remove mentions of the error-ignoring list option

keps/sig-auth/3926-handling-undecryptable-resources/README.md

@@ -85,7 +85,6 @@ tags, and then generate with `hack/update-toc.sh`.
 - [Proposal](#proposal)
   - [User Stories (Optional)](#user-stories-optional)
     - [Story 1](#story-1)
-    - [Story 2](#story-2)
   - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Design Details](#design-details)
@@ -187,10 +186,9 @@ the resource instances is accessible.
 Currently, removing a resource that causes such failures is not possible.
 A cluster administrator must access etcd directly and remove the malformed data manually.
 
-This KEP proposes a way to decrease the blast radius when an undecryptable resource
-is present in a cluster, and proposes a new delete option to completely ignore
-any storage checks in order to be able to delete a failing resource by using just
-Kubernetes API.
+This KEP proposes a way to identify resources that fail to decrypt, and introduces
+a new delete option to completely ignore any storage checks in order to be able
+to delete such a failing resource by using just Kubernetes API.
 
 ## Motivation
 
@@ -209,10 +207,9 @@ demonstrate the interest in a KEP within the wider Kubernetes community.
 List the specific goals of the KEP. What is it trying to achieve? How will we
 know that this has succeeded?
 -->
-- find a way to list objects of a resource type where at least one object cannot
-  be properly decrypted
 - provide a way to identify objects that failed decryption
-- provide an option to delete a resource independently of its contents
+- provide an option to delete a resource independently of its contents, if those
+  cannot be reached due to data transformation
 
 ### Non-Goals
 
@@ -233,13 +230,12 @@ The "Design Details" section below is for the real
 nitty-gritty.
 -->
 
-Introduce a new `ListOption` that would allow the caller to ignore transformation
-errors while retrieving a list of resource instances, and introduce a new `DeleteOption`
-to completely ignore the context of a resource instance while deleting it.
-
 Improve resource retrieval errors to include more information about the object that
 failed transformation while it was being retrieved from the storage.
 
+Introduce a new `DeleteOption` that would allow deleting a resource even
+if we cannot retrieve its data.
+
 ### User Stories (Optional)
 
 <!--
@@ -256,12 +252,6 @@ with it. I know that these will either be recreated by a controller, or I can
 manually recreate them. I would like a simple way to figure out which resources
 fail decryption and I would like a way to remove them via Kubernetes API.
 
-#### Story 2
-
-I am a Kubernetes controller and I inject content into resources throughout the
-cluster. I don't want to be forced to break in case some instances of a given
-resource type are unreadable.
-
 ### Notes/Constraints/Caveats (Optional)
 
 <!--
@@ -287,7 +277,7 @@ How will UX be reviewed, and by whom?
 
 Consider including folks who also work outside the SIG or subproject.
 -->
-Make sure that a user that tries to perform an unconditional delete is well
+We need to make sure that a user that tries to perform an unconditional delete is well
 informed about the impact of what they are doing. This should be handled
 by one or more prompts from the `kubectl` client. In case of a plain HTTP DELETE
 request, at least issue a warning about what the impact of the action might be.
@@ -342,23 +332,7 @@ a new status should be introduced - `StatusReasonStoreReadError`.
 ```
 
 This error will also include full paths to the resources that cannot be read in
-the unstructured, human-readable message.
-
-With this error, a new `ListOption` can be introduced - `IgnoreStorageReadError`.
-
-```go
-type ListOptions struct {
-  ...
-  // IgnoreStorageReadError ignores errors that might occur during reading a
-  // resource from the storage backend. Instead, the message of that error gets
-  // transformed into a warning.
-  // +optional
-  IgnoreStorageReadError bool
-}
-```
-
-This option allows the caller to ignore the resources that failed transformation
-and still retrieve the list of resources that remain readable.
+an unstructured, human-readable message.
 
 
 #### Deleting a failing resource