sers under account {{.AccountId}}.
{{.ErrorMessage}}Retrieving information of the account {{.Name}} as {{.UserText}}...Failed to get details of account group {{.Name}}.
{{.ErrorMessage}}Moving account {{.NameOrID}} under {{.Parent}} as {{.UserEmail}}...${COMMAND_NAME} iam trusted-profile-assignment-delete ASSIGNMENT_IDList all links to compute resources for a specified trusted profileNo content to update. Specify at least one attribute to be updated.A size or tier value must be given to modify this endurance volume.tls: server sent certificate containing RSA key larger than %d bitstls: client sent certificate containing RSA key larger than %d bitsPolicy {{.PolicyID}} does not belong to access group {{.GroupName}}startAt must align to the start of a valid rune in the input string^cubic-bezier\(([ ]*(0(.[0-9]+)?|1(.0)?),){3}[ ]*(0(.[0-9]+)?|1)\)$reflect: reflect.Value.UnsafePointer on an invalid notinheap pointerhttps://download.clis.test.cloud.ibm.com/mod/message-of-the-day.jsonYou cannot switch accounts, there is only one account for this user.User {{.UserName}} is not found under current account {{.AccountID}}Failed to find flag %q and mark it as being required in a flag group${COMMAND_NAME} iam oauth-tokens [-o, --output FORMAT] [-q, --quiet]Show the latest authentication timestamp and an authentication count${COMMAND_NAME} plugin list [-c] [-o, --output FORMAT] [-q, --quiet]Do you really want to delete all tags not attached to any resources?Service instance {{.Name}} with ID {{.ID}} is cancelled successfullyAllThreadsSyscall6 results differ between threads; runtime corruptedpadding bytes must all be zeros unless AllowIllegalWrites is enabledhttp2: Transport conn %p received error from processing frame %v: %vhttp2: Transport received unsolicited DATA frame; closing connectionhttp: message cannot contain multiple Content-Length headers; got %qcan not look up shorthand which is more than one ASCII character: %qNotification type, one of 'unplanned_events', 'planned_maintenance'.${COMMAND_NAME} iam trusted-profile-template-create --file JSON_FILEtls: internal error: sending non-handshake message to QUIC transportgo package net: cgo resolver not supported; using Go's DNS resolver
big: invalid 2nd argument to Int.Jacobi: need odd integer but got %sGetting all {{.Type}} policies under {{.Scope}} as {{.UserEmail}}...2695994666715063979466701508701963067355791626002630814351006629888126959946667150639794667015087019625940457807714424391721682722368061crypto/hmac: hash generation function does not produce unique valuesembedded IPv4 address must replace the final 2 fields of the address(?:\$\s*[a-z]\b|\$(?!(?:_*[a-z]\w*|_+[0-9]\w*|_*[A-Z]\w*|_+|\$\w+)))<svg width="%dpx" height="%dpx" xmlns="http://www.w3.org/2000/svg">
reflect: embedded interface with unexported method(s) not implementedService ID {{.NameorID}} has already been unlocked, cancel operation.Invalid is-reclaimed provided. Valid options are: true | false | any.http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)%s matches more methods than %s, but has a more specific path pattern%s matches fewer methods than %s, but has a more general path patternhttps://pipeline-ui.%s.devops.test.cloud.ibm.com/devops/pipelines/apiRetrieving accounts of {{.UserEmail}} excluding states {{.States}}...User {{.UserId}} was successfully removed from account {{.AccountId}}Creating template {{.Template}} version under account {{.Account}}...${COMMAND_NAME} (PROFILE_NAME|PROFILE_ID) [-f, --force] [-q, --quiet]A size or IOPS value must be given to modify this performance volume.Could not find valid price for dedicated host with size= {{.KeyName}}tls: peer doesn't support the certificate custom signature algorithmstls: handshake message of length %d bytes exceeds maximum of %d bytestls: client certificate contains an unsupported public key of type %TList all subscriptions under account {{.Account}} as {{.UserText}}...Create an access policy for the specified user in the current accountUpdate an access policy for the specified user in the current accounttoo many hex fields to fit an embedded IPv4 at the end of the addressedwards25519: internal error: setShortBytes called with a long string(?<=[$@%&]?\w[\w':-]* +)(<=?)( *[^ ]+? *)(>=?)(?= *[$@%&]?\w[\w':-]*)Create duplicate of existing entry, with ability to change key fields.https://download.clis.test.cloud.ibm.com/ibm-cloud-cli-plugin-metadataBypass SSL validation of HTTP requests. This option is not recommendedCredentials were rejected.
