[#371] Support recent changes in NeoFS API protocol

Support:
  * new status codes (object, container, session);
  * object `Lock` message;
  * different signature schemes.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>

accounting/grpc/service.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: accounting/grpc/service.proto
 
 package accounting

accounting/grpc/service_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.19.4
+// source: accounting/grpc/service.proto
 
 package accounting
 

accounting/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: accounting/grpc/types.proto
 
 package accounting

acl/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: acl/grpc/types.proto
 
 package acl

audit/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: audit/grpc/types.proto
 
 package audit

container/grpc/service.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: container/grpc/service.proto
 
 package container
@@ -1016,7 +1016,8 @@ type PutRequest_Body struct {
 
 	// Container structure to register in NeoFS
 	Container *Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"`
-	// Signature of a stable-marshalled container according to RFC-6979
+	// Signature of a stable-marshalled container according to RFC-6979.
+	// Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256.
 	Signature *grpc1.Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
 }
 
@@ -1128,7 +1129,8 @@ type DeleteRequest_Body struct {
 
 	// Identifier of the container to delete from NeoFS
 	ContainerId *grpc1.ContainerID `protobuf:"bytes,1,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"`
-	// `ContainerID` signed with the container owner's key according to RFC-6979
+	// `ContainerID` signed with the container owner's key according to RFC-6979.
+	// Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256.
 	Signature *grpc1.Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
 }
 
@@ -1276,7 +1278,8 @@ type GetResponse_Body struct {
 
 	// Requested container structure
 	Container *Container `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"`
-	// Signature of a stable-marshalled container according to RFC-6979
+	// Signature of a stable-marshalled container according to RFC-6979.
+	// Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256.
 	Signature *grpc1.Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
 	// Session token if the container was created within a session
 	SessionToken *grpc.SessionToken `protobuf:"bytes,3,opt,name=session_token,json=sessionToken,proto3" json:"session_token,omitempty"`
@@ -1442,7 +1445,8 @@ type SetExtendedACLRequest_Body struct {
 
 	// Extended ACL table to set for container
 	Eacl *grpc2.EACLTable `protobuf:"bytes,1,opt,name=eacl,proto3" json:"eacl,omitempty"`
-	// Signature of stable-marshalled Extended ACL table according to RFC-6979
+	// Signature of stable-marshalled Extended ACL table according to RFC-6979.
+	// Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256.
 	Signature *grpc1.Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
 }
 
@@ -1592,7 +1596,8 @@ type GetExtendedACLResponse_Body struct {
 
 	// Extended ACL requested, if available
 	Eacl *grpc2.EACLTable `protobuf:"bytes,1,opt,name=eacl,proto3" json:"eacl,omitempty"`
-	// Signature of stable-marshalled Extended ACL according to RFC-6979
+	// Signature of stable-marshalled Extended ACL according to RFC-6979.
+	// Signature scheme must be either UNSPECIFIED or ECDSA_RFC6979_SHA256.
 	Signature *grpc1.Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
 	// Session token if Extended ACL was set within a session
 	SessionToken *grpc.SessionToken `protobuf:"bytes,3,opt,name=session_token,json=sessionToken,proto3" json:"session_token,omitempty"`

container/grpc/service_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.19.4
+// source: container/grpc/service.proto
 
 package container
 
@@ -24,8 +28,8 @@ type ContainerServiceClient interface {
 	// is added into smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// request to save the container has been sent to the sidechain;
+	//   request to save the container has been sent to the sidechain;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	Put(ctx context.Context, in *PutRequest, opts ...grpc.CallOption) (*PutResponse, error)
 	// `Delete` invokes `Container` smart contract's `Delete` method and returns
@@ -34,22 +38,24 @@ type ContainerServiceClient interface {
 	// is added into smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// request to remove the container has been sent to the sidechain;
+	//   request to remove the container has been sent to the sidechain;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error)
 	// Returns container structure from `Container` smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// container has been successfully read;
+	//   container has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   requested container not found.
 	Get(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (*GetResponse, error)
 	// Returns all owner's containers from 'Container` smart contract' storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// container list has been successfully read;
+	//   container list has been successfully read;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error)
 	// Invokes 'SetEACL' method of 'Container` smart contract and returns response
@@ -57,23 +63,25 @@ type ContainerServiceClient interface {
 	// added into smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// request to save container eACL has been sent to the sidechain;
+	//   request to save container eACL has been sent to the sidechain;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	SetExtendedACL(ctx context.Context, in *SetExtendedACLRequest, opts ...grpc.CallOption) (*SetExtendedACLResponse, error)
 	// Returns Extended ACL table and signature from `Container` smart contract
 	// storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// container eACL has been successfully read;
+	//   container eACL has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   container not found.
 	GetExtendedACL(ctx context.Context, in *GetExtendedACLRequest, opts ...grpc.CallOption) (*GetExtendedACLResponse, error)
 	// Announce container used space values for P2P synchronization.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// estimation of used space has been successfully announced;
+	//   estimation of used space has been successfully announced;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	AnnounceUsedSpace(ctx context.Context, in *AnnounceUsedSpaceRequest, opts ...grpc.CallOption) (*AnnounceUsedSpaceResponse, error)
 }
@@ -159,8 +167,8 @@ type ContainerServiceServer interface {
 	// is added into smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// request to save the container has been sent to the sidechain;
+	//   request to save the container has been sent to the sidechain;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	Put(context.Context, *PutRequest) (*PutResponse, error)
 	// `Delete` invokes `Container` smart contract's `Delete` method and returns
@@ -169,22 +177,24 @@ type ContainerServiceServer interface {
 	// is added into smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// request to remove the container has been sent to the sidechain;
+	//   request to remove the container has been sent to the sidechain;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	Delete(context.Context, *DeleteRequest) (*DeleteResponse, error)
 	// Returns container structure from `Container` smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// container has been successfully read;
+	//   container has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   requested container not found.
 	Get(context.Context, *GetRequest) (*GetResponse, error)
 	// Returns all owner's containers from 'Container` smart contract' storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// container list has been successfully read;
+	//   container list has been successfully read;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	List(context.Context, *ListRequest) (*ListResponse, error)
 	// Invokes 'SetEACL' method of 'Container` smart contract and returns response
@@ -192,23 +202,25 @@ type ContainerServiceServer interface {
 	// added into smart contract storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// request to save container eACL has been sent to the sidechain;
+	//   request to save container eACL has been sent to the sidechain;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	SetExtendedACL(context.Context, *SetExtendedACLRequest) (*SetExtendedACLResponse, error)
 	// Returns Extended ACL table and signature from `Container` smart contract
 	// storage.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// container eACL has been successfully read;
+	//   container eACL has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   container not found.
 	GetExtendedACL(context.Context, *GetExtendedACLRequest) (*GetExtendedACLResponse, error)
 	// Announce container used space values for P2P synchronization.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// estimation of used space has been successfully announced;
+	//   estimation of used space has been successfully announced;
 	// - Common failures (SECTION_FAILURE_COMMON).
 	AnnounceUsedSpace(context.Context, *AnnounceUsedSpaceRequest) (*AnnounceUsedSpaceResponse, error)
 }

