Support user deletion

[begelundmuller]

Proposed changes:

1. Add an RPC on the AdminService for deleting a user
   • Normal users should only be able to delete their own user
   • Superusers should be allowed to delete any user
2. Handle the case where the user being deleted is the only remaining admin of an org
   • Error if the org has other members
   • If the org has no other members, it should tear down the org and all its projects
3. Add a command rill sudo user remove <email> that superusers can use to invoke the RPC to delete any user

See this Slack thread for context.

[grahamplata]

Proposed changes:

• Add an RPC on the AdminService for deleting a user
  • Normal users should only be able to delete their own user
  • Superusers should be allowed to delete any user
• Add a command rill sudo user remove that superusers can use to invoke the RPC to delete any user
• Handle the case where the user being deleted is the only remaining admin of an org
  • Error if the org has other members
  • If the org has no other members, it should tear down the org and all its projects

[grahamplata]

If the org has no other members, it should tear down the org and all its projects

For the above I think it could be better handled as an error and subsequent flow. ~

cc @begelundmuller

[begelundmuller]

For the above I think it could be better handled as an error and subsequent flow. ~

What do you mean by a subsequent flow?

But I'm definitely open to doing it outside the RPC, e.g. by kicking off an async job or having a periodic background job that cleans up orphaned orgs/projects. But I also don't mind if you prefer to do it sync in the RPC as long as the implementation is idempotent/retryable (slowness is okay since user deletion isn't going to happen very often).

[grahamplata]

"slowness is okay since user deletion isn't going to happen very often"

That was where the thought was coming from.

Knowing that I'll do it within the RPC