Code: {{.ErrorCode}}, message: {{.Message}}======================================================================----------------------------------------------------------------------Role {{.RoleName}} was not found. Valid roles are {{.SupportedRoles}}.Type of the service endpoint. Possible values are 'public', 'private'.bytes.Buffer: UnreadByte: previous operation was not a successful readsync/atomic: compare and swap of inconsistently typed value into Valuegot %s for stream %d; expected CONTINUATION following %s for stream %dMake a service ID with an API Key in the child account that is createdSuccessfully deleted account group {{.Name}} with ID {{.AccountGroup}}Retrieving information of the belonging enterprise as {{.UserText}}...List versions of an account settings template in an enterprise accountShow details of an authorization policy template under current accountReally delete identity {{.IDENTITYNAME}} of trusted profile {{.NAME}}?This volume is set for cancellation; unable to order replicant volume.Failed to update the user data of virtual server instance: {{.VsId}}.
'--account-management' is exclusive with other policy definition flagsx509: PKCS#8 wrapping contained private key with unknown algorithm: %vx509: certificate relies on legacy Common Name field, use SANs instead
  {{.Name}} command [arguments...] [command options]
{{if .Commands}}
Changing the owner of an object. Email or Account GUIDs are acceptable.
   {{.Usage}}
{{with .UsageText}}
{{.}}{{end}}
{{with .VisibleFlags}}
Bypass SSL validation of HTTP requests. This option is not recommended.SoftLayer_Exception_User_Customer_External_Binding_SecurityCodeRequiredMultiple {{.ModelType}} with the same name '{{.ModelName}}' were found.if any flags in the group [%v] are set they must all be set; missing %v======================================================================
Please preserve the API key! It cannot be retrieved after it's created.Retrieving all users of access group {{.GroupName}} as {{.UserName}}...Update '{{.OldName}} {{.OldVersion}}' to '{{.NewName}} {{.NewVersion}}'${COMMAND_NAME} resource tag-create --tag-names TAG_NAME1,TAG_NAME2,...${COMMAND_NAME} resource quota NAME [-o, --output FORMAT] [-q, --quiet]https://ibm-cloud-cli.s3.direct.us.cloud-object-storage.appdomain.cloudPlug-in '{{.Plugin}}' has no compatible versions in range '{{.Range}}'.too many concurrent operations on a single file or socket (max 1048575)json: invalid use of ,string struct tag, trying to unmarshal %q into %vinternal error: attempt to send frame on a half-closed-local stream: %vexec: command with a non-nil Cancel was not created with CommandContextEnable or disable service endpoints connectivity for softlayer account.Name of the service, only list platform defined roles if not specified.Failed to update the public network speed of hardware server: {{.ID}}.
tls: peer doesn't support any of the certificate's signature algorithmsdynamic table size update MUST occur at the beginning of a header block${COMMAND_FULL_NAME} RECLAMATION_ID [-o, --output FORMAT] [-q, --quiet]x509: issuer has name constraints but leaf doesn't have a SAN extensionunmarshal: TOML array length (%v) exceeds destination array length (%v)UsingByGroup expects number of emitters to be the same as len(groups)-1(?<!(#|\'|"))(?:#(?!(?:[a-fA-F0-9]{6}|[a-fA-F0-9]{3}))[^\n#]+|//[^\n]*)reflect: embedded type with methods not implemented for non-pointer typeGet List of all services for which this account is currently blacklistedGet List of all services for which this account is currently blocklistedGet the visibility for a catalog entry(catalog admin of an account only)Unsupported kind {{.InvalidKind}}. The valid inputs are: {{.ValidKinds}}Enable or disable version check when setting API endpoint or logging in.cannot specify account ID(-c) when authenticating as a compute resource.cannot specify (--no-account) when authenticating as a compute resource.{{with .Name}}{{printf "%s " .}}{{end}}{{printf "version %s" .Version}}
Failed to find flag %q and mark it as being in a one-required flag group${COMMAND_NAME} iam api-key-lock (NAME|UUID) [-f, --force] [-q, --quiet]Creating service ID {{.Name}} bound to {{.BoundTo}} as {{.UserEmail}}...Plug-in repo named '{{.RepoName}}' already exists. Try a different name.Comma separated list of tag names or "*" for detach all tags of resourcehttps://ibm-cloud-cli.s3.private.us.cloud-object-storage.appdomain.cloud${COMMAND_NAME} iam authorization-policy-assignment-delete ASSIGNMENT_IDFailed to update the private network speed of hardware server: {{.ID}}.