container/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: container/grpc/types.proto
 
 package container

container/status.go

@@ -0,0 +1,28 @@
+package container
+
+import (
+	"github.com/nspcc-dev/neofs-api-go/v2/status"
+	statusgrpc "github.com/nspcc-dev/neofs-api-go/v2/status/grpc"
+)
+
+// LocalizeFailStatus checks if passed global status.Code is related to container failure and:
+//   then localizes the code and returns true,
+//   else leaves the code unchanged and returns false.
+//
+// Arg must not be nil.
+func LocalizeFailStatus(c *status.Code) bool {
+	return status.LocalizeIfInSection(c, uint32(statusgrpc.Section_SECTION_CONTAINER))
+}
+
+// GlobalizeFail globalizes local code of container failure.
+//
+// Arg must not be nil.
+func GlobalizeFail(c *status.Code) {
+	c.GlobalizeSection(uint32(statusgrpc.Section_SECTION_CONTAINER))
+}
+
+const (
+	// StatusNotFound is a local status.Code value for
+	// CONTAINER_NOT_FOUND container failure.
+	StatusNotFound status.Code = iota
+)

container/status_test.go

@@ -0,0 +1,14 @@
+package container_test
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neofs-api-go/v2/container"
+	statustest "github.com/nspcc-dev/neofs-api-go/v2/status/test"
+)
+
+func TestStatusCodes(t *testing.T) {
+	statustest.TestCodes(t, container.LocalizeFailStatus, container.GlobalizeFail,
+		container.StatusNotFound, 3072,
+	)
+}

lock/grpc/types.go

@@ -0,0 +1,8 @@
+package lock
+
+import refs "github.com/nspcc-dev/neofs-api-go/v2/refs/grpc"
+
+// SetMembers sets `members` field.
+func (x *Lock) SetMembers(ids []*refs.ObjectID) {
+	x.Members = ids
+}

lock/grpc/types.pb.go

@@ -0,0 +1,158 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.4
+// source: lock/grpc/types.proto
+
+package lock
+
+import (
+	grpc "github.com/nspcc-dev/neofs-api-go/v2/refs/grpc"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Lock objects protects a list of objects from being deleted. Lifetime of the
+// lock object is limited similar to regular objects in
+// `__NEOFS__EXPIRATION_EPOCH` attribute.
+type Lock struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// List of objects to lock. Must not be empty or carry empty IDs.
+	// All members must be of the `REGULAR` type.
+	Members []*grpc.ObjectID `protobuf:"bytes,1,rep,name=members,proto3" json:"members,omitempty"`
+}
+
+func (x *Lock) Reset() {
+	*x = Lock{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_lock_grpc_types_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Lock) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Lock) ProtoMessage() {}
+
+func (x *Lock) ProtoReflect() protoreflect.Message {
+	mi := &file_lock_grpc_types_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Lock.ProtoReflect.Descriptor instead.
+func (*Lock) Descriptor() ([]byte, []int) {
+	return file_lock_grpc_types_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Lock) GetMembers() []*grpc.ObjectID {
+	if x != nil {
+		return x.Members
+	}
+	return nil
+}
+
+var File_lock_grpc_types_proto protoreflect.FileDescriptor
+
+var file_lock_grpc_types_proto_rawDesc = []byte{
+	0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x6b, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x74, 0x79, 0x70, 0x65,
+	0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x6e, 0x65, 0x6f, 0x2e, 0x66, 0x73, 0x2e,
+	0x76, 0x32, 0x2e, 0x6c, 0x6f, 0x63, 0x6b, 0x1a, 0x15, 0x72, 0x65, 0x66, 0x73, 0x2f, 0x67, 0x72,
+	0x70, 0x63, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x3a,
+	0x0a, 0x04, 0x4c, 0x6f, 0x63, 0x6b, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72,
+	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6e, 0x65, 0x6f, 0x2e, 0x66, 0x73,
+	0x2e, 0x76, 0x32, 0x2e, 0x72, 0x65, 0x66, 0x73, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49,
+	0x44, 0x52, 0x07, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x73, 0x42, 0x50, 0x5a, 0x33, 0x67, 0x69,
+	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x73, 0x70, 0x63, 0x63, 0x2d, 0x64,
+	0x65, 0x76, 0x2f, 0x6e, 0x65, 0x6f, 0x66, 0x73, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x67, 0x6f, 0x2f,
+	0x76, 0x32, 0x2f, 0x6c, 0x6f, 0x63, 0x6b, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x3b, 0x6c, 0x6f, 0x63,
+	0x6b, 0xaa, 0x02, 0x18, 0x4e, 0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x6f, 0x72,
+	0x61, 0x67, 0x65, 0x2e, 0x41, 0x50, 0x49, 0x2e, 0x4c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_lock_grpc_types_proto_rawDescOnce sync.Once
+	file_lock_grpc_types_proto_rawDescData = file_lock_grpc_types_proto_rawDesc
+)
+
+func file_lock_grpc_types_proto_rawDescGZIP() []byte {
+	file_lock_grpc_types_proto_rawDescOnce.Do(func() {
+		file_lock_grpc_types_proto_rawDescData = protoimpl.X.CompressGZIP(file_lock_grpc_types_proto_rawDescData)
+	})
+	return file_lock_grpc_types_proto_rawDescData
+}
+
+var file_lock_grpc_types_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_lock_grpc_types_proto_goTypes = []interface{}{
+	(*Lock)(nil),          // 0: neo.fs.v2.lock.Lock
+	(*grpc.ObjectID)(nil), // 1: neo.fs.v2.refs.ObjectID
+}
+var file_lock_grpc_types_proto_depIdxs = []int32{
+	1, // 0: neo.fs.v2.lock.Lock.members:type_name -> neo.fs.v2.refs.ObjectID
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_lock_grpc_types_proto_init() }
+func file_lock_grpc_types_proto_init() {
+	if File_lock_grpc_types_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_lock_grpc_types_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Lock); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_lock_grpc_types_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_lock_grpc_types_proto_goTypes,
+		DependencyIndexes: file_lock_grpc_types_proto_depIdxs,
+		MessageInfos:      file_lock_grpc_types_proto_msgTypes,
+	}.Build()
+	File_lock_grpc_types_proto = out.File
+	file_lock_grpc_types_proto_rawDesc = nil
+	file_lock_grpc_types_proto_goTypes = nil
+	file_lock_grpc_types_proto_depIdxs = nil
+}

