keystone-manage should not care whether it's executed with sudo or not, it should only care about having the authorization to do what it needs. In this case, it appears that it should raise a more user-friendly exception if keystone.conf cannot be read.
keystone-manage should not care whether it's executed with sudo or not, it should only care about having the authorization to do what it needs. In this case, it appears that it should raise a more user-friendly exception if keystone.conf cannot be read.