The original volume has been cancelled, unable to order duplicate volumeclient doesn't support any cipher suites compatible with the certificatetls: server's certificate contains an unsupported type of public key: %Ttls: certificate private key of type %T does not implement crypto.Signer(?i)^[ ]{0,3}<(script|pre|style|textarea)(?:\s.*|>.*|/>.*|)(?:\r\n|\n)?$${COMMAND_FULL_NAME} SUBSCRIPTION_ID [-o, --output FORMAT] [-q, --quiet]crypto/ecdh: internal error: nistec ScalarBaseMult returned the identity^(=+|-+|`+|:+|\.+|\'+|"+|~+|\^+|_+|\*+|\++|#+)([ \t]*\n)(.+)(\n)(\1)(\n)^[\-]*[0-9]+[cm|mm|in|px|pt|pc\%]* [[\-]*[0-9]+[cm|mm|in|px|pt|pc\%]*]*$${BINARY_NAME} service-marketplace [--cf] [--rc] [--global] [-q, --quiet]The provided password is expired.
To reset your password, visit {{.URL}}.Whether to create and return credentials, but not store them in IBM CloudFailed to query 'optionsUrl' of 'service-endpoints' parameter: {{.Error}}Show the ID of service key. This option is exclusive with '-o, --output'.Sending invitation to {{.UserEmail}} to join in account {{.AccountID}}...Adding {{.MemberList}} to access group {{.GroupName}} as {{.UserName}}...Removing {{.Member}} from access group {{.GroupName}} as {{.UserName}}...Getting external identity interaction settings under account {{.Account}}API key {{.APIKeyNameOrUUID}} has already been enabled, cancel operation.Retrieving all API keys under account {{.AccountID}} as {{.UserEmail}}...${COMMAND_NAME} iam authorization-policy-template-create --file JSON_FILEtls: received unexpected handshake message of type %T when waiting for %Ttls: internal error: handshake returned an error but is marked successfultls: found a certificate rather than a key in the PEM for the private key(?i)^(left|right|top|texttop|middle|absmiddle|baseline|bottom|absbottom)$<rect id="%s" x="%dch" y="%fem" width="%dch" height="1.2em" fill="%s" />
Invalid property: %s. Property must be a something convertable to a string${BINARY_NAME} service ID or Name [--output TYPE] [--global] [-q, --quiet]No resource group targeted. Use '{{.Command}}' to target a resource group.Changing an account is not supported when logging in with trusted profile.    if [[ -z "${BASH_VERSION:-}" || "${BASH_VERSINFO[0]:-}" -gt 3 ]]; then${COMMAND_NAME} iam api-key-delete (NAME|UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam api-key-enable (NAME|UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam api-key-unlock (NAME|UUID) [-f, --force] [-q, --quiet]
There are multiple API keys with the same name. Please select an API key:Show only filtered attached tags to a resource, only value allowed is truebytes.Buffer: UnreadRune: previous operation was not a successful ReadRunemalformed response from server: malformed non-numeric status pseudo headernet/http: server replied with more than declared Content-Length; truncated--secure-trigger-properties '{"deployer-api-key":"s0mEThING_v3Ry_s3CReT"}'An error occurred when downloading the binary:
{{.Error}}
Try again later.Delete a version of an account settings template for an enterprise accountCreating API key {{.APIKeyName}} under {{.AccountID}} as {{.UserEmail}}...'Profile-SAML' for a SAML rule or 'Profile-CR' for a compute resource ruleCannot find primary volume's os-type automatically; must specify manually.SoftLayer_Container_Product_Order_Network_Storage_Enterprise_SnapshotSpacetls: certificate RSA key size too small for supported signature algorithmsResource of the policy definition. This option is exclusive with '--file'.unknown number base: %s. possible options are x (hex) o (octal) b (binary)could not add key or sub-table to exist inline table or its sub-table : %s${BINARY_NAME} entry-visibility ID [--output type] [--global] [-q, --quiet]Unsupported price {{.InvalidPrice}}. The valid inputs are: {{.ValidPrices}}Missing csv output filename.  Specify the output filename with --f filename%[2]s is a special command that is used by the shell completion logic