netmap/grpc/service.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: netmap/grpc/service.proto
 
 package netmap

netmap/grpc/service_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.19.4
+// source: netmap/grpc/service.proto
 
 package netmap
 

netmap/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: netmap/grpc/types.proto
 
 package netmap

object/grpc/service.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: object/grpc/service.proto
 
 package object

object/grpc/service_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.19.4
+// source: object/grpc/service.proto
 
 package object
 
@@ -26,9 +30,19 @@ type ObjectServiceClient interface {
 	// keeping receiving order.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object has been successfully read;
+	//   object has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   read access to the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired;
+	// - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
+	//   the requested object has been marked as deleted.
 	Get(ctx context.Context, in *GetRequest, opts ...grpc.CallOption) (ObjectService_GetClient, error)
 	// Put the object into container. Request uses gRPC stream. First message
 	// SHOULD be of PutHeader type. `ContainerID` and `OwnerID` of an object
@@ -38,35 +52,74 @@ type ObjectServiceClient interface {
 	// Chunk messages SHOULD be sent in direct order of fragmentation.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object has been successfully saved in the container;
+	//   object has been successfully saved in the container;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **LOCKED** (2050, SECTION_OBJECT): \
+	//   placement of an object of type TOMBSTONE that includes at least one locked
+	//   object is prohibited;
+	// - **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \
+	//   placement of an object of type LOCK that includes at least one object of
+	//   type other than REGULAR is prohibited;
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object storage container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   write access to the container is denied;
+	// - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
+	//   (for trusted object preparation) session private key does not exist or has
+	// been deleted;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	Put(ctx context.Context, opts ...grpc.CallOption) (ObjectService_PutClient, error)
 	// Delete the object from a container. There is no immediate removal
 	// guarantee. Object will be marked for removal and deleted eventually.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object has been successfully marked to be removed from the container;
+	//   object has been successfully marked to be removed from the container;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **LOCKED** (2050, SECTION_OBJECT): \
+	//   deleting a locked object is prohibited;
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   delete access to the object is denied;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error)
 	// Returns the object Headers without data payload. By default full header is
 	// returned. If `main_only` request field is set, the short header with only
 	// the very minimal information would be returned instead.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object header has been successfully read;
+	//   object header has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation HEAD of the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired;
+	// - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
+	//   the requested object has been marked as deleted.
 	Head(ctx context.Context, in *HeadRequest, opts ...grpc.CallOption) (*HeadResponse, error)
 	// Search objects in container. Search query allows to match by Object
 	// Header's filed values. Please see the corresponding NeoFS Technical
 	// Specification section for more details.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// objects have been successfully selected;
+	//   objects have been successfully selected;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   search container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation SEARCH of the object is denied;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	Search(ctx context.Context, in *SearchRequest, opts ...grpc.CallOption) (ObjectService_SearchClient, error)
 	// Get byte range of data payload. Range is set as an (offset, length) tuple.
 	// Like in `Get` method, the response uses gRPC stream. Requested range can be
@@ -74,9 +127,19 @@ type ObjectServiceClient interface {
 	// order.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// data range of the object payload has been successfully read;
+	//   data range of the object payload has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation RANGE of the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired;
+	// - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
+	//   the requested object has been marked as deleted.
 	GetRange(ctx context.Context, in *GetRangeRequest, opts ...grpc.CallOption) (ObjectService_GetRangeClient, error)
 	// Returns homomorphic or regular hash of object's payload range after
 	// applying XOR operation with the provided `salt`. Ranges are set of (offset,
@@ -84,9 +147,17 @@ type ObjectServiceClient interface {
 	// request. Note that hash is calculated for XORed data.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// data range of the object payload has been successfully hashed;
+	//   data range of the object payload has been successfully hashed;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation RANGEHASH of the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	GetRangeHash(ctx context.Context, in *GetRangeHashRequest, opts ...grpc.CallOption) (*GetRangeHashResponse, error)
 }
 
@@ -267,9 +338,19 @@ type ObjectServiceServer interface {
 	// keeping receiving order.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object has been successfully read;
+	//   object has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   read access to the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired;
+	// - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
+	//   the requested object has been marked as deleted.
 	Get(*GetRequest, ObjectService_GetServer) error
 	// Put the object into container. Request uses gRPC stream. First message
 	// SHOULD be of PutHeader type. `ContainerID` and `OwnerID` of an object
@@ -279,35 +360,74 @@ type ObjectServiceServer interface {
 	// Chunk messages SHOULD be sent in direct order of fragmentation.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object has been successfully saved in the container;
+	//   object has been successfully saved in the container;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **LOCKED** (2050, SECTION_OBJECT): \
+	//   placement of an object of type TOMBSTONE that includes at least one locked
+	//   object is prohibited;
+	// - **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \
+	//   placement of an object of type LOCK that includes at least one object of
+	//   type other than REGULAR is prohibited;
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object storage container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   write access to the container is denied;
+	// - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
+	//   (for trusted object preparation) session private key does not exist or has
+	// been deleted;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	Put(ObjectService_PutServer) error
 	// Delete the object from a container. There is no immediate removal
 	// guarantee. Object will be marked for removal and deleted eventually.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object has been successfully marked to be removed from the container;
+	//   object has been successfully marked to be removed from the container;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **LOCKED** (2050, SECTION_OBJECT): \
+	//   deleting a locked object is prohibited;
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   delete access to the object is denied;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	Delete(context.Context, *DeleteRequest) (*DeleteResponse, error)
 	// Returns the object Headers without data payload. By default full header is
 	// returned. If `main_only` request field is set, the short header with only
 	// the very minimal information would be returned instead.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// object header has been successfully read;
+	//   object header has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation HEAD of the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired;
+	// - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
+	//   the requested object has been marked as deleted.
 	Head(context.Context, *HeadRequest) (*HeadResponse, error)
 	// Search objects in container. Search query allows to match by Object
 	// Header's filed values. Please see the corresponding NeoFS Technical
 	// Specification section for more details.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// objects have been successfully selected;
+	//   objects have been successfully selected;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   search container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation SEARCH of the object is denied;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	Search(*SearchRequest, ObjectService_SearchServer) error
 	// Get byte range of data payload. Range is set as an (offset, length) tuple.
 	// Like in `Get` method, the response uses gRPC stream. Requested range can be
@@ -315,9 +435,19 @@ type ObjectServiceServer interface {
 	// order.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// data range of the object payload has been successfully read;
+	//   data range of the object payload has been successfully read;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation RANGE of the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired;
+	// - **OBJECT_ALREADY_REMOVED** (2052, SECTION_OBJECT): \
+	//   the requested object has been marked as deleted.
 	GetRange(*GetRangeRequest, ObjectService_GetRangeServer) error
 	// Returns homomorphic or regular hash of object's payload range after
 	// applying XOR operation with the provided `salt`. Ranges are set of (offset,
@@ -325,9 +455,17 @@ type ObjectServiceServer interface {
 	// request. Note that hash is calculated for XORed data.
 	//
 	// Statuses:
-	// - **OK** (0, SECTION_SUCCESS):
+	// - **OK** (0, SECTION_SUCCESS): \
-	// data range of the object payload has been successfully hashed;
+	//   data range of the object payload has been successfully hashed;
-	// - Common failures (SECTION_FAILURE_COMMON).
+	// - Common failures (SECTION_FAILURE_COMMON);
+	// - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
+	//   object container not found;
+	// - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
+	//   access to operation RANGEHASH of the object is denied;
+	// - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
+	//   object not found in container;
+	// - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
+	//   provided session token has expired.
 	GetRangeHash(context.Context, *GetRangeHashRequest) (*GetRangeHashResponse, error)
 }
 

