Initial commit (code only without large binaries)

EdgeAdmin/internal/web/actions/default/clusters/grants/create.go

@@ -0,0 +1,90 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"golang.org/x/crypto/ssh"
+)
+
+type CreateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateAction) Init() {
+	this.Nav("", "grant", "create")
+}
+
+func (this *CreateAction) RunGet(params struct{}) {
+	this.Data["methods"] = grantutils.AllGrantMethods(this.LangCode())
+
+	this.Show()
+}
+
+func (this *CreateAction) RunPost(params struct {
+	Name        string
+	Method      string
+	Username    string
+	Password    string
+	PrivateKey  string
+	Passphrase  string
+	Description string
+	Su          bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称")
+
+	switch params.Method {
+	case "user":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+	case "privateKey":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+		if len(params.PrivateKey) == 0 {
+			this.FailField("privateKey", "请输入RSA私钥")
+		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
+	default:
+		this.Fail("请选择正确的认证方式")
+	}
+
+	createResp, err := this.RPC().NodeGrantRPC().CreateNodeGrant(this.AdminContext(), &pb.CreateNodeGrantRequest{
+		Name:        params.Name,
+		Method:      params.Method,
+		Username:    params.Username,
+		Password:    params.Password,
+		PrivateKey:  params.PrivateKey,
+		Passphrase:  params.Passphrase,
+		Description: params.Description,
+		Su:          params.Su,
+		NodeId:      0,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建日志
+	defer this.CreateLogInfo(codes.NodeGrant_LogCreateSSHGrant, createResp.NodeGrantId)
+
+	this.Success()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/createPopup.go

@@ -0,0 +1,99 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct{}) {
+	this.Data["methods"] = grantutils.AllGrantMethods(this.LangCode())
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name        string
+	Method      string
+	Username    string
+	Password    string
+	PrivateKey  string
+	Passphrase  string
+	Description string
+	Su          bool
+
+	Must *actions.Must
+}) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称")
+
+	switch params.Method {
+	case "user":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+	case "privateKey":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+		if len(params.PrivateKey) == 0 {
+			this.FailField("privateKey", "请输入RSA私钥")
+		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
+	default:
+		this.Fail("请选择正确的认证方式")
+	}
+
+	createResp, err := this.RPC().NodeGrantRPC().CreateNodeGrant(this.AdminContext(), &pb.CreateNodeGrantRequest{
+		Name:        params.Name,
+		Method:      params.Method,
+		Username:    params.Username,
+		Password:    params.Password,
+		PrivateKey:  params.PrivateKey,
+		Passphrase:  params.Passphrase,
+		Description: params.Description,
+		Su:          params.Su,
+		NodeId:      0,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["grant"] = maps.Map{
+		"id":         createResp.NodeGrantId,
+		"name":       params.Name,
+		"method":     params.Method,
+		"methodName": grantutils.FindGrantMethodName(params.Method, this.LangCode()),
+		"username":   params.Username,
+	}
+
+	// 创建日志
+	defer this.CreateLogInfo(codes.NodeGrant_LogCreateSSHGrant, createResp.NodeGrantId)
+
+	this.Success()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/delete.go

@@ -0,0 +1,48 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	GrantId int64
+}) {
+	// 创建日志
+	defer this.CreateLogInfo(codes.NodeGrant_LogDeleteSSHGrant, params.GrantId)
+
+	// 检查是否有别的集群或节点正在使用
+	countResp, err := this.RPC().NodeClusterRPC().CountAllEnabledNodeClustersWithNodeGrantId(this.AdminContext(), &pb.CountAllEnabledNodeClustersWithNodeGrantIdRequest{
+		NodeGrantId: params.GrantId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if countResp.Count > 0 {
+		this.Fail("有集群正在使用此服务，请修改后再删除")
+	}
+
+	countResp2, err := this.RPC().NodeRPC().CountAllEnabledNodesWithNodeGrantId(this.AdminContext(), &pb.CountAllEnabledNodesWithNodeGrantIdRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if countResp2.Count > 0 {
+		this.Fail("有节点正在使用此服务，请修改后再删除")
+	}
+
+	// 删除
+	_, err = this.RPC().NodeGrantRPC().DisableNodeGrant(this.AdminContext(), &pb.DisableNodeGrantRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/grant.go