%[1]s${COMMAND_NAME} iam api-key-disable (NAME|UUID) [-f, --force] [-q, --quiet]Incorrect input. Enter a number between 1 and {{.Upper}}. Please try again.${COMMAND_NAME} iam service-id-lock (NAME|UUID) [-f, --force] [-q, --quiet]Version {{.Version}} is a major update, which might cause breaking changes.The resourceType field must be valued for Classic Infrastructure resources.Unsolicited response received on idle HTTP channel starting with %q; err=%vUnsupported output format '{{.Format}}', only '{{.Formats}}' are supported.${COMMAND_FULL_NAME} (--service-endpoint-enable true | false) [-q, --quiet]--children is not supported when `--account` or `--account-id` is specifiedDeleting template {{.TemplateID}} under current account as {{.UserName}}...Member {{.Member}} is removed from access group {{.GroupName}} successfully
    ${COMMAND_FULL_NAME}
        List platform default access policy rolesCommand/alias '{{.Command}}' already exists in the plug-in being installed.The public network speed of virtual server instance: {{.VsId}} was updated.tls: internal error: attempted to read record with pending application data\b(handle_errors|handle_path|handle_response|replace_status|handle|route)\b
Warning: an error occurred while checking updates for plug-in '{{.Name}}':
Update an existing catalog entry(catalog admin or editor of an account only)
Your login state has expired. Use '{{.Command}}' to relogin and try again.
Retrieving usage for resource group {{.Group}} under account {{.Account}}...Role {{.RoleName}} was not found. There are no valid roles for this service.${COMMAND_NAME} iam service-ids [--uuid] [-o, --output FORMAT] [-q, --quiet]Delete an existing resource group. Only empty resource groups can be delete.HTTP/1.0 400 Bad Request

Client sent an HTTP request to an HTTPS server.
unable to redefine %q shorthand in %q flagset: it's already used for %q flagRe-sending invitation to {{.UserEmail}} to join in account {{.AccountID}}...Creating template {{.TemplateID}} under current account as {{.UserEmail}}...Do you really want to remove template {{.TemplateID}} under current account?${COMMAND_NAME} iam access-group-templates [-o, --output FORMAT] [-q, quiet]The MFA setting of the user with IAM ID specified by the '--user-iamid' flagNo content to update. Specify either name, action-if-leaked, or description.Assume a specified trusted profile, or show the profile ID currently assumedThis volume cannot be modified since it does not support Encryption at Rest.The given snapshot schedule name was not found for the given storage volume.Failed to update the hostname/domain of virtual server instance: {{.VsId}}.
The private network speed of virtual server instance: {{.VsId}} was updated.tls: failed to send closeNotify alert (but connection was closed anyway): %wtls: server certificate contains incorrect key type for selected ciphersuiteOnly need to specify either '--resource-group-name' or '--resource-group-id'drop-shadow\(([-]?[0-9]+px) ([-]?[0-9]+px)( [-]?[0-9]+px)?( ([-]?[0-9]+px))?MapIter.Next called on an iterator that does not have an associated map Value${BINARY_NAME} entry ID [--children] [--output TYPE] [--global] [-q, --quiet]Incorrect usage.  Country value of ALL may only be used with --csv or --json.SoftLayer_Exception_User_Customer_External_Binding_InvalidAuthenticationTokenSoftLayer_Exception_User_Customer_External_Binding_TotpAuthenticationRequiredRetrieving all service IDs of access group {{.GroupName}} as {{.UserName}}...