object/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: object/grpc/types.proto
 
 package object
@@ -23,13 +23,14 @@ const (
 )
 
 // Type of the object payload content. Only `REGULAR` type objects can be split,
-// hence `TOMBSTONE` and `STORAGE_GROUP` payload is limited by maximal object
+// hence `TOMBSTONE`, `STORAGE_GROUP` and `LOCK` payload is limited by maximal
-// size.
+// object size.
 //
 // String presentation of object type is the same as definition:
 // * REGULAR
 // * TOMBSTONE
 // * STORAGE_GROUP
+// * LOCK
 type ObjectType int32
 
 const (
@@ -39,6 +40,8 @@ const (
 	ObjectType_TOMBSTONE ObjectType = 1
 	// StorageGroup information
 	ObjectType_STORAGE_GROUP ObjectType = 2
+	// Object lock
+	ObjectType_LOCK ObjectType = 3
 )
 
 // Enum value maps for ObjectType.
@@ -47,11 +50,13 @@ var (
 		0: "REGULAR",
 		1: "TOMBSTONE",
 		2: "STORAGE_GROUP",
+		3: "LOCK",
 	}
 	ObjectType_value = map[string]int32{
 		"REGULAR":       0,
 		"TOMBSTONE":     1,
 		"STORAGE_GROUP": 2,
+		"LOCK":          3,
 	}
 )
 
@@ -393,6 +398,9 @@ func (x *Header) GetSplit() *Header_Split {
 // Object structure. Object is immutable and content-addressed. It means
 // `ObjectID` will change if header or payload changes. It's calculated as a
 // hash of header field, which contains hash of object's payload.
+//
+// For non-regular object types payload format depends on object type specified
+// in the header.
 type Object struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -555,6 +563,13 @@ func (x *SplitInfo) GetLink() *grpc.ObjectID {
 //   Marks smaller parts of a split bigger object
 // * __NEOFS__EXPIRATION_EPOCH \
 //   Tells GC to delete object after that epoch
+// * __NEOFS__TICK_EPOCH \
+//   Decimal number that defines what epoch must produce
+//   object notification with UTF-8 object address in a
+//   body (`0` value produces notification right after
+//   object put)
+// * __NEOFS__TICK_TOPIC \
+//   UTF-8 string topic ID that is used for object notification
 //
 // And some well-known attributes used by applications only:
 //
@@ -843,24 +858,25 @@ var file_object_grpc_types_proto_rawDesc = []byte{
 	0x61, 0x73, 0x74, 0x50, 0x61, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18,
 	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6e, 0x65, 0x6f, 0x2e, 0x66, 0x73, 0x2e, 0x76,
 	0x32, 0x2e, 0x72, 0x65, 0x66, 0x73, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x44, 0x52,
-	0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x2a, 0x3b, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54,
+	0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x2a, 0x45, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54,
 	0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x47, 0x55, 0x4c, 0x41, 0x52, 0x10, 0x00,
 	0x12, 0x0d, 0x0a, 0x09, 0x54, 0x4f, 0x4d, 0x42, 0x53, 0x54, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12,
 	0x11, 0x0a, 0x0d, 0x53, 0x54, 0x4f, 0x52, 0x41, 0x47, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50,
-	0x10, 0x02, 0x2a, 0x73, 0x0a, 0x09, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x4c, 0x4f, 0x43, 0x4b, 0x10, 0x03, 0x2a, 0x73, 0x0a, 0x09,
-	0x1a, 0x0a, 0x16, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e,
+	0x4d, 0x61, 0x74, 0x63, 0x68, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x41, 0x54,
-	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x53,
+	0x43, 0x48, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
-	0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x45, 0x51, 0x55, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x14, 0x0a,
+	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f,
-	0x10, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x51, 0x55, 0x41,
+	0x45, 0x51, 0x55, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x54, 0x52, 0x49, 0x4e,
-	0x4c, 0x10, 0x02, 0x12, 0x0f, 0x0a, 0x0b, 0x4e, 0x4f, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45,
+	0x47, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x51, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x0f, 0x0a,
-	0x4e, 0x54, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x4f, 0x4d, 0x4d, 0x4f, 0x4e, 0x5f, 0x50,
+	0x0b, 0x4e, 0x4f, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x54, 0x10, 0x03, 0x12, 0x11,
-	0x52, 0x45, 0x46, 0x49, 0x58, 0x10, 0x04, 0x42, 0x56, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75,
+	0x0a, 0x0d, 0x43, 0x4f, 0x4d, 0x4d, 0x4f, 0x4e, 0x5f, 0x50, 0x52, 0x45, 0x46, 0x49, 0x58, 0x10,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x73, 0x70, 0x63, 0x63, 0x2d, 0x64, 0x65, 0x76, 0x2f,
+	0x04, 0x42, 0x56, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x6e, 0x65, 0x6f, 0x66, 0x73, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f,
+	0x6e, 0x73, 0x70, 0x63, 0x63, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x6e, 0x65, 0x6f, 0x66, 0x73, 0x2d,
-	0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x3b, 0x6f, 0x62, 0x6a, 0x65,
+	0x61, 0x70, 0x69, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74,
-	0x63, 0x74, 0xaa, 0x02, 0x1a, 0x4e, 0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x6f,
+	0x2f, 0x67, 0x72, 0x70, 0x63, 0x3b, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0xaa, 0x02, 0x1a, 0x4e,
-	0x72, 0x61, 0x67, 0x65, 0x2e, 0x41, 0x50, 0x49, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x62,
+	0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x2e, 0x41,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x50, 0x49, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (

