gravitational · tigrato · Oct 9, 2023 · Oct 4, 2023
diff --git a/api/proto/teleport/legacy/types/types.proto b/api/proto/teleport/legacy/types/types.proto
@@ -4977,6 +4977,9 @@ message SessionTrackerSpecV1 {
 
   // TargetSubKind is the sub kind of the target server.
   string TargetSubKind = 22 [(gogoproto.jsontag) = "target_sub_kind,omitempty"];
+
+  // InitialCommand is the command that was executed to start this session.
+  repeated string InitialCommand = 23 [(gogoproto.jsontag) = "initial_command,omitempty"];
 }
 
 // SessionTrackerPolicySet is a set of RBAC policies held by the session tracker

diff --git a/api/types/session_tracker.go b/api/types/session_tracker.go
@@ -125,6 +125,9 @@ type SessionTracker interface {
 
 	// GetTargetSubKind returns the sub kind of the target server.
 	GetTargetSubKind() string
+
+	// GetCommand returns the command that initiated the session.
+	GetCommand() []string
 }
 
 func NewSessionTracker(spec SessionTrackerSpecV1) (SessionTracker, error) {
@@ -344,6 +347,11 @@ func (s *SessionTrackerV1) GetTargetSubKind() string {
 	return s.Spec.TargetSubKind
 }
 
+// GetCommand returns command that intiated the session.
+func (s *SessionTrackerV1) GetCommand() []string {
+	return s.Spec.InitialCommand
+}
+
 // Match checks if a given session tracker matches this filter.
 func (f *SessionTrackerFilter) Match(s SessionTracker) bool {
 	if f.Kind != "" && string(s.GetSessionKind()) != f.Kind {

diff --git a/api/types/types.pb.go b/api/types/types.pb.go
diff --git a/lib/kube/proxy/sess.go b/lib/kube/proxy/sess.go
@@ -1206,6 +1206,7 @@ func (s *session) trackSession(p *party, policySet []*types.SessionTrackerPolicy
 		Reason:            s.reason,
 		Invited:           s.invitedUsers,
 		HostID:            s.forwarder.cfg.HostID,
+		InitialCommand:    s.req.URL.Query()["command"],
 	}
 
 	s.log.Debug("Creating session tracker")

diff --git a/lib/kube/proxy/sess_test.go b/lib/kube/proxy/sess_test.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"net/url"
 	"testing"
 
 	"github.com/google/uuid"
@@ -110,9 +111,11 @@ func Test_session_trackSession(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			sess := &session{
-				log:             logrus.New().WithField(trace.Component, "test"),
-				id:              uuid.New(),
-				req:             &http.Request{},
+				log: logrus.New().WithField(trace.Component, "test"),
+				id:  uuid.New(),
+				req: &http.Request{
+					URL: &url.URL{},
+				},
 				podName:         "podName",
 				accessEvaluator: auth.NewSessionAccessEvaluator(tt.args.policies, types.KubernetesSessionKind, "username"),
 				ctx: authContext{

diff --git a/lib/session/session.go b/lib/session/session.go
@@ -107,6 +107,8 @@ type Session struct {
 	Owner string `json:"owner"`
 	// Moderated is true if the session requires moderation (only relevant for Kind = ssh/k8s).
 	Moderated bool `json:"moderated"`
+	// Command is the command that was executed to start the session.
+	Command string `json:"command"`
 }
 