${COMMAND_NAME} iam access-group-user-purge IBMid [-f, --force] [-q, --quiet]${COMMAND_NAME} iam service-id-delete (NAME|UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam service-id-unlock (NAME|UUID) [-f, --force] [-q, --quiet]The plugin already exists in the destination directory. Skipping download ...Unable to create the temporary directory for saving binary. Error: {{.Error}}Looking up plug-ins available for download from repository '{{.RepoName}}'...The list of tag names will replace the value of a tag in the format key:valueinvalid Body.Read call. After hijacked, the original Request must not be usedRetrieving all access groups under account {{.AccountID}} as {{.Username}}...Create a new version of an account settings template in an enterprise accountRetrieving API keys under account {{.AccountID}} created by {{.UserEmail}}...Resource type of the service. '--service' must be set along with this option.${COMMAND_NAME} iam user-setting USER_NAME [-o, --output FORMAT] [-q --quiet]id,blockDevices[id,device,mountType,diskImage[id,metadataFlag,type[keyName]]]crypto/tls: ExportKeyingMaterial is unavailable when renegotiation is enabled^[ ]{0,3}<(?:/[ ]*)?([a-zA-Z]+[a-zA-Z0-9\-]*)(?:[ ].*|>.*|/>.*|)(?:\r\n|\n)?$List all resource reclamations under account {{.Account}} as {{.UserText}}...Policy {{.PolicyID}} for access group {{.GroupName}} was successfully createdPolicy {{.PolicyID}} for access group {{.GroupName}} was successfully deletedPolicy {{.PolicyID}} for access group {{.GroupName}} was successfully updatedDeleting authorization policy {{.PolicyID}} under account {{.AccountName}}...(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{))(?<=^ *)(?<ws> *)(?<keyword>=(?:para|table|pod))(?<config>(?<!\n\s*)[^\n]*\n)reflect: embedded type with methods not implemented if type is not first fieldUnsupported column {{.InvalidColumn}}. The valid inputs are: {{.ValidColumns}}SoftLayer_Exception_User_Customer_External_Binding_PhoneAuthenticationRequiredFailed to find flag %q and mark it as being in a mutually exclusive flag groupRetrieving resource instances usage under account {{.Account}} on {{.Month}}..Incorrect input. The index must be between 1 and {{.Upper}}. Please try again.Plug-in '{{.Old}}' was already installed. Do you want to re-install it or not?${COMMAND_NAME} resource group NAME [--id] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} resource group-create NAME [-o, --output FORMAT] [-q, --quiet]https://ibm-cloud-cli-plugin.s3.direct.us.cloud-object-storage.appdomain.cloudpattern %q (registered at %s) conflicts with pattern %q (registered at %s):
%sUnrecognized sort option '{{.Option}}'. Valid options are '{{.ValidOptions}}'.The IAM ID of the user to be assigned the MFA setting by the '--user-mfa' flagTEMPLATE_NAME|TEMPLATE_ID mutually exclusive with 'name' property in JSON_FILERetrieving all trusted profiles under account {{.Account}} as {{.UserName}}...Retrieving subscription {{.ID}} under account {{.Account}} as {{.UserText}}...Service name of the policy definition. This option is exclusive with '--file'.x509: signature check attempts limit reached while verifying certificate chain115792089210356248762697446949407573530086143415290314195533631308867097853951115792089210356248762697446949407573529996955224135760342422259061068512044369Parent ID of the object. If not inputted, field will default to original parent${BINARY_NAME} entry-update ID [-c PARAMETERS_AS_JSON] [--global] [-q, --quiet]plugin config: invalid type of value for key '%s', expected type %s, but got %TInsecure http API endpoint detected: secure https API endpoints are recommendedUnable to copy the plug-in binary to the temporary location. Error: {{.Error}}.Checking upgrades for all installed plug-ins from repository '{{.RepoName}}'...${COMMAND_NAME} resource groups [--default] [-o, --output FORMAT] [-q, --quiet]Invalid input, you must set account-id only with tag-type option set to servicehttps://ibm-cloud-cli-plugin.s3.private.us.cloud-object-storage.appdomain.cloudcannot convert slice with length %y to array or pointer to array with length %xhttp2: server closing client connection; error reading frame from client %s: %vShow the total number of items found. This option is exclusive with '--output'.Failed to find user {{.UserId}} under account {{.AccountId}}.