@@ -0,0 +1,97 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type GrantAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GrantAction) Init() {
+	this.Nav("", "grant", "index")
+}
+
+func (this *GrantAction) RunGet(params struct {
+	GrantId int64
+}) {
+	grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if grantResp.NodeGrant == nil {
+		this.WriteString("can not find the grant")
+		return
+	}
+
+	// TODO 处理节点专用的认证
+
+	var grant = grantResp.NodeGrant
+
+	var privateKey = grant.PrivateKey
+	const maskLength = 64
+	if len(privateKey) > maskLength+32 {
+		privateKey = privateKey[:maskLength] + strings.Repeat("*", len(privateKey)-maskLength)
+	}
+
+	this.Data["grant"] = maps.Map{
+		"id":          grant.Id,
+		"name":        grant.Name,
+		"method":      grant.Method,
+		"methodName":  grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+		"username":    grant.Username,
+		"password":    strings.Repeat("*", len(grant.Password)),
+		"privateKey":  privateKey,
+		"passphrase":  strings.Repeat("*", len(grant.Passphrase)),
+		"description": grant.Description,
+		"su":          grant.Su,
+	}
+
+	// 使用此认证的集群
+	clusterMaps := []maps.Map{}
+	clustersResp, err := this.RPC().NodeClusterRPC().FindAllEnabledNodeClustersWithNodeGrantId(this.AdminContext(), &pb.FindAllEnabledNodeClustersWithNodeGrantIdRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	for _, cluster := range clustersResp.NodeClusters {
+		clusterMaps = append(clusterMaps, maps.Map{
+			"id":   cluster.Id,
+			"name": cluster.Name,
+		})
+	}
+	this.Data["clusters"] = clusterMaps
+
+	// 使用此认证的节点
+	nodeMaps := []maps.Map{}
+	nodesResp, err := this.RPC().NodeRPC().FindAllEnabledNodesWithNodeGrantId(this.AdminContext(), &pb.FindAllEnabledNodesWithNodeGrantIdRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	for _, node := range nodesResp.Nodes {
+		if node.NodeCluster == nil {
+			continue
+		}
+
+		clusterMap := maps.Map{
+			"id":   node.NodeCluster.Id,
+			"name": node.NodeCluster.Name,
+		}
+
+		nodeMaps = append(nodeMaps, maps.Map{
+			"id":      node.Id,
+			"name":    node.Name,
+			"cluster": clusterMap,
+			"isOn":    node.IsOn,
+		})
+	}
+	this.Data["nodes"] = nodeMaps
+
+	this.Show()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils/utils.go

@@ -0,0 +1,31 @@
+package grantutils
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// AllGrantMethods 所有的认证类型
+func AllGrantMethods(langCode langs.LangCode) []maps.Map {
+	return []maps.Map{
+		{
+			"name":  langs.Message(langCode, codes.NodeGrant_MethodUserPassword),
+			"value": "user",
+		},
+		{
+			"name":  langs.Message(langCode, codes.NodeGrant_MethodPrivateKey),
+			"value": "privateKey",
+		},
+	}
+}
+
+// FindGrantMethodName 获得对应的认证类型名称
+func FindGrantMethodName(method string, langCode langs.LangCode) string {
+	for _, m := range AllGrantMethods(langCode) {
+		if m.GetString("value") == method {
+			return m.GetString("name")
+		}
+	}
+	return ""
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/index.go