object/lock.go

@@ -0,0 +1,170 @@
+package object
+
+import (
+	"errors"
+	"fmt"
+
+	lock "github.com/nspcc-dev/neofs-api-go/v2/lock/grpc"
+	"github.com/nspcc-dev/neofs-api-go/v2/refs"
+	refsGRPC "github.com/nspcc-dev/neofs-api-go/v2/refs/grpc"
+	"github.com/nspcc-dev/neofs-api-go/v2/rpc/grpc"
+	"github.com/nspcc-dev/neofs-api-go/v2/rpc/message"
+	"github.com/nspcc-dev/neofs-api-go/v2/util/proto"
+)
+
+// Lock represents object Lock message from NeoFS API V2 protocol.
+type Lock struct {
+	members []refs.ObjectID
+}
+
+// NumberOfMembers returns length of lock list.
+func (x *Lock) NumberOfMembers() int {
+	if x != nil {
+		return len(x.members)
+	}
+
+	return 0
+}
+
+// IterateMembers passes members of the lock list to f.
+func (x *Lock) IterateMembers(f func(refs.ObjectID)) {
+	if x != nil {
+		for i := range x.members {
+			f(x.members[i])
+		}
+	}
+}
+
+// SetMembers sets list of locked members.
+// Arg must not be mutated for the duration of the Lock.
+func (x *Lock) SetMembers(ids []refs.ObjectID) {
+	x.members = ids
+}
+
+const (
+	_ = iota
+	fNumLockMembers
+)
+
+// StableMarshal encodes the Lock into Protocol Buffers binary format
+// with direct field order.
+func (x *Lock) StableMarshal(buf []byte) ([]byte, error) {
+	if x == nil || len(x.members) == 0 {
+		return []byte{}, nil
+	}
+
+	if buf == nil {
+		buf = make([]byte, x.StableSize())
+	}
+
+	var offset, n int
+	var err error
+
+	for i := range x.members {
+		n, err = proto.NestedStructureMarshal(fNumLockMembers, buf[offset:], &x.members[i])
+		if err != nil {
+			return nil, err
+		}
+
+		offset += n
+	}
+
+	return buf, nil
+}
+
+// StableSize size of the buffer required to write the Lock in Protocol Buffers
+// binary format.
+func (x *Lock) StableSize() (sz int) {
+	if x != nil {
+		for i := range x.members {
+			sz += proto.NestedStructureSize(fNumLockMembers, &x.members[i])
+		}
+	}
+
+	return
+}
+
+// Unmarshal decodes the Lock from its Protocol Buffers binary format.
+func (x *Lock) Unmarshal(data []byte) error {
+	return message.Unmarshal(x, data, new(lock.Lock))
+}
+
+func (x *Lock) ToGRPCMessage() grpc.Message {
+	var m *lock.Lock
+
+	if x != nil {
+		m = new(lock.Lock)
+
+		var members []*refsGRPC.ObjectID
+
+		if x.members != nil {
+			members = make([]*refsGRPC.ObjectID, len(x.members))
+
+			for i := range x.members {
+				members[i] = x.members[i].ToGRPCMessage().(*refsGRPC.ObjectID)
+			}
+		}
+
+		m.SetMembers(members)
+	}
+
+	return m
+}
+
+func (x *Lock) FromGRPCMessage(m grpc.Message) error {
+	v, ok := m.(*lock.Lock)
+	if !ok {
+		return message.NewUnexpectedMessageType(m, v)
+	}
+
+	members := v.GetMembers()
+	if members == nil {
+		x.members = nil
+	} else {
+		x.members = make([]refs.ObjectID, len(members))
+		var err error
+
+		for i := range x.members {
+			err = x.members[i].FromGRPCMessage(members[i])
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// WriteLock writes Lock to the Object as a payload content.
+// The object must not be nil.
+func WriteLock(obj *Object, lock Lock) {
+	hdr := obj.GetHeader()
+	if hdr == nil {
+		hdr = new(Header)
+		obj.SetHeader(hdr)
+	}
+
+	hdr.SetObjectType(TypeLock)
+
+	payload, err := lock.StableMarshal(nil)
+	if err != nil {
+		panic(fmt.Sprintf("encode lock content: %v", err))
+	}
+
+	obj.SetPayload(payload)
+}
+
+// ReadLock reads Lock from the Object payload content.
+func ReadLock(lock *Lock, obj Object) error {
+	payload := obj.GetPayload()
+	if len(payload) == 0 {
+		return errors.New("empty payload")
+	}
+
+	err := lock.Unmarshal(payload)
+	if err != nil {
+		return fmt.Errorf("decode lock content from payload: %w", err)
+	}
+
+	return nil
+}

object/lock_test.go

@@ -0,0 +1,26 @@
+package object_test
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neofs-api-go/v2/object"
+	objecttest "github.com/nspcc-dev/neofs-api-go/v2/object/test"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLockRW(t *testing.T) {
+	var l object.Lock
+	var obj object.Object
+
+	require.Error(t, object.ReadLock(&l, obj))
+
+	l = *objecttest.GenerateLock(false)
+
+	object.WriteLock(&obj, l)
+
+	var l2 object.Lock
+
+	require.NoError(t, object.ReadLock(&l2, obj))
+
+	require.Equal(t, l, l2)
+}

object/message_test.go

@@ -50,5 +50,6 @@ func TestMessageConvert(t *testing.T) {
 		func(empty bool) message.Message { return objecttest.GenerateGetRangeHashRequest(empty) },
 		func(empty bool) message.Message { return objecttest.GenerateGetRangeHashResponseBody(empty) },
 		func(empty bool) message.Message { return objecttest.GenerateGetRangeHashResponse(empty) },
+		func(empty bool) message.Message { return objecttest.GenerateLock(empty) },
 	)
 }

