address comments kubernetes#2, remove trailing whitespaces

Author: stlaz

keps/sig-auth/3926-handling-undecryptable-resources/README.md

@@ -136,10 +136,10 @@ Items marked with (R) are required *prior to targeting to a milestone / release*
 - [ ] (R) Design details are appropriately documented
 - [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
   - [ ] e2e Tests for all Beta API Operations (endpoints)
-  - [ ] (R) Ensure GA e2e tests meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+  - [ ] (R) Ensure GA e2e tests meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md)
   - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
 - [ ] (R) Graduation criteria is in place
-  - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+  - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md)
 - [ ] (R) Production readiness review completed
 - [ ] (R) Production readiness review approved
 - [ ] "Implementation History" section is up-to-date for milestone
@@ -175,8 +175,8 @@ updates.
 
 [documentation style guide]: https://github.com/kubernetes/community/blob/master/contributors/guide/style-guide.md
 -->
-Encryption at rest has been a stable Kubernetes for a long time. Every now and
-then there had been cases where, be it by improper handling or external system
+Encryption at rest for API resources has been a stable part of Kubernetes for a long time.
+Every now and then there had been cases where, be it by improper handling or external system
 failures, the cluster encryption got into a broken state.
 
 If a single object of a resource type cannot be decrypted, listing resources of that
@@ -254,6 +254,12 @@ with it. I know that these will either be recreated by a controller, or I can
 manually recreate them. I would like a simple way to figure out which resources
 fail decryption and I would like a way to remove them via Kubernetes API.
 
+#### Story 2
+
+I would like to remove a namespace I no longer need.  However, some of the resources
+inside of the namespace were encrypted before the encryption at
+rest configuration broke, which blocks a successful namespace delete.
+
 ### Notes/Constraints/Caveats (Optional)
 
 <!--
@@ -323,7 +329,7 @@ a new status should be introduced - `StatusReasonStoreReadError`.
   // Details:
   //   "kind" string - the kind attribute of the resource being acted on.
   //   "name" string - the prefix where the reading error(s) occurred
-  //   "causes" []StatusCause 
+  //   "causes" []StatusCause
   //      - (optional):
   //        - "type" CauseType - CauseTypeUnexpectedServerResponse
   //        - "message" string - the error message from the store backend
@@ -710,10 +716,10 @@ Recall that end users cannot usually observe component logs or access metrics.
 -->
 
 - [ ] Events
-  - Event Reason: 
+  - Event Reason:
 - [ ] API .status
-  - Condition name: 
-  - Other field: 
+  - Condition name:
+  - Other field:
 - [ ] Other (treat as last resort)
   - Details:
 

keps/sig-auth/3926-handling-undecryptable-resources/kep.yaml

@@ -1,19 +1,18 @@
 title: Handling undecryptable resources
 kep-number: 3926
 authors:
-  - "@jane.doe"
+  - "@stlaz"
 owning-sig: sig-auth
 participating-sigs:
   - sig-auth
   - sig-api
 status: provisional
 creation-date: 2023-03-27
 reviewers:
-  - TBD
-  - "@alice.doe"
+  - "@liggit"
+  - "@deads2k"
 approvers:
   - TBD
-  - "@oscar.doe"
 
 see-also:
   -