{{.ErrorMessage}}${COMMAND_NAME} iam access-policy-templates [-o, --output FORMAT] [-q, --quiet]Get a specific version of an account settings template in an enterprise accountCould not find price for endurance storage space, size={{.Size}} tier={{.Tier}}tls: client certificate private key of type %T does not implement crypto.Signer${COMMAND_FULL_NAME} ID [--comment COMMENT] [-o, --output FORMAT] [-q, --quiet]Resource type of the policy definition. This option is exclusive with '--file'.^<\?xml version="1.0" encoding=".+"\?>\s*<params>\s*<param>\s*<value>\s*<array>``((?=$)|(?=[-/:.,; \n\x00\‐\‑\‒\–\—\ \'\"\)\]\}\>\’\”\»\!\?]))Incorrect usage. Must specify either the -add, --remove, or --service-list flag.List access groups the user belongs to. This flag is exclusive to '-s' and '-p'.Plug-in repo named '{{.RepoName}}' does not exist. Check the name and try again.https://ibm-cloud-cli-metadata.s3.direct.us.cloud-object-storage.appdomain.cloudhttp: RoundTripper implementation (%T) returned a nil *Response with a nil errorbug: unexpected way for two patterns %s and %s to conflict: methods %s, paths %sIAM token with Softlayer validation is required. Use '{{.Command}}' to re-login.${COMMAND_NAME} account user-status [USER_ID] [-o, --output FORMAT] [-q --quiet]${COMMAND_NAME} iam access-group-assignments [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam account-settings-assigment-delete ASSIGNMENT_ID [-q,--quiet]Name of the service account for IKS_SA or ROKS_SA, required if IKS_SA or ROKS_SADeleting rule {{.RULE_NAME}} under trusted profile {{.NAME}} as {{.USERNAME}}...Plug-in directory '{{.Dir}}' already exists. Remove the directory and try again.tls: either ServerName or InsecureSkipVerify must be specified in the tls.Configcrypto/rand: blocked for 60 seconds waiting to read random data from the kernel
x509: invalid signature: parent certificate cannot sign this kind of certificatecrypto/ecdh: internal error: nistec ScalarBaseMult failed for a fixed-size inputxml: end tag </%s> in namespace %s does not match start tag <%s> in namespace %sMultiple resource groups found with the name '{{.Name}}'.
Select one to continue:if any flags in the group [%v] are set none of the others can be; %v were all setLooking up plug-ins available for installation from repository '{{.RepoName}}'...https://ibm-cloud-cli-metadata.s3.private.us.cloud-object-storage.appdomain.cloudExternal authentication failed. Error code: {{.ErrorCode}}, message: {{.Message}}${COMMAND_NAME} iam access-policy-assignments [-o, --output FORMAT] [-q, --quiet]The IP addresses and subnets from which IAM tokens can be created (default is "")Version {{.TemplateVersion}} of Template {{.TemplateID}} was successfully deleted${COMMAND_NAME} iam account-settings-templates [-q,--quiet] [-o, --output FORMAT]Update access policy role {{.RoleNameOrID}} under {{.Scope}} as {{.UserEmail}}...${COMMAND_NAME} iam trusted-profile-templates [-o, --output FORMAT] [-q, --quiet]Failed to update the public network speed of virtual server instance: {{.VsId}}.
Source resource group ID, mutually exclusive with '--source-service-instance-id'.Target resource group ID, mutually exclusive with '--target-service-instance-id'.Creating authorization policy under account {{.AccountName}} as {{.UserEmail}}...Really delete policy {{.PolicyID}} of service ID {{.ServiceID}} under {{.Scope}}?(?<=^ *)(?<ws> *)(?<keyword>=alias)(?<ws2> +)(?<name>\w[\w'-]*)(?<value>[^\n]*\n)
  {{.Name}}{{with .Aliases}}{{range .}}, {{.}}{{end}}{{end}} - {{.Description}}

Could not find locale '{{.Locale}}'. The known locales are:

{{.SupportedLocales}}Really remove the {{.ModelType}} {{.ModelName}} and everything associated with it?Retrieving all trusted profiles of access group {{.GroupName}} as {{.UserName}}...Checking upgrades for plug-in '{{.PluginName}}' from repository '{{.RepoName}}'...Retrieving all resource groups under account {{.AccountName}} as {{.UserEmail}}...The list of tag names will replace all existing tag names attached to the resourceInvalid resourceType, it must be set up only for Classic Infrastructure resources.The remote API does not support the operation. IAM token service is not available.${COMMAND_FULL_NAME} (--position NEW_POSITION) [-o, --output FORMAT] [-q, --quiet]Creating account group {{.Name}} as {{.UserEmail}} under account {{.AccountID}}...Creating access group {{.Name}} under account {{.AccountName}} as {{.Username}}...Update a specific version of an account settings template in an enterprise accountGetting access policy role {{.RoleNameOrID}} under {{.Scope}} as {{.UserEmail}}...SoftLayer_Container_Product_Order_Network_Storage_Enterprise_SnapshotSpace_UpgradeCould not find price for iops for the given volume, size={{.Size}},,Iops={{.IOPS}}Failed to update the private network speed of virtual server instance: {{.VsId}}.