object/status.go

@@ -0,0 +1,87 @@
+package object
+
+import (
+	"github.com/nspcc-dev/neofs-api-go/v2/status"
+	statusgrpc "github.com/nspcc-dev/neofs-api-go/v2/status/grpc"
+)
+
+// LocalizeFailStatus checks if passed global status.Code is related to object failure and:
+//   then localizes the code and returns true,
+//   else leaves the code unchanged and returns false.
+//
+// Arg must not be nil.
+func LocalizeFailStatus(c *status.Code) bool {
+	return status.LocalizeIfInSection(c, uint32(statusgrpc.Section_SECTION_OBJECT))
+}
+
+// GlobalizeFail globalizes local code of object failure.
+//
+// Arg must not be nil.
+func GlobalizeFail(c *status.Code) {
+	c.GlobalizeSection(uint32(statusgrpc.Section_SECTION_OBJECT))
+}
+
+const (
+	// StatusAccessDenied is a local status.Code value for
+	// ACCESS_DENIED object failure.
+	StatusAccessDenied status.Code = iota
+	// StatusNotFound is a local status.Code value for
+	// OBJECT_NOT_FOUND object failure.
+	StatusNotFound
+	// StatusLocked is a local status.Code value for
+	// LOCKED object failure.
+	StatusLocked
+	// StatusLockNonRegularObject is a local status.Code value for
+	// LOCK_NON_REGULAR_OBJECT object failure.
+	StatusLockNonRegularObject
+	// StatusAlreadyRemoved is a local status.Code value for
+	// OBJECT_ALREADY_REMOVED object failure.
+	StatusAlreadyRemoved
+)
+
+const (
+	// detailAccessDeniedDesc is a StatusAccessDenied detail ID for
+	// human-readable description.
+	detailAccessDeniedDesc = iota
+)
+
+// WriteAccessDeniedDesc writes human-readable description of StatusAccessDenied
+// into status.Status as a detail. The status must not be nil.
+//
+// Existing details are expected to be ID-unique, otherwise undefined behavior.
+func WriteAccessDeniedDesc(st *status.Status, desc string) {
+	var found bool
+
+	st.IterateDetails(func(d *status.Detail) bool {
+		if d.ID() == detailAccessDeniedDesc {
+			found = true
+			d.SetValue([]byte(desc))
+		}
+
+		return found
+	})
+
+	if !found {
+		var d status.Detail
+
+		d.SetID(detailAccessDeniedDesc)
+		d.SetValue([]byte(desc))
+
+		st.AppendDetails(&d)
+	}
+}
+
+// ReadAccessDeniedDesc looks up for status detail with human-readable description
+// of StatusAccessDenied. Returns empty string if detail is missing.
+func ReadAccessDeniedDesc(st status.Status) (desc string) {
+	st.IterateDetails(func(d *status.Detail) bool {
+		if d.ID() == detailAccessDeniedDesc {
+			desc = string(d.Value())
+			return true
+		}
+
+		return false
+	})
+
+	return
+}

object/status_test.go

@@ -0,0 +1,34 @@
+package object_test
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neofs-api-go/v2/object"
+	"github.com/nspcc-dev/neofs-api-go/v2/status"
+	statustest "github.com/nspcc-dev/neofs-api-go/v2/status/test"
+	"github.com/stretchr/testify/require"
+)
+
+func TestStatusCodes(t *testing.T) {
+	statustest.TestCodes(t, object.LocalizeFailStatus, object.GlobalizeFail,
+		object.StatusAccessDenied, 2048,
+		object.StatusNotFound, 2049,
+		object.StatusLocked, 2050,
+		object.StatusLockNonRegularObject, 2051,
+		object.StatusAlreadyRemoved, 2052,
+	)
+}
+
+func TestAccessDeniedDesc(t *testing.T) {
+	var st status.Status
+
+	require.Empty(t, object.ReadAccessDeniedDesc(st))
+
+	const desc = "some description"
+
+	object.WriteAccessDeniedDesc(&st, desc)
+	require.Equal(t, desc, object.ReadAccessDeniedDesc(st))
+
+	object.WriteAccessDeniedDesc(&st, desc+"1")
+	require.Equal(t, desc+"1", object.ReadAccessDeniedDesc(st))
+}

object/test/generate.go

@@ -2,6 +2,7 @@ package objecttest
 
 import (
 	"github.com/nspcc-dev/neofs-api-go/v2/object"
+	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	refstest "github.com/nspcc-dev/neofs-api-go/v2/refs/test"
 	sessiontest "github.com/nspcc-dev/neofs-api-go/v2/session/test"
 )
@@ -571,3 +572,16 @@ func GenerateGetRangeHashResponse(empty bool) *object.GetRangeHashResponse {
 
 	return m
 }
+
+func GenerateLock(empty bool) *object.Lock {
+	m := new(object.Lock)
+
+	if !empty {
+		m.SetMembers([]refs.ObjectID{
+			*refstest.GenerateObjectID(false),
+			*refstest.GenerateObjectID(false),
+		})
+	}
+
+	return m
+}

object/types.go

@@ -305,6 +305,7 @@ const (
 	TypeRegular Type = iota
 	TypeTombstone
 	TypeStorageGroup
+	TypeLock
 )
 
 const (

reputation/grpc/service.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: reputation/grpc/service.proto
 
 package reputation

reputation/grpc/service_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.19.4
+// source: reputation/grpc/service.proto
 
 package reputation
 

reputation/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: reputation/grpc/types.proto
 
 package reputation

session/grpc/service.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: session/grpc/service.proto
 
 package session

session/grpc/service_grpc.pb.go

@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.2.0
+// - protoc             v3.19.4
+// source: session/grpc/service.proto
 
 package session
 

session/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: session/grpc/types.proto
 
 package session

session/status.go

@@ -0,0 +1,31 @@
+package session
+
+import (
+	"github.com/nspcc-dev/neofs-api-go/v2/status"
+	statusgrpc "github.com/nspcc-dev/neofs-api-go/v2/status/grpc"
+)
+
+// LocalizeFailStatus checks if passed global status.Code is related to session failure and:
+//   then localizes the code and returns true,
+//   else leaves the code unchanged and returns false.
+//
+// Arg must not be nil.
+func LocalizeFailStatus(c *status.Code) bool {
+	return status.LocalizeIfInSection(c, uint32(statusgrpc.Section_SECTION_SESSION))
+}
+
+// GlobalizeFail globalizes local code of session failure.
+//
+// Arg must not be nil.
+func GlobalizeFail(c *status.Code) {
+	c.GlobalizeSection(uint32(statusgrpc.Section_SECTION_SESSION))
+}
+
+const (
+	// StatusTokenNotFound is a local status.Code value for
+	// TOKEN_NOT_FOUND session failure.
+	StatusTokenNotFound status.Code = iota
+	// StatusTokenExpired is a local status.Code value for
+	// TOKEN_EXPIRED session failure.
+	StatusTokenExpired
+)

session/status_test.go

@@ -0,0 +1,15 @@
+package session_test
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neofs-api-go/v2/session"
+	statustest "github.com/nspcc-dev/neofs-api-go/v2/status/test"
+)
+
+func TestStatusCodes(t *testing.T) {
+	statustest.TestCodes(t, session.LocalizeFailStatus, session.GlobalizeFail,
+		session.StatusTokenNotFound, 4096,
+		session.StatusTokenExpired, 4097,
+	)
+}

status/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: status/grpc/types.proto
 
 package status
@@ -28,6 +28,12 @@ const (
 	Section_SECTION_SUCCESS Section = 0
 	// Failure codes regardless of the operation.
 	Section_SECTION_FAILURE_COMMON Section = 1
+	// Object service-specific errors.
+	Section_SECTION_OBJECT Section = 2
+	// Container service-specific errors.
+	Section_SECTION_CONTAINER Section = 3
+	// Session service-specific errors.
+	Section_SECTION_SESSION Section = 4
 )
 
