From 4aee4e49d46128013490a1d83eb4419c6bd546a2 Mon Sep 17 00:00:00 2001
From: Marcel Levy <marcel@spirl.com>
Date: Wed, 11 Sep 2024 09:41:09 -0700
Subject: [PATCH] Remove -ttl from integration tests

---
 .../windows-service/04-create-registration-entries        | 2 +-
 .../04-create-registration-entries                        | 2 +-
 .../suites/admin-endpoints/05-create-registration-entries | 6 +++---
 test/integration/suites/agent-cli/07-check-api-watch      | 2 +-
 .../suites/debug-endpoints/04-create-registration-entries | 4 ++--
 .../delegatedidentity/04-create-registration-entries      | 4 ++--
 .../suites/downstream-endpoints/04-create-entries         | 4 ++--
 .../envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh    | 6 +++---
 .../suites/envoy-sds-v3/00-test-envoy-releases            | 4 ++--
 .../fetch-x509-svids/04-create-registration-entries       | 2 +-
 .../fetch-x509-svids/06-create-registration-entries       | 2 +-
 .../ghostunnel-federation/04-create-workload-entries      | 4 ++--
 .../suites/join-token/04-create-workload-entry            | 4 +++-
 .../02-create-intermediate-downstream-entries             | 4 ++--
 .../nested-rotation/04-create-leafA-downstream-entry      | 2 +-
 .../nested-rotation/07-create-leafB-downstream-entry      | 2 +-
 .../suites/nested-rotation/09-create-workload-entries     | 8 ++++----
 .../suites/node-attestation/04-test-x509pop-attestation   | 2 +-
 .../04-assert-jwks-using-workload-api                     | 3 ++-
 test/integration/suites/rotation/04-create-workload-entry | 2 +-
 test/integration/suites/spire-server-cli/03-entry         | 4 ++--
 test/integration/suites/upgrade/01-run-upgrade-tests      | 2 +-
 22 files changed, 39 insertions(+), 36 deletions(-)

diff --git a/test/integration/suites-windows/windows-service/04-create-registration-entries b/test/integration/suites-windows/windows-service/04-create-registration-entries
index 9aac6412ab6..506fe604625 100644
--- a/test/integration/suites-windows/windows-service/04-create-registration-entries
+++ b/test/integration/suites-windows/windows-service/04-create-registration-entries
@@ -7,6 +7,6 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "windows:user_name:User Manager\ContainerUser" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 assert-synced-entry "spiffe://domain.test/workload"
diff --git a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries
index 88de142502e..6edd0903cd8 100644
--- a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries
+++ b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries
@@ -6,7 +6,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "windows:user_name:User Manager\ContainerUser" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
diff --git a/test/integration/suites/admin-endpoints/05-create-registration-entries b/test/integration/suites/admin-endpoints/05-create-registration-entries
index abf06df863d..589304e608d 100755
--- a/test/integration/suites/admin-endpoints/05-create-registration-entries
+++ b/test/integration/suites/admin-endpoints/05-create-registration-entries
@@ -7,7 +7,7 @@ docker compose exec -T spire-server-a \
     -spiffeID "spiffe://domain-a.test/admin" \
     -selector "unix:uid:1001" \
     -admin \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin"
 
 log-debug "creating foreign admin registration entry..."
@@ -17,7 +17,7 @@ docker compose exec -T spire-server-b \
     -spiffeID "spiffe://domain-b.test/admin" \
     -selector "unix:uid:1003" \
     -federatesWith "spiffe://domain-a.test" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent-b" "spiffe://domain-b.test/admin"
 
 log-debug "creating regular registration entry..."
@@ -26,5 +26,5 @@ docker compose exec -T spire-server-a \
     -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain-a.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/workload"
diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch
index 47dc61f1fb2..c7846bbc932 100755
--- a/test/integration/suites/agent-cli/07-check-api-watch
+++ b/test/integration/suites/agent-cli/07-check-api-watch
@@ -8,7 +8,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload-$m" \
     -selector "unix:uid:1001" \
-    -ttl 20 &
+    -x509SVIDTTL 20 &
 
