Skip the cert validator if the csr we are passed in is a valid filename

The validator will still fire, just after the load_files() call. Basically
it will hit the validator twice. The first time it will exit because the
value of csr is a filename. The second time it will run the validator against
the contents of the file.

ticket https://fedorahosted.org/freeipa/ticket/1777

API.txt

@@ -420,7 +420,7 @@ arg: Str('serial_number', validate_serial_number, label=Gettext('Serial number',
 output: Output('result', None, None)
 command: cert_request
 args: 1,3,1
-arg: File('csr', validate_csr, cli_name='csr_file', normalizer=normalize_csr)
+arg: File('csr', validate_csr, cli_name='csr_file', label=Gettext('CSR', domain='ipa', localedir=None), normalizer=normalize_csr)
 option: Str('principal', label=Gettext('Principal', domain='ipa', localedir=None))
 option: Str('request_type', autofill=True, default=u'pkcs10')
 option: Flag('add', autofill=True, default=False)

ipalib/plugins/cert.py

@@ -23,6 +23,7 @@ from ipalib import api, SkipPluginModule
 if api.env.enable_ra is not True:
     # In this case, abort loading this plugin module...
     raise SkipPluginModule(reason='env.enable_ra is not True')
+import os
 from ipalib import Command, Str, Int, Bytes, Flag, File
 from ipalib import errors
 from ipalib import pkcs10
@@ -129,6 +130,11 @@ def validate_csr(ugettext, csr):
     Ensure the CSR is base64-encoded and can be decoded by our PKCS#10
     parser.
     """
+    if api.env.context == 'cli':
+        # If we are passed in a pointer to a valid file on the client side
+        # escape and let the load_files() handle things
+        if csr and os.path.exists(csr):
+            return
     try:
         request = pkcs10.load_certificate_request(csr)
     except TypeError, e:
@@ -203,6 +209,7 @@ class cert_request(VirtualCommand):
 
     takes_args = (
         File('csr', validate_csr,
+            label=_('CSR'),
             cli_name='csr_file',
             normalizer=normalize_csr,
         ),