@@ -0,0 +1,75 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "grant", "index")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	Keyword string
+}) {
+	this.Data["keyword"] = params.Keyword
+
+	countResp, err := this.RPC().NodeGrantRPC().CountAllEnabledNodeGrants(this.AdminContext(), &pb.CountAllEnabledNodeGrantsRequest{
+		Keyword: params.Keyword,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var page = this.NewPage(countResp.Count)
+	this.Data["page"] = page.AsHTML()
+
+	grantsResp, err := this.RPC().NodeGrantRPC().ListEnabledNodeGrants(this.AdminContext(), &pb.ListEnabledNodeGrantsRequest{
+		Keyword: params.Keyword,
+		Offset:  page.Offset,
+		Size:    page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var grantMaps = []maps.Map{}
+	for _, grant := range grantsResp.NodeGrants {
+		// 集群数
+		countClustersResp, err := this.RPC().NodeClusterRPC().CountAllEnabledNodeClustersWithNodeGrantId(this.AdminContext(), &pb.CountAllEnabledNodeClustersWithNodeGrantIdRequest{NodeGrantId: grant.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var countClusters = countClustersResp.Count
+
+		// 节点数
+		countNodesResp, err := this.RPC().NodeRPC().CountAllEnabledNodesWithNodeGrantId(this.AdminContext(), &pb.CountAllEnabledNodesWithNodeGrantIdRequest{NodeGrantId: grant.Id})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var countNodes = countNodesResp.Count
+
+		grantMaps = append(grantMaps, maps.Map{
+			"id":   grant.Id,
+			"name": grant.Name,
+			"method": maps.Map{
+				"type": grant.Method,
+				"name": grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+			},
+			"username":      grant.Username,
+			"countClusters": countClusters,
+			"countNodes":    countNodes,
+		})
+	}
+	this.Data["grants"] = grantMaps
+
+	this.Show()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/init.go

@@ -0,0 +1,31 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/clusterutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeNode)).
+			Helper(clusterutils.NewClustersHelper()).
+			Data("teaMenu", "clusters").
+			Data("teaSubMenu", "grant").
+			Prefix("/clusters/grants").
+
+			// 授权管理
+			Get("", new(IndexAction)).
+			GetPost("/create", new(CreateAction)).
+			GetPost("/update", new(UpdateAction)).
+			Post("/delete", new(DeleteAction)).
+			Get("/grant", new(GrantAction)).
+			GetPost("/selectPopup", new(SelectPopupAction)).
+			GetPost("/createPopup", new(CreatePopupAction)).
+			GetPost("/updatePopup", new(UpdatePopupAction)).
+			GetPost("/test", new(TestAction)).
+			EndAll()
+	})
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/selectPopup.go

@@ -0,0 +1,99 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type SelectPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SelectPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *SelectPopupAction) RunGet(params struct {
+	NodeClusterId int64
+	NsClusterId   int64
+}) {
+	// 所有的认证
+	grantsResp, err := this.RPC().NodeGrantRPC().FindAllEnabledNodeGrants(this.AdminContext(), &pb.FindAllEnabledNodeGrantsRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	grants := grantsResp.NodeGrants
+	grantMaps := []maps.Map{}
+	for _, grant := range grants {
+		grantMaps = append(grantMaps, maps.Map{
+			"id":          grant.Id,
+			"name":        grant.Name,
+			"method":      grant.Method,
+			"methodName":  grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+			"username":    grant.Username,
+			"description": grant.Description,
+		})
+	}
+	this.Data["grants"] = grantMaps
+
+	// 推荐的认证
+	suggestGrantsResp, err := this.RPC().NodeGrantRPC().FindSuggestNodeGrants(this.AdminContext(), &pb.FindSuggestNodeGrantsRequest{
+		NodeClusterId: params.NodeClusterId,
+		NsClusterId:   params.NsClusterId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var suggestGrantMaps = []maps.Map{}
+	for _, grant := range suggestGrantsResp.NodeGrants {
+		suggestGrantMaps = append(suggestGrantMaps, maps.Map{
+			"id":          grant.Id,
+			"name":        grant.Name,
+			"method":      grant.Method,
+			"methodName":  grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+			"username":    grant.Username,
+			"description": grant.Description,
+		})
+	}
+	this.Data["suggestGrants"] = suggestGrantMaps
+
+	this.Show()
+}
+
+func (this *SelectPopupAction) RunPost(params struct {
+	GrantId int64
+	Must    *actions.Must
+}) {
+	if params.GrantId <= 0 {
+		this.Data["grant"] = maps.Map{
+			"id":         params.GrantId,
+			"name":       "",
+			"method":     "",
+			"methodName": "",
+		}
+		this.Success()
+	}
+
+	grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	grant := grantResp.NodeGrant
+	if grant == nil {
+		this.Fail("找不到要使用的认证")
+	}
+	this.Data["grant"] = maps.Map{
+		"id":         grant.Id,
+		"name":       grant.Name,
+		"method":     grant.Method,
+		"methodName": grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+	}
+
+	this.Success()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/test.go