 # Get the PID of the last background process
 API_WATCH_PID=$!
diff --git a/test/integration/suites/debug-endpoints/04-create-registration-entries b/test/integration/suites/debug-endpoints/04-create-registration-entries
index 7eef854da04..33c41a9b150 100755
--- a/test/integration/suites/debug-endpoints/04-create-registration-entries
+++ b/test/integration/suites/debug-endpoints/04-create-registration-entries
@@ -7,7 +7,7 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/admin" \
     -selector "unix:uid:1001" \
     -admin \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"
 
 log-debug "creating regular registration entry..."
@@ -16,6 +16,6 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
diff --git a/test/integration/suites/delegatedidentity/04-create-registration-entries b/test/integration/suites/delegatedidentity/04-create-registration-entries
index 000c073069c..0ba8854c5c0 100755
--- a/test/integration/suites/delegatedidentity/04-create-registration-entries
+++ b/test/integration/suites/delegatedidentity/04-create-registration-entries
@@ -6,7 +6,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/authorized_delegate" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/authorized_delegate"
 
 log-debug "creating registration entry for workload..."
@@ -15,5 +15,5 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
diff --git a/test/integration/suites/downstream-endpoints/04-create-entries b/test/integration/suites/downstream-endpoints/04-create-entries
index a8c4dbd9bd7..29b4d56d7e1 100755
--- a/test/integration/suites/downstream-endpoints/04-create-entries
+++ b/test/integration/suites/downstream-endpoints/04-create-entries
@@ -7,7 +7,7 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/downstream" \
     -selector "unix:uid:1001" \
     -downstream \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/downstream"
 
 log-debug "creating workload registration entry..."
@@ -16,6 +16,6 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh
index d2d25109615..3492f51b7c5 100755
--- a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh
+++ b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh
@@ -59,7 +59,7 @@ setup-tests() {
         -spiffeID "spiffe://federated-domain.test/downstream-proxy" \
         -selector "unix:uid:0" \
         -federatesWith "spiffe://domain.test" \
-        -ttl 0
+        -x509SVIDTTL 0
     
     log-debug "creating registration entry for upstream proxy..."
     docker compose exec -T upstream-spire-server \
@@ -68,7 +68,7 @@ setup-tests() {
         -spiffeID "spiffe://domain.test/upstream-proxy" \
         -selector "unix:uid:0" \
         -federatesWith "spiffe://federated-domain.test" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     log-debug "creating registration entry for downstream proxy..."
     docker compose exec -T upstream-spire-server \
@@ -76,7 +76,7 @@ setup-tests() {
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream/agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/downstream-proxy" \
         -selector "unix:uid:0" \
-        -ttl 0
+        -x509SVIDTTL 0
 }
 
 test-envoy() {
diff --git a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases
index f2f2e29c880..9ab835901f3 100755
--- a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases
+++ b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases
@@ -20,7 +20,7 @@ setup-tests() {
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/upstream-agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/upstream-workload" \
         -selector "unix:uid:0" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     log-debug "creating registration entry for downstream workload..."
     docker compose exec -T spire-server \
@@ -28,7 +28,7 @@ setup-tests() {
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream-agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/downstream-workload" \
         -selector "unix:uid:0" \
-        -ttl 0
+        -x509SVIDTTL 0
 }
 
 test-envoy() {
diff --git a/test/integration/suites/fetch-x509-svids/04-create-registration-entries b/test/integration/suites/fetch-x509-svids/04-create-registration-entries
index 6a3d23b3db0..318b53162db 100755
--- a/test/integration/suites/fetch-x509-svids/04-create-registration-entries
+++ b/test/integration/suites/fetch-x509-svids/04-create-registration-entries
@@ -10,7 +10,7 @@ for ((m=1;m<=$SIZE;m++)); do
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload-$m" \
     -selector "unix:uid:1001" \
-    -ttl 0 &
+    -x509SVIDTTL 0 &
 done
 
