
+
+			return
+		}
+
+		var data []byte
+
+		if containerJSON {
+			data, err = eaclTable.MarshalJSON()
+			common.ExitOnErr(cmd, "can't encode to JSON: %w", err)
+		} else {
+			data, err = eaclTable.Marshal()
+			common.ExitOnErr(cmd, "can't encode to binary: %w", err)
+		}
+
+		cmd.Println("dumping data to file:", containerPathTo)
+
+		cmd.Println("Signature:")
+		common.PrettyPrintJSON(cmd, &sigV2, "signature")
+
+		err = os.WriteFile(containerPathTo, data, 0644)
+		common.ExitOnErr(cmd, "could not write eACL to file: %w", err)
+	},
+}
+
+func initContainerGetEACLCmd() {
+	commonflags.Init(getExtendedACLCmd)
+
+	flags := getExtendedACLCmd.Flags()
+
+	flags.StringVar(&containerID, "cid", "", "container ID")
+	flags.StringVar(&containerPathTo, "to", "", "path to dump encoded container (default: binary encoded)")
+	flags.BoolVar(&containerJSON, "json", false, "encode EACL table in json format")
+}

cmd/neofs-cli/modules/container/list.go

@@ -0,0 +1,57 @@
+package container
+
+import (
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+	"github.com/spf13/cobra"
+)
+
+var containerOwner string
+
+var listContainersCmd = &cobra.Command{
+	Use:   "list",
+	Short: "List all created containers",
+	Long:  "List all created containers",
+	Run: func(cmd *cobra.Command, args []string) {
+		var idUser user.ID
+
+		key := key.GetOrGenerate(cmd)
+
+		if containerOwner == "" {
+			user.IDFromKey(&idUser, key.PublicKey)
+		} else {
+			err := idUser.DecodeString(containerOwner)
+			common.ExitOnErr(cmd, "invalid user ID: %w", err)
+		}
+
+		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
+
+		var prm internalclient.ListContainersPrm
+		prm.SetClient(cli)
+		prm.SetAccount(idUser)
+
+		res, err := internalclient.ListContainers(prm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		// print to stdout
+		prettyPrintContainerList(cmd, res.IDList())
+	},
+}
+
+func initContainerListContainersCmd() {
+	commonflags.Init(listContainersCmd)
+
+	flags := listContainersCmd.Flags()
+
+	flags.StringVar(&containerOwner, "owner", "", "owner of containers (omit to use owner from private key)")
+}
+
+func prettyPrintContainerList(cmd *cobra.Command, list []cid.ID) {
+	for i := range list {
+		cmd.Println(list[i].String())
+	}
+}

cmd/neofs-cli/modules/container/list_objects.go

@@ -0,0 +1,49 @@
+package container
+
+import (
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	objectCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/object"
+	sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
+	"github.com/nspcc-dev/neofs-sdk-go/object"
+	"github.com/spf13/cobra"
+)
+
+var listContainerObjectsCmd = &cobra.Command{
+	Use:   "list-objects",
+	Short: "List existing objects in container",
+	Long:  `List existing objects in container`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+
+		filters := new(object.SearchFilters)
+		filters.AddRootFilter() // search only user created objects
+
+		pk := key.GetOrGenerate(cmd)
+
+		var prm internalclient.SearchObjectsPrm
+		sessionCli.Prepare(cmd, id, nil, pk, &prm)
+		objectCli.Prepare(cmd, &prm)
+		prm.SetContainerID(id)
+		prm.SetFilters(*filters)
+
+		res, err := internalclient.SearchObjects(prm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		objectIDs := res.IDList()
+
+		for i := range objectIDs {
+			cmd.Println(objectIDs[i].String())
+		}
+	},
+}
+
+func initContainerListObjectsCmd() {
+	commonflags.Init(listContainerObjectsCmd)
+
+	flags := listContainerObjectsCmd.Flags()
+
+	flags.StringVar(&containerID, "cid", "", "container ID")
+}

cmd/neofs-cli/modules/container/root.go

@@ -0,0 +1,53 @@
+package container
+
+import (
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/spf13/cobra"
+)
+
+// Cmd represents the container command
+var Cmd = &cobra.Command{
+	Use:   "container",
+	Short: "Operations with containers",
+	Long:  "Operations with containers",
+	PersistentPreRun: func(cmd *cobra.Command, args []string) {
+		// bind exactly that cmd's flags to
+		// the viper before execution
+		commonflags.Bind(cmd)
+		commonflags.BindAPI(cmd)
+	},
+}
+
+func init() {
+	containerChildCommand := []*cobra.Command{
+		listContainersCmd,
+		createContainerCmd,
+		deleteContainerCmd,
+		listContainerObjectsCmd,
+		getContainerInfoCmd,
+		getExtendedACLCmd,
+		setExtendedACLCmd,
+	}
+
+	Cmd.AddCommand(containerChildCommand...)
+
+	initContainerListContainersCmd()
+	initContainerCreateCmd()
+	initContainerDeleteCmd()
+	initContainerListObjectsCmd()
+	initContainerInfoCmd()
+	initContainerGetEACLCmd()
+	initContainerSetEACLCmd()
+
+	for _, containerCommand := range containerChildCommand {
+		commonflags.InitAPI(containerCommand)
+	}
+
+	for _, cmd := range []*cobra.Command{
+		createContainerCmd,
+		deleteContainerCmd,
+		setExtendedACLCmd,
+	} {
+		commonflags.InitSession(cmd)
+	}
+}