 // Enum value maps for Section.
@@ -35,10 +41,16 @@ var (
 	Section_name = map[int32]string{
 		0: "SECTION_SUCCESS",
 		1: "SECTION_FAILURE_COMMON",
+		2: "SECTION_OBJECT",
+		3: "SECTION_CONTAINER",
+		4: "SECTION_SESSION",
 	}
 	Section_value = map[string]int32{
 		"SECTION_SUCCESS":        0,
 		"SECTION_FAILURE_COMMON": 1,
+		"SECTION_OBJECT":         2,
+		"SECTION_CONTAINER":      3,
+		"SECTION_SESSION":        4,
 	}
 )
 
@@ -170,6 +182,163 @@ func (CommonFail) EnumDescriptor() ([]byte, []int) {
 	return file_status_grpc_types_proto_rawDescGZIP(), []int{2}
 }
 
+// Section of statuses for object-related operations.
+type Object int32
+
+const (
+	// [**2048**] Access denied by ACL.
+	// Details:
+	// - [**0**] Human-readable description (UTF-8 encoded string).
+	Object_ACCESS_DENIED Object = 0
+	// [**2049**] Object not found.
+	Object_OBJECT_NOT_FOUND Object = 1
+	// [**2050**] Operation rejected by the object lock.
+	Object_LOCKED Object = 2
+	// [**2051**] Locking an object with a non-REGULAR type rejected.
+	Object_LOCK_NON_REGULAR_OBJECT Object = 3
+	// [**2052**] Object has been marked deleted.
+	Object_OBJECT_ALREADY_REMOVED Object = 4
+)
+
+// Enum value maps for Object.
+var (
+	Object_name = map[int32]string{
+		0: "ACCESS_DENIED",
+		1: "OBJECT_NOT_FOUND",
+		2: "LOCKED",
+		3: "LOCK_NON_REGULAR_OBJECT",
+		4: "OBJECT_ALREADY_REMOVED",
+	}
+	Object_value = map[string]int32{
+		"ACCESS_DENIED":           0,
+		"OBJECT_NOT_FOUND":        1,
+		"LOCKED":                  2,
+		"LOCK_NON_REGULAR_OBJECT": 3,
+		"OBJECT_ALREADY_REMOVED":  4,
+	}
+)
+
+func (x Object) Enum() *Object {
+	p := new(Object)
+	*p = x
+	return p
+}
+
+func (x Object) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Object) Descriptor() protoreflect.EnumDescriptor {
+	return file_status_grpc_types_proto_enumTypes[3].Descriptor()
+}
+
+func (Object) Type() protoreflect.EnumType {
+	return &file_status_grpc_types_proto_enumTypes[3]
+}
+
+func (x Object) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Object.Descriptor instead.
+func (Object) EnumDescriptor() ([]byte, []int) {
+	return file_status_grpc_types_proto_rawDescGZIP(), []int{3}
+}
+
+// Section of statuses for container-related operations.
+type Container int32
+
+const (
+	// [**3072**] Container not found.
+	Container_CONTAINER_NOT_FOUND Container = 0
+)
+
+// Enum value maps for Container.
+var (
+	Container_name = map[int32]string{
+		0: "CONTAINER_NOT_FOUND",
+	}
+	Container_value = map[string]int32{
+		"CONTAINER_NOT_FOUND": 0,
+	}
+)
+
+func (x Container) Enum() *Container {
+	p := new(Container)
+	*p = x
+	return p
+}
+
+func (x Container) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Container) Descriptor() protoreflect.EnumDescriptor {
+	return file_status_grpc_types_proto_enumTypes[4].Descriptor()
+}
+
+func (Container) Type() protoreflect.EnumType {
+	return &file_status_grpc_types_proto_enumTypes[4]
+}
+
+func (x Container) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Container.Descriptor instead.
+func (Container) EnumDescriptor() ([]byte, []int) {
+	return file_status_grpc_types_proto_rawDescGZIP(), []int{4}
+}
+
+// Section of statuses for session-related operations.
+type Session int32
+
+const (
+	// [**4096**] Token not found.
+	Session_TOKEN_NOT_FOUND Session = 0
+	// [**4097**] Token has expired.
+	Session_TOKEN_EXPIRED Session = 1
+)
+
+// Enum value maps for Session.
+var (
+	Session_name = map[int32]string{
+		0: "TOKEN_NOT_FOUND",
+		1: "TOKEN_EXPIRED",
+	}
+	Session_value = map[string]int32{
+		"TOKEN_NOT_FOUND": 0,
+		"TOKEN_EXPIRED":   1,
+	}
+)
+
+func (x Session) Enum() *Session {
+	p := new(Session)
+	*p = x
+	return p
+}
+
+func (x Session) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Session) Descriptor() protoreflect.EnumDescriptor {
+	return file_status_grpc_types_proto_enumTypes[5].Descriptor()
+}
+
+func (Session) Type() protoreflect.EnumType {
+	return &file_status_grpc_types_proto_enumTypes[5]
+}
+
+func (x Session) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Session.Descriptor instead.
+func (Session) EnumDescriptor() ([]byte, []int) {
+	return file_status_grpc_types_proto_rawDescGZIP(), []int{5}
+}
+
 // Declares the general format of the status returns of the NeoFS RPC protocol.
 // Status is present in all response messages. Each RPC of NeoFS protocol
 // describes the possible outcomes and details of the operation.
@@ -342,21 +511,38 @@ var file_status_grpc_types_proto_rawDesc = []byte{
 	0x2e, 0x0a, 0x06, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
 	0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
 	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2a,
-	0x3a, 0x0a, 0x07, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x45,
+	0x7a, 0x0a, 0x07, 0x53, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x45,
 	0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x00, 0x12,
 	0x1a, 0x0a, 0x16, 0x53, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x55,
-	0x52, 0x45, 0x5f, 0x43, 0x4f, 0x4d, 0x4d, 0x4f, 0x4e, 0x10, 0x01, 0x2a, 0x11, 0x0a, 0x07, 0x53,
+	0x52, 0x45, 0x5f, 0x43, 0x4f, 0x4d, 0x4d, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x53,
+	0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x10, 0x02, 0x12,
+	0x15, 0x0a, 0x11, 0x53, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41,
+	0x49, 0x4e, 0x45, 0x52, 0x10, 0x03, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x45, 0x43, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x53, 0x45, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x11, 0x0a, 0x07, 0x53,
 	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x06, 0x0a, 0x02, 0x4f, 0x4b, 0x10, 0x00, 0x2a, 0x32,
 	0x0a, 0x0a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x12, 0x0c, 0x0a, 0x08,
 	0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x57, 0x52,
 	0x4f, 0x4e, 0x47, 0x5f, 0x4d, 0x41, 0x47, 0x49, 0x43, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52,
-	0x10, 0x01, 0x42, 0x56, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+	0x10, 0x01, 0x2a, 0x76, 0x0a, 0x06, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x11, 0x0a, 0x0d,
-	0x2f, 0x6e, 0x73, 0x70, 0x63, 0x63, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x6e, 0x65, 0x6f, 0x66, 0x73,
+	0x41, 0x43, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x44, 0x45, 0x4e, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x2d, 0x61, 0x70, 0x69, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75,
+	0x14, 0x0a, 0x10, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f,
-	0x73, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x3b, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0xaa, 0x02, 0x1a,
+	0x55, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4c, 0x4f, 0x43, 0x4b, 0x45, 0x44, 0x10,
-	0x4e, 0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x2e,
+	0x02, 0x12, 0x1b, 0x0a, 0x17, 0x4c, 0x4f, 0x43, 0x4b, 0x5f, 0x4e, 0x4f, 0x4e, 0x5f, 0x52, 0x45,
-	0x41, 0x50, 0x49, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x47, 0x55, 0x4c, 0x41, 0x52, 0x5f, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x10, 0x03, 0x12, 0x1a,
-	0x6f, 0x33,
+	0x0a, 0x16, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59,
+	0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x56, 0x45, 0x44, 0x10, 0x04, 0x2a, 0x24, 0x0a, 0x09, 0x43, 0x6f,
+	0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x13, 0x43, 0x4f, 0x4e, 0x54, 0x41,
+	0x49, 0x4e, 0x45, 0x52, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x00,
+	0x2a, 0x31, 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x13, 0x0a, 0x0f, 0x54,
+	0x4f, 0x4b, 0x45, 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x00,
+	0x12, 0x11, 0x0a, 0x0d, 0x54, 0x4f, 0x4b, 0x45, 0x4e, 0x5f, 0x45, 0x58, 0x50, 0x49, 0x52, 0x45,
+	0x44, 0x10, 0x01, 0x42, 0x56, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x6e, 0x73, 0x70, 0x63, 0x63, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x6e, 0x65, 0x6f, 0x66,
+	0x73, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x3b, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0xaa, 0x02,
+	0x1a, 0x4e, 0x65, 0x6f, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65,
+	0x2e, 0x41, 0x50, 0x49, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
 var (
@@ -371,17 +557,20 @@ func file_status_grpc_types_proto_rawDescGZIP() []byte {
 	return file_status_grpc_types_proto_rawDescData
 }
 