 for ((m=1;m<=$SIZE;m++)); do
diff --git a/test/integration/suites/fetch-x509-svids/06-create-registration-entries b/test/integration/suites/fetch-x509-svids/06-create-registration-entries
index 05ed54b1ac3..cb0f9333d60 100755
--- a/test/integration/suites/fetch-x509-svids/06-create-registration-entries
+++ b/test/integration/suites/fetch-x509-svids/06-create-registration-entries
@@ -10,7 +10,7 @@ for ((m=1;m<=$SIZE;m++)); do
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload/$m" \
     -selector "unix:uid:1002" \
-    -ttl 0 &
+    -x509SVIDTTL 0 &
 done
 
 for ((m=1;m<=$SIZE;m++)); do
diff --git a/test/integration/suites/ghostunnel-federation/04-create-workload-entries b/test/integration/suites/ghostunnel-federation/04-create-workload-entries
index 95f293e1005..00cc5b73428 100755
--- a/test/integration/suites/ghostunnel-federation/04-create-workload-entries
+++ b/test/integration/suites/ghostunnel-federation/04-create-workload-entries
@@ -9,7 +9,7 @@ docker compose exec -T downstream-spire-server \
     -spiffeID "spiffe://downstream-domain.test/downstream-workload" \
     -selector "unix:uid:0" \
     -federatesWith "spiffe://upstream-domain.test" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 log-debug "creating registration entry for upstream workload..."
 docker compose exec -T upstream-spire-server \
@@ -18,4 +18,4 @@ docker compose exec -T upstream-spire-server \
     -spiffeID "spiffe://upstream-domain.test/upstream-workload" \
     -selector "unix:uid:0" \
     -federatesWith "spiffe://downstream-domain.test" \
-    -ttl 0
+    -x509SVIDTTL 0
diff --git a/test/integration/suites/join-token/04-create-workload-entry b/test/integration/suites/join-token/04-create-workload-entry
index c945899c4dc..a1d3b31555b 100755
--- a/test/integration/suites/join-token/04-create-workload-entry
+++ b/test/integration/suites/join-token/04-create-workload-entry
@@ -6,7 +6,9 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/node" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:0" \
-    -ttl 0
+    -x509SVIDTTL 0 \
+    -jwtSVIDTTL 0
+
 
 # Check at most 30 times (with one second in between) that the agent has
 # successfully synced down the workload entry.
diff --git a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries
index d5f5ed2bf68..3f4b496638b 100755
--- a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries
+++ b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries
@@ -7,7 +7,7 @@ docker compose exec -T root-server \
     -spiffeID "spiffe://domain.test/intermediateA" \
     -selector "docker:label:org.integration.name:intermediateA" \
     -downstream \
-    -ttl 3600
+    -x509SVIDTTL 3600
 check-synced-entry "root-agent" "spiffe://domain.test/intermediateA"
 
 log-debug "creating intermediateB downstream registration entry..."
@@ -17,5 +17,5 @@ docker compose exec -T root-server \
     -spiffeID "spiffe://domain.test/intermediateB" \
     -selector "docker:label:org.integration.name:intermediateB" \
     -downstream \
-    -ttl 3600
+    -x509SVIDTTL 3600
 check-synced-entry "root-agent" "spiffe://domain.test/intermediateB"
diff --git a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry
index 60b22ee3cb2..61d0b78b6f5 100755
--- a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry
+++ b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry
@@ -8,6 +8,6 @@ docker compose exec -T intermediateA-server \
     -spiffeID "spiffe://domain.test/leafA" \
     -selector "docker:label:org.integration.name:leafA" \
     -downstream \
-    -ttl 90
+    -x509SVIDTTL 90
 
 check-synced-entry "intermediateA-agent" "spiffe://domain.test/leafA"
diff --git a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry
index ec419c107ff..2054bfec051 100755
--- a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry
+++ b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry
@@ -8,6 +8,6 @@ docker compose exec -T intermediateB-server \
     -spiffeID "spiffe://domain.test/leafB" \
     -selector "docker:label:org.integration.name:leafB" \
     -downstream \
-    -ttl 90
+    -x509SVIDTTL 90
 