%s is a prerelease version and the constraint is only looking for release versionsrefusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxyx509: a root or intermediate certificate is not authorized to sign for this name: reflect: embedded type with methods not implemented if there is more than one fieldSpecify output format, only JSON is supported now. The default is terminal display.
Following plug-in(s) will not be updated because they may contain breaking changeshttps://ibm-cloud-cli-mod-staging.s3.direct.us.cloud-object-storage.appdomain.cloudjson: invalid use of ,string struct tag, trying to unmarshal unquoted value into %vRemoving user {{.UserId}} from account {{.AccountId}} owned by {{.AccountOwner}}...${COMMAND_FULL_NAME} account-group-delete (-n, --name NAME | --id ID) [-q, --quiet]Getting assignment {{.AssignmentID}} as {{.UserEmail}} under account {{.AccountID}}${COMMAND_NAME} iam account-settings-assignments [-q,--quiet] [-o, --output FORMAT]Commit a specific version of an account settings template in an enterprise account.Version {{.TemplateVersion}} of Template {{.TemplateID}} was successfully committedDeleting access policy role {{.RoleNameOrID}} under {{.Scope}} as {{.UserEmail}}...${COMMAND_NAME} iam trusted-profile-assignments [-o, --output FORMAT] [-q, --quiet]/v4/accounts/%s/organizations/%s/resource_instances/usage/%s?_names=true&_tags=true
Authentication failed. Unable to refresh auth token: {{.Error}}. Try again later.
serviceResource.datacenter.id,billingItem,storageTierLevel,storageType.keyName,iopsGetting authorization policies under account {{.AccountID}} as {{.OperatorName}}...Creating policy under {{.Scope}} for service ID {{.ServiceID}} as {{.UserEmail}}...x509: issuer has name constraints but leaf contains unknown or unconstrained name:  (possibly because of %q while trying to verify candidate authority certificate %q)(?<=^ *)(?<ws> *)(?<keyword>=config)(?<ws2> +)(?<name>\w[\w'-]*)(?<config>[^\n]*\n)A problem occurred during the attempt to accept the invitation to join the account.
Error response from server. Status code: {{.StatusCode}}; description: {{.Message}}.Show monthly usage for a resource group (account admin or resource group admin only)Retrieving resource instances usage under resource group {{.Group}} on {{.Month}}...https://ibm-cloud-cli-mod-staging.s3.private.us.cloud-object-storage.appdomain.cloud${COMMAND_FULL_NAME} (-n, --name NAME | --id ID) [-o, --output FORMAT] [-q, --quiet]Updating version of template {{.TemplateID}} as {{.UserEmail}} under current accountRetrieving access group {{.Name}} under account {{.AccountName}} as {{.Username}}...Updating template {{.TemplateID}} version as {{.UserEmail}} under current account...${COMMAND_NAME} iam trusted-profile-assignment-update ASSIGNMENT_ID TEMPLATE_VERSIONCreating trusted profile {{.Profile}} under account {{.Account}} as {{.UserName}}...Deleting trusted profile {{.Profile}} under account {{.Account}} as {{.UserName}}...Really delete link {{.LINKNAME}} of trusted profile {{.NAME}} under current account?Updating trusted profile {{.Profile}} under account {{.Account}} as {{.UserName}}...Namespace name/alias '{{.Namespace}}' already exists in the plug-in being installed.Namespace name/alias '{{.Namespace}}' in the plug-in being installed already exists.Could not find price for snapshot space,size={{.Size}},tier={{.Tier}},Iops={{.IOPS}}tls: downgrade attempt detected, possibly due to a MitM attack or a broken middleboxx509: signature algorithm specifies an %s public key, but have public key of type %T(?<=^ *)(?<ws> *)(?<keyword>=(?:item\d*|comment|data|[A-Z]+))(?<ws2> *)(?<config>#?)reflect.Value.Interface: cannot return value obtained from unexported field or methodDeprecated, Optional: Specify a filename for the csv output. Use shell ">" directive.Update the visibility of an existing catalog entry (catalog admin of an account only)${COMMAND_NAME} iam api-keys [--uuid] [-a, --all] [-o, --output FORMAT] [-q, --quiet]Following plug-in(s) can be updated.