@@ -0,0 +1,78 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type TestAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TestAction) Init() {
+	this.Nav("", "", "test")
+}
+
+func (this *TestAction) RunGet(params struct {
+	GrantId int64
+}) {
+	grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if grantResp.NodeGrant == nil {
+		this.WriteString("can not find the grant")
+		return
+	}
+
+	grant := grantResp.NodeGrant
+	this.Data["grant"] = maps.Map{
+		"id":          grant.Id,
+		"name":        grant.Name,
+		"method":      grant.Method,
+		"methodName":  grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+		"username":    grant.Username,
+		"password":    strings.Repeat("*", len(grant.Password)),
+		"privateKey":  grant.PrivateKey,
+		"description": grant.Description,
+		"su":          grant.Su,
+	}
+
+	this.Show()
+}
+
+func (this *TestAction) RunPost(params struct {
+	GrantId int64
+	Host    string
+	Port    int32
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	params.Must.
+		Field("host", params.Host).
+		Require("请输入节点主机地址").
+		Field("port", params.Port).
+		Gt(0, "请输入正确的端口号").
+		Lt(65535, "请输入正确的端口号")
+
+	resp, err := this.RPC().NodeGrantRPC().TestNodeGrant(this.AdminContext(), &pb.TestNodeGrantRequest{
+		NodeGrantId: params.GrantId,
+		Host:        params.Host,
+		Port:        params.Port,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["isOk"] = resp.IsOk
+	this.Data["error"] = resp.Error
+	this.Success()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/update.go

@@ -0,0 +1,134 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
+	"strings"
+)
+
+type UpdateAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateAction) Init() {
+	this.Nav("", "grant", "update")
+}
+
+func (this *UpdateAction) RunGet(params struct {
+	GrantId int64
+}) {
+	this.Data["methods"] = grantutils.AllGrantMethods(this.LangCode())
+
+	grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if grantResp.NodeGrant == nil {
+		this.WriteString("can not find the grant")
+		return
+	}
+
+	// TODO 处理节点专用的认证
+
+	var grant = grantResp.NodeGrant
+
+	// private key
+	var privateKey = grant.PrivateKey
+	const maskLength = 64
+	if len(privateKey) > maskLength+32 {
+		privateKey = privateKey[:maskLength] + strings.Repeat("*", len(privateKey)-maskLength)
+	}
+
+	this.Data["grant"] = maps.Map{
+		"id":          grant.Id,
+		"name":        grant.Name,
+		"method":      grant.Method,
+		"methodName":  grantutils.FindGrantMethodName(grant.Method, this.LangCode()),
+		"username":    grant.Username,
+		"password":    strings.Repeat("*", len(grant.Password)),
+		"privateKey":  privateKey,
+		"passphrase":  grant.Passphrase,
+		"description": grant.Description,
+		"su":          grant.Su,
+	}
+
+	this.Show()
+}
+
+func (this *UpdateAction) RunPost(params struct {
+	GrantId     int64
+	Name        string
+	Method      string
+	Username    string
+	Password    string
+	PrivateKey  string
+	Passphrase  string
+	Description string
+	Su          bool
+
+	Must *actions.Must
+}) {
+	// 创建日志
+	defer this.CreateLogInfo(codes.NodeGrant_LogUpdateSSHGrant, params.GrantId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称")
+
+	switch params.Method {
+	case "user":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+	case "privateKey":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+		if len(params.PrivateKey) == 0 {
+			this.FailField("privateKey", "请输入RSA私钥")
+		}
+
+		// 验证私钥
+		if !strings.HasSuffix(params.PrivateKey, "******") /* 非掩码 */ {
+			var err error
+			if len(params.Passphrase) > 0 {
+				_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+			} else {
+				_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+			}
+			if err != nil {
+				this.Fail("私钥验证失败，请检查格式：" + err.Error())
+				return
+			}
+		}
+	default:
+		this.Fail("请选择正确的认证方式")
+	}
+
+	// TODO 检查grantId是否存在
+
+	_, err := this.RPC().NodeGrantRPC().UpdateNodeGrant(this.AdminContext(), &pb.UpdateNodeGrantRequest{
+		NodeGrantId: params.GrantId,
+		Name:        params.Name,
+		Method:      params.Method,
+		Username:    params.Username,
+		Password:    params.Password,
+		PrivateKey:  params.PrivateKey,
+		Passphrase:  params.Passphrase,
+		Description: params.Description,
+		Su:          params.Su,
+		NodeId:      0,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}

