Allow the SPIFFE Workload API endpoint to be provided using

`--workload-api-addr`

Signed-off-by: Noah Stride <noah.stride@goteleport.com>

Author: strideynet

cmd/main.go

@@ -61,14 +61,18 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
 		sessionDuration int
 		trustAnchorARN  string
 		roleSessionName string
+		workloadAPIAddr string
 	)
 	cmd := &cobra.Command{
 		Use:   "x509-credential-process",
 		Short: "TODO", // TODO(strideynet): Helpful, short description.
 		Long:  `TODO`, // TODO(strideynet): Helpful, long description.
 		RunE: func(cmd *cobra.Command, args []string) error {
 			ctx := cmd.Context()
-			client, err := workloadapi.New(ctx) // TODO(strideynet): Ability to configure workload api endpoint with flag
+			client, err := workloadapi.New(
+				ctx,
+				workloadapi.WithAddr(workloadAPIAddr),
+			)
 			if err != nil {
 				return fmt.Errorf("creating workload api client: %w", err)
 			}
@@ -137,5 +141,6 @@ func newX509CredentialProcessCmd() (*cobra.Command, error) {
 		return nil, fmt.Errorf("marking trust-anchor-arn flag as required: %w", err)
 	}
 	cmd.Flags().StringVar(&roleSessionName, "role-session-name", "", "The identifier for the role session. Optional.")
+	cmd.Flags().StringVar(&workloadAPIAddr, "workload-api-addr", "", "Overrides the address of the Workload API endpoint that will be use to fetch the X509 SVID. If unspecified, the value from the SPIFFE_ENDPOINT_SOCKET environment variable will be used.")
 	return cmd, nil
 }