 check-synced-entry "intermediateB-agent" "spiffe://domain.test/leafB"
diff --git a/test/integration/suites/nested-rotation/09-create-workload-entries b/test/integration/suites/nested-rotation/09-create-workload-entries
index c6061b977d7..c80851e22dc 100755
--- a/test/integration/suites/nested-rotation/09-create-workload-entries
+++ b/test/integration/suites/nested-rotation/09-create-workload-entries
@@ -6,7 +6,7 @@ docker compose exec -T intermediateA-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/intermediateA/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "intermediateA-agent" "spiffe://domain.test/intermediateA/workload"
 
 log-debug "creating leafA workload registration entry..."
@@ -15,7 +15,7 @@ docker compose exec -T leafA-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/leafA/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "leafA-agent" "spiffe://domain.test/leafA/workload"
 
 log-debug "creating intermediateB workload registration entry..."
@@ -24,7 +24,7 @@ docker compose exec -T intermediateB-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/intermediateB/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "intermediateB-agent" "spiffe://domain.test/intermediateB/workload"
 
 log-debug "creating leafB workload registration entry..."
@@ -33,5 +33,5 @@ docker compose exec -T leafB-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/leafB/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "leafB-agent" "spiffe://domain.test/leafB/workload"
diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation
index 32f3230bfd7..79ad304327e 100755
--- a/test/integration/suites/node-attestation/04-test-x509pop-attestation
+++ b/test/integration/suites/node-attestation/04-test-x509pop-attestation
@@ -7,7 +7,7 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/admin" \
     -selector "unix:uid:1000" \
     -admin \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"
 
 log-debug "running x509pop test..."
diff --git a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api
index c0ec626ddfc..64953a7a80a 100755
--- a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api
+++ b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api
@@ -10,7 +10,8 @@ docker compose exec -T spire-server \
   -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
   -spiffeID "spiffe://domain.test/oidc-provider" \
   -selector "docker:label:org.integration.name:oidc-discovery-provider" \
-  -ttl 0
+  -x509SVIDTTL 0 \
+  -jwtSVIDTTL 0
 
 check-synced-entry "spire-agent" "spiffe://domain.test/oidc-provider"
 
diff --git a/test/integration/suites/rotation/04-create-workload-entry b/test/integration/suites/rotation/04-create-workload-entry
index 784ca9c291e..31e36c8c664 100755
--- a/test/integration/suites/rotation/04-create-workload-entry
+++ b/test/integration/suites/rotation/04-create-workload-entry
@@ -6,7 +6,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:0" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 # Check at most 30 times (with one second in between) that the agent has
 # successfully synced down the workload entry.
diff --git a/test/integration/suites/spire-server-cli/03-entry b/test/integration/suites/spire-server-cli/03-entry
index 5e7288d250a..a7a490475c5 100755
--- a/test/integration/suites/spire-server-cli/03-entry
+++ b/test/integration/suites/spire-server-cli/03-entry
@@ -33,7 +33,7 @@ docker compose exec -T spire-server \
         -spiffeID spiffe://domain.test/otherChild \
         -node \
         -dns dnsname1 \
-        -ttl 123 || fail-now "failed to create entry 3"
+        -x509SVIDTTL 123 || fail-now "failed to create entry 3"
 
 # Verify entry count correctly indicates three entries
 docker compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 3 || fail-now "failed to count 3 entries"
@@ -139,7 +139,7 @@ docker compose exec -T spire-server \
         -parentID spiffe://domain.test/parent \
         -spiffeID spiffe://domain.test/child1 \
         -federatesWith spiffe://federated1.test \
-        -ttl 456 || fail-now "failed to update entry 1"
+        -x509SVIDTTL 456 || fail-now "failed to update entry 1"
 
 docker compose exec -T spire-server \
 	/opt/spire/bin/spire-server entry update \
diff --git a/test/integration/suites/upgrade/01-run-upgrade-tests b/test/integration/suites/upgrade/01-run-upgrade-tests
index 8909633391d..d51d3a16962 100755
--- a/test/integration/suites/upgrade/01-run-upgrade-tests
+++ b/test/integration/suites/upgrade/01-run-upgrade-tests
@@ -41,7 +41,7 @@ create-registration-entry() {
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/workload" \
         -selector "unix:uid:${UID}" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     # Check at most 30 times (with one second in between) that the agent has
     # successfully synced down the workload entry.