6 files changed, 84 insertions, 10 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java
index b6524deb4d1..5ebea6c8d87 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java
@@ -1,5 +1,6 @@
 package com.yahoo.vespa.hosted.controller.api.integration.stubs;
 
+import com.yahoo.vespa.hosted.controller.api.integration.user.User;
 import com.yahoo.vespa.hosted.controller.api.integration.user.UserId;
 import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement;
 import com.yahoo.vespa.hosted.controller.api.role.Role;
@@ -10,13 +11,14 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * @author jonmv
  */
 public class MockUserManagement implements UserManagement {
 
-    private final Map<Role, Set<UserId>> memberships = new HashMap<>();
+    private final Map<Role, Set<User>> memberships = new HashMap<>();
 
     @Override
     public void createRole(Role role) {
@@ -33,7 +35,10 @@ public class MockUserManagement implements UserManagement {
 
     @Override
     public void addUsers(Role role, Collection<UserId> users) {
-        memberships.get(role).addAll(users);
+        List<User> userObjs = users.stream()
+                                   .map(id -> new User(id.value(), id.value(), null, null))
+                                   .collect(Collectors.toList());
+        memberships.get(role).addAll(userObjs);
     }
 
     @Override
@@ -42,7 +47,7 @@ public class MockUserManagement implements UserManagement {
     }
 
     @Override
-    public List<UserId> listUsers(Role role) {
+    public List<User> listUsers(Role role) {
         return List.copyOf(memberships.get(role));
     }
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/User.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/User.java
new file mode 100644
index 00000000000..35dcd54799b
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/User.java
@@ -0,0 +1,53 @@
+package com.yahoo.vespa.hosted.controller.api.integration.user;
+
+import java.util.Objects;
+
+public class User {
+
+    private final String name;
+    private final String email;
+    private final String nickname;
+    private final String picture;
+
+    public User(String email, String name, String nickname, String picture) {
+        Objects.requireNonNull(email);
+        Objects.requireNonNull(name);
+
+        this.name = name;
+        this.email = email;
+        this.nickname = nickname;
+        this.picture = picture;
+    }
+
+    public String name() {
+        return name;
+    }
+
+    public String email() {
+        return email;
+    }
+
+    public String nickname() {
+        return nickname;
+    }
+
+    public String picture() {
+        return picture;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        User user = (User) o;
+        return Objects.equals(name, user.name) &&
+                Objects.equals(email, user.email) &&
+                Objects.equals(nickname, user.nickname) &&
+                Objects.equals(picture, user.picture);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(name, email, nickname, picture);
+    }
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java
index ff25e779d30..f56a9f66288 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java
@@ -25,6 +25,6 @@ public interface UserManagement {
     void removeUsers(Role role, Collection<UserId> users);
 
     /** Returns all users in the given role, or throws if the role does not exist. */
-    List<UserId> listUsers(Role role);
+    List<User> listUsers(Role role);
 
 }
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
index 7a76f13392d..c32ab6726e9 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
@@ -14,6 +14,7 @@ import com.yahoo.slime.Inspector;
 import com.yahoo.slime.Slime;
 import com.yahoo.vespa.config.SlimeUtils;
 import com.yahoo.vespa.hosted.controller.api.integration.user.Roles;
+import com.yahoo.vespa.hosted.controller.api.integration.user.User;
 import com.yahoo.vespa.hosted.controller.api.integration.user.UserId;
 import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement;
 import com.yahoo.vespa.hosted.controller.api.role.Role;
@@ -129,11 +130,11 @@ public class UserApiHandler extends LoggingRequestHandler {
         for (Role role : roles)
             rolesArray.addString(valueOf(role));
 
-        Map<UserId, List<Role>> memberships = new LinkedHashMap<>();
+        Map<User, List<Role>> memberships = new LinkedHashMap<>();
         List<Role> allRoles = new ArrayList<>(superRoles); // Membership in a super role may imply membership in a role.
         allRoles.addAll(roles);
         for (Role role : allRoles)
-            for (UserId user : users.listUsers(role)) {
+            for (User user : users.listUsers(role)) {
                 memberships.putIfAbsent(user, new ArrayList<>());
                 memberships.get(user).add(role);
             }
@@ -141,7 +142,15 @@ public class UserApiHandler extends LoggingRequestHandler {
         Cursor usersArray = root.setArray("users");
         memberships.forEach((user, userRoles) -> {
             Cursor userObject = usersArray.addObject();
-            userObject.setString("name", user.value());
+            userObject.setString("name", user.name());
+            userObject.setString("email", user.email());
+            if (user.nickname() != null) {
+                userObject.setString("nickname", user.nickname());
+            }
+            if (user.picture()!= null) {
+                userObject.setString("picture", user.picture());
+            }
+
             Cursor rolesObject = userObject.setObject("roles");
             for (Role role : roles) {
                 Cursor roleObject = rolesObject.setObject(valueOf(role));
@@ -174,12 +183,14 @@ public class UserApiHandler extends LoggingRequestHandler {
         String roleName = require("roleName", Inspector::asString, requestObject);
         UserId user = new UserId(require("user", Inspector::asString, requestObject));
         Role role = Roles.toRole(TenantName.from(tenantName), roleName);
-        if (   role.definition() == RoleDefinition.tenantOwner
-            && users.listUsers(role).equals(List.of(user)))
+        List<User> currentUsers = users.listUsers(role);
+        if (role.definition() == RoleDefinition.tenantOwner
+                && currentUsers.size() == 1
+                && currentUsers.get(0).email().equals(user.value()))
             throw new IllegalArgumentException("Can't remove the last owner of a tenant.");
 
         users.removeUsers(role, List.of(user));
-        return new MessageResponse(user + " is no longer a member of " + role);
+        return new MessageResponse(user+" is no longer a member of "+role);
     }
 
     private HttpResponse removeApplicationRoleMember(String tenantName, String applicationName, HttpRequest request) {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json
index 45a5df5f6ce..e23ab918135 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json
@@ -10,6 +10,7 @@
   "users": [
     {
       "name": "owner@tenant",
+      "email":"owner@tenant",
       "roles": {
         "applicationAdmin": {
           "explicit": false,
@@ -31,6 +32,7 @@
     },
     {
       "name": "operator@tenant",
+      "email":"operator@tenant",
       "roles": {
         "applicationAdmin": {
           "explicit": true,
@@ -52,6 +54,7 @@
     },
     {
       "name": "reader@app",
+      "email":"reader@app",
       "roles": {
         "applicationAdmin": {
           "explicit": false,
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json
index 74e5196db6e..fa528fe2ab7 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json
@@ -8,6 +8,7 @@
   "users": [
     {
       "name": "owner@tenant",
+      "email":"owner@tenant",
       "roles": {
         "tenantOwner": {
           "explicit": true,
@@ -25,6 +26,7 @@
     },
     {
       "name": "operator@tenant",
+      "email":"operator@tenant",
       "roles": {
         "tenantOwner": {
           "explicit": false,