 // FileTransferRequestParams contain parameters for requesting a file transfer

diff --git a/lib/srv/sess.go b/lib/srv/sess.go
@@ -2036,6 +2036,10 @@ func (p *party) closeUnderSessionLock() error {
 // on an interval until the session tracker is closed.
 func (s *session) trackSession(ctx context.Context, teleportUser string, policySet []*types.SessionTrackerPolicySet, p *party) error {
 	s.log.Debugf("Tracking participant: %s", p.id)
+	var initialCommand []string
+	if execRequest, err := s.scx.GetExecRequest(); err == nil {
+		initialCommand = []string{execRequest.GetCommand()}
+	}
 	trackerSpec := types.SessionTrackerSpecV1{
 		SessionID:    s.id.String(),
 		Kind:         string(types.SSHSessionKind),
@@ -2056,8 +2060,9 @@ func (s *session) trackSession(ctx context.Context, teleportUser string, policyS
 				LastActive: s.registry.clock.Now().UTC(),
 			},
 		},
-		HostID:        s.registry.Srv.ID(),
-		TargetSubKind: s.serverMeta.ServerSubKind,
+		HostID:         s.registry.Srv.ID(),
+		TargetSubKind:  s.serverMeta.ServerSubKind,
+		InitialCommand: initialCommand,
 	}
 
 	if s.scx.env[teleport.EnvSSHSessionInvited] != "" {

diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
@@ -2484,7 +2484,6 @@ func (h *Handler) getSiteNamespaces(w http.ResponseWriter, r *http.Request, _ ht
 }
 
 func makeUnifiedResourceRequest(r *http.Request) (*proto.ListUnifiedResourcesRequest, error) {
-
 	values := r.URL.Query()
 
 	limit, err := queryLimitAsInt32(values, "limit", defaults.MaxIterationLimit)
@@ -3144,6 +3143,7 @@ func trackerToLegacySession(tracker types.SessionTracker, clusterName string) se
 		Moderated:             accessEvaluator.IsModerated(),
 		DatabaseName:          tracker.GetDatabaseName(),
 		Owner:                 tracker.GetHostUser(),
+		Command:               strings.Join(tracker.GetCommand(), " "),
 	}
 }
 
@@ -3824,7 +3824,6 @@ func consumeTokenForAPICall(ctx context.Context, proxyClient auth.ClientI, token
 	}
 
 	return token, nil
-
 }
 
 // checkTokenTTL returns true if the token is still valid.

diff --git a/tool/tsh/common/kube.go b/tool/tsh/common/kube.go
@@ -575,9 +575,18 @@ func serializeKubeSessions(sessions []types.SessionTracker, format string) (stri
 }
 
 func printSessions(output io.Writer, sessions []types.SessionTracker) {
-	table := asciitable.MakeTable([]string{"ID", "State", "Created", "Hostname", "Address", "Login", "Reason"})
+	table := asciitable.MakeTable([]string{"ID", "State", "Created", "Hostname", "Address", "Login", "Reason", "Command"})
 	for _, s := range sessions {
-		table.AddRow([]string{s.GetSessionID(), s.GetState().String(), s.GetCreated().Format(time.RFC3339), s.GetHostname(), s.GetAddress(), s.GetLogin(), s.GetReason()})
+		table.AddRow([]string{
+			s.GetSessionID(),
+			s.GetState().String(),
+			s.GetCreated().Format(time.RFC3339),
+			s.GetHostname(),
+			s.GetAddress(),
+			s.GetLogin(),
+			s.GetReason(),
+			strings.Join(s.GetCommand(), " "),
+		})
 	}
 
 	tableOutput := table.AsBuffer().String()

diff --git a/web/packages/teleport/src/Console/DocumentSsh/DocumentSsh.story.tsx b/web/packages/teleport/src/Console/DocumentSsh/DocumentSsh.story.tsx
@@ -100,4 +100,6 @@ const session: Session = {
   addr: '1.1.1.1:1111',
   participantModes: ['observer', 'moderator', 'peer'],
   moderated: false,
+  command:
+    'top -o command -o cpu -o boosts -o cycles -o cow -o user -o vsize -o csw -o threads -o ports -o ppid',
 };
diff --git a/web/packages/teleport/src/Sessions/SessionList/SessionList.tsx b/web/packages/teleport/src/Sessions/SessionList/SessionList.tsx
@@ -55,6 +55,10 @@ export default function SessionList(props: Props) {
           headerText: 'Users',
           render: renderUsersCell,
         },
+        {
+          key: 'command',
+          headerText: 'Command',
+        },
         {
           key: 'durationText',
           altSortKey: 'created',