-var file_status_grpc_types_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
+var file_status_grpc_types_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
 var file_status_grpc_types_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 var file_status_grpc_types_proto_goTypes = []interface{}{
 	(Section)(0),          // 0: neo.fs.v2.status.Section
 	(Success)(0),          // 1: neo.fs.v2.status.Success
 	(CommonFail)(0),       // 2: neo.fs.v2.status.CommonFail
-	(*Status)(nil),        // 3: neo.fs.v2.status.Status
+	(Object)(0),           // 3: neo.fs.v2.status.Object
-	(*Status_Detail)(nil), // 4: neo.fs.v2.status.Status.Detail
+	(Container)(0),        // 4: neo.fs.v2.status.Container
+	(Session)(0),          // 5: neo.fs.v2.status.Session
+	(*Status)(nil),        // 6: neo.fs.v2.status.Status
+	(*Status_Detail)(nil), // 7: neo.fs.v2.status.Status.Detail
 }
 var file_status_grpc_types_proto_depIdxs = []int32{
-	4, // 0: neo.fs.v2.status.Status.details:type_name -> neo.fs.v2.status.Status.Detail
+	7, // 0: neo.fs.v2.status.Status.details:type_name -> neo.fs.v2.status.Status.Detail
 	1, // [1:1] is the sub-list for method output_type
 	1, // [1:1] is the sub-list for method input_type
 	1, // [1:1] is the sub-list for extension type_name
@@ -425,7 +614,7 @@ func file_status_grpc_types_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_status_grpc_types_proto_rawDesc,
-			NumEnums:      3,
+			NumEnums:      6,
 			NumMessages:   2,
 			NumExtensions: 0,
 			NumServices:   0,

status/status.go

@@ -80,3 +80,17 @@ func LocalizeCommonFail(c *Code) {
 func GlobalizeCommonFail(c *Code) {
 	c.GlobalizeSection(sectionAfterSuccess(sectionCommon))
 }
+
+// LocalizeIfInSection checks if passed global status.Code belongs to the section and:
+//   then localizes the code and returns true,
+//   else leaves the code unchanged and returns false.
+//
+// Arg must not be nil.
+func LocalizeIfInSection(c *Code, sec uint32) bool {
+	if IsInSection(*c, sec) {
+		c.LocalizeSection(sec)
+		return true
+	}
+
+	return false
+}

status/test/codes.go

@@ -0,0 +1,28 @@
+package statustest
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neofs-api-go/v2/status"
+	"github.com/stretchr/testify/require"
+)
+
+// TestCodes checks mapping of status codes to the numbers.
+// Args must be pairs (status.Code, int).
+func TestCodes(t *testing.T,
+	localizer func(*status.Code) bool,
+	globalizer func(code *status.Code),
+	vals ...interface{},
+) {
+	for i := 0; i < len(vals); i += 2 {
+		c := vals[i].(status.Code)
+		cp := c
+
+		globalizer(&cp)
+		require.True(t, cp.EqualNumber(uint32(vals[i+1].(int))), c)
+
+		require.True(t, localizer(&cp), c)
+
+		require.Equal(t, cp, c, c)
+	}
+}

status/types.go

@@ -42,6 +42,11 @@ func (x *Detail) SetValue(val []byte) {
 // Code represents NeoFS API V2-compatible status code.
 type Code uint32
 
+// EqualNumber checks if the numerical Code equals num.
+func (x Code) EqualNumber(num uint32) bool {
+	return uint32(x) == num
+}
+
 // Status represents structure of NeoFS API V2-compatible status return message.
 type Status struct {
 	code Code

storagegroup/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: storagegroup/grpc/types.proto
 
 package storagegroup

subnet/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: subnet/grpc/types.proto
 
 package subnet

tombstone/grpc/types.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: tombstone/grpc/types.proto
 
 package tombstone

util/proto/test/test.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.1
+// 	protoc        v3.19.4
 // source: util/proto/test/test.proto
 
 package test