They're hardly used; networks and clusters use pretty much fixed sets of rights
It makes other authentication mechanisms, most notably mTLS, harder: we just want to trust the client certificate with the callker's associated trust store. Putting rights in certificates as custom extensions will be non-standard. Mapping certificates to rights makes rotation challenging.
What is already there? What do you see now?
Rights are defined on the API level and cluster API keys as well as network API keys have rights associated.
What is missing? What do you want to see?
Simpliy remove the rights and simplify authorization to just cluster and network.
How do you propose to implement this?
Remove Right enum and reserve the fields that use it.
Can you do this yourself and submit a Pull Request?
Summary
Remove API key rights.
Why do we need this?
What is already there? What do you see now?
Rights are defined on the API level and cluster API keys as well as network API keys have rights associated.
What is missing? What do you want to see?
Simpliy remove the rights and simplify authorization to just cluster and network.
How do you propose to implement this?
Remove Right enum and reserve the fields that use it.
Can you do this yourself and submit a Pull Request?
Yes