EdgeAdmin/internal/web/actions/default/clusters/grants/updatePopup.go

@@ -0,0 +1,131 @@
+package grants
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	GrantId int64
+}) {
+	this.Data["methods"] = grantutils.AllGrantMethods(this.LangCode())
+
+	grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: params.GrantId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	if grantResp.NodeGrant == nil {
+		this.WriteString("找不到要操作的对象")
+		return
+	}
+
+	grant := grantResp.NodeGrant
+	this.Data["grant"] = maps.Map{
+		"id":          grant.Id,
+		"nodeId":      grant.NodeId,
+		"method":      grant.Method,
+		"name":        grant.Name,
+		"username":    grant.Username,
+		"password":    grant.Password,
+		"description": grant.Description,
+		"privateKey":  grant.PrivateKey,
+		"passphrase":  grant.Passphrase,
+		"su":          grant.Su,
+	}
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	GrantId     int64
+	NodeId      int64
+	Name        string
+	Method      string
+	Username    string
+	Password    string
+	PrivateKey  string
+	Passphrase  string
+	Description string
+	Su          bool
+
+	Must *actions.Must
+}) {
+	// 创建日志
+	defer this.CreateLogInfo(codes.NodeGrant_LogUpdateSSHGrant, params.GrantId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称")
+
+	switch params.Method {
+	case "user":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+	case "privateKey":
+		if len(params.Username) == 0 {
+			this.FailField("username", "请输入SSH登录用户名")
+		}
+		if len(params.PrivateKey) == 0 {
+			this.FailField("privateKey", "请输入RSA私钥")
+		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
+	default:
+		this.Fail("请选择正确的认证方式")
+	}
+
+	// 执行修改
+	_, err := this.RPC().NodeGrantRPC().UpdateNodeGrant(this.AdminContext(), &pb.UpdateNodeGrantRequest{
+		NodeGrantId: params.GrantId,
+		Name:        params.Name,
+		Method:      params.Method,
+		Username:    params.Username,
+		Password:    params.Password,
+		PrivateKey:  params.PrivateKey,
+		Passphrase:  params.Passphrase,
+		Description: params.Description,
+		NodeId:      params.NodeId,
+		Su:          params.Su,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 返回信息
+	this.Data["grant"] = maps.Map{
+		"id":         params.GrantId,
+		"name":       params.Name,
+		"method":     params.Method,
+		"methodName": grantutils.FindGrantMethodName(params.Method, this.LangCode()),
+		"username":   params.Username,
+	}
+
+	this.Success()
+}