cmd/neofs-cli/modules/container/set_eacl.go

@@ -0,0 +1,87 @@
+package container
+
+import (
+	"bytes"
+	"time"
+
+	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
+	"github.com/nspcc-dev/neofs-sdk-go/session"
+	"github.com/spf13/cobra"
+)
+
+var eaclPathFrom string
+
+var setExtendedACLCmd = &cobra.Command{
+	Use:   "set-eacl",
+	Short: "Set new extended ACL table for container",
+	Long: `Set new extended ACL table for container.
+Container ID in EACL table will be substituted with ID from the CLI.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		id := parseContainerID(cmd)
+		eaclTable := common.ReadEACL(cmd, eaclPathFrom)
+
+		var tok *session.Container
+
+		sessionTokenPath, _ := cmd.Flags().GetString(commonflags.SessionToken)
+		if sessionTokenPath != "" {
+			tok = new(session.Container)
+			common.ReadSessionToken(cmd, tok, sessionTokenPath)
+		}
+
+		eaclTable.SetCID(id)
+		eaclTable.SetSessionToken(tok)
+
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		var setEACLPrm internalclient.SetEACLPrm
+		setEACLPrm.SetClient(cli)
+		setEACLPrm.SetTable(*eaclTable)
+
+		_, err := internalclient.SetEACL(setEACLPrm)
+		common.ExitOnErr(cmd, "rpc error: %w", err)
+
+		if containerAwait {
+			exp, err := eaclTable.Marshal()
+			common.ExitOnErr(cmd, "broken EACL table: %w", err)
+
+			cmd.Println("awaiting...")
+
+			var getEACLPrm internalclient.EACLPrm
+			getEACLPrm.SetClient(cli)
+			getEACLPrm.SetContainer(id)
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				res, err := internalclient.EACL(getEACLPrm)
+				if err == nil {
+					// compare binary values because EACL could have been set already
+					got, err := res.EACL().Marshal()
+					if err != nil {
+						continue
+					}
+
+					if bytes.Equal(exp, got) {
+						cmd.Println("EACL has been persisted on sidechain")
+						return
+					}
+				}
+			}
+
+			common.ExitOnErr(cmd, "", errSetEACLTimeout)
+		}
+	},
+}
+
+func initContainerSetEACLCmd() {
+	commonflags.Init(setExtendedACLCmd)
+
+	flags := setExtendedACLCmd.Flags()
+	flags.StringVar(&containerID, "cid", "", "container ID")
+	flags.StringVar(&eaclPathFrom, "table", "", "path to file with JSON or binary encoded EACL table")
+	flags.BoolVar(&containerAwait, "await", false, "block execution until EACL is persisted")
+}

cmd/neofs-cli/modules/container/util.go

@@ -0,0 +1,32 @@
+package container
+
+import (
+	"errors"
+
+	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
+	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
+	"github.com/spf13/cobra"
+)
+
+const (
+	attributeDelimiter = "="
+
+	awaitTimeout = 120 // in seconds
+)
+
+var (
+	errCreateTimeout  = errors.New("timeout: container has not been persisted on sidechain")
+	errDeleteTimeout  = errors.New("timeout: container has not been removed from sidechain")
+	errSetEACLTimeout = errors.New("timeout: EACL has not been persisted on sidechain")
+)
+
+func parseContainerID(cmd *cobra.Command) cid.ID {
+	if containerID == "" {
+		common.ExitOnErr(cmd, "", errors.New("container ID is not set"))
+	}
+
+	var id cid.ID
+	err := id.DecodeString(containerID)
+	common.ExitOnErr(cmd, "can't decode container ID value: %w", err)
+	return id
+}

cmd/neofs-cli/modules/root.go

@@ -5,13 +5,12 @@ import (
 	"path/filepath"
 
 	"github.com/mitchellh/go-homedir"
-	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
-	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/key"
 	accountingCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/accounting"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/acl"
 	bearerCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/bearer"
+	containerCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/container"
 	controlCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/control"
 	netmapCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/netmap"
 	objectCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/object"
@@ -20,7 +19,6 @@ import (
 	utilCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/util"
 	"github.com/nspcc-dev/neofs-node/misc"
 	"github.com/nspcc-dev/neofs-node/pkg/util/gendoc"
-	"github.com/nspcc-dev/neofs-sdk-go/client"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -82,6 +80,7 @@ func init() {
 	rootCmd.AddCommand(netmapCli.Cmd)
 	rootCmd.AddCommand(objectCli.Cmd)
 	rootCmd.AddCommand(sgCli.Cmd)
+	rootCmd.AddCommand(containerCli.Cmd)
 	rootCmd.AddCommand(gendoc.Command(rootCmd))
 }
 
@@ -125,17 +124,3 @@ func initConfig() {
 		common.PrintVerbose("Using config file: %s", viper.ConfigFileUsed())
 	}
 }
-
-type clientWithKey interface {
-	SetClient(*client.Client)
-}
-
-// reads private key from command args and call prepareAPIClientWithKey with it.
-func prepareAPIClient(cmd *cobra.Command, dst ...clientWithKey) {
-	p := key.GetOrGenerate(cmd)
-	cli := internalclient.GetSDKClientByFlag(cmd, p, commonflags.RPC)
-
-	for _, d := range dst {
-		d.SetClient(cli)
-	}
-}