Select one to continue (or press enter to skip):Creating resource group {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...Deleting resource group {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...Updating resource group {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...Retrieving default resource group under account {{.AccountName}} as {{.UserEmail}}...User tag attachment failed. You can run {{.Command}} to attempt attaching tags again.http: WriteHeader called with both Transfer-Encoding of %q and a Content-Length of %d${COMMAND_NAME} iam access-group-template-version-commit TEMPLATE_ID TEMPLATE_VERSION${COMMAND_NAME} iam access-group-template-version-create TEMPLATE_ID --file JSON_FILENamespace of the service account for IKS_SA or ROKS_SA, required if IKS_SA or ROKS_SA/v4/accounts/%s/resource_groups/%s/resource_instances/usage/%s?_names=true&_tags=truex509: failed to parse private key (use ParseECPrivateKey instead for this key format)reflect: New of type that may not be allocated in heap (possibly undefined cgo C type)Optional: Filter by price. Currently "free", "paygo", and "subscription" are supportedCould not get trusted profile information:
Missing trusted profile ID in access token.
You have additional security features enabled on the account.
Input the security code${COMMAND_NAME} billing account-usage [-d YYYY-MM] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam access-group GROUP_NAME [--id] [-o, --output FORMAT] [-q, --quiet]List access groups the service ID belongs to. This flag is exclusive to '-u' and '-p'.${COMMAND_NAME} plugin repo-plugins [-r REPO_NAME] [-o, --output FORMAT] [-q, --quiet]Locking service instance {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...Updating service key {{.NameOrID}} under account {{.AccountName}} as {{.UserEmail}}...${COMMAND_FULL_NAME} USER_ID [-c, --account-id ACCOUNT_ID] [-f, --force] [-q, --quiet]${COMMAND_FULL_NAME} [-c, --account-id ACCOUNT_ID] [-o, --output FORMAT] [-q, --quiet]Updating account group {{.NameOrID}} as {{.UserEmail}} under account {{.AccountID}}...Submitting request to create assignment under account {{.Account}} as {{.UserText}}...${COMMAND_NAME} iam authorization-policy-templates [-o, --output FORMAT] [-q, --quiet]Retrieving trusted profile {{.Profile}} under account {{.Account}} as {{.UserName}}...Listing trusted profiles that user {{.UserName}} under account {{.Account}} can assumeCommand/alias '{{.Command}}' in the plug-in being installed is a native command/alias.Updating policy under current account for user {{.TargetUser}} as {{.OperatorName}}...x509: a root or intermediate certificate is not authorized for an extended key usage: Specify output format, JSON and CSV are supported now. The default is terminal display.Retrieving resource group {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...Invalid input, tag-type 'access' is not compatible with classic-infrastructure providerRetrieve all service instances. This option is exclusive with '--limit' and '--offset'.Access tag attachment failed. You can run {{.Command}} to attempt attaching tags again.Deleting service instance {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...https://ibm-cloud-cli-plugin-metadata.s3.direct.us.cloud-object-storage.appdomain.cloudComma-delimited list of account states to exclude. Example:  "SUSPENDED,CANCEL_PENDING"Updating version of template {{.TemplateID}} as {{.UserEmail}} under current account...Locking API key {{.APIKeyNameorUUID}} under account {{.AccountID}} as {{.UserEmail}}...Retrieving resource reclamations {{.ID}} under account {{.Account}} as {{.UserText}}...'--source-service-name' is only optional when '--source-resource-group-id' is specifiedGetting all policies of service ID {{.ServiceID}} under {{.Scope}} as {{.UserEmail}}...Specify either a JSON file of policy definition or at least one attribute to be updated(?<=(?:^|\(|=|:|~~|\[|{|,|=>)\s*)(/)(?!\]|\))((?:\\\\|\\/|.)*?)((?<!(?<!\\)\\)/(?!'|"))
  {{.Name}} - {{if .Usage }}{{.Usage}}{{else if .Description}}{{.Description}}{{end}}


The cloud API requires CLI version {{.MinVersion}}. You are using version {{.Version}}.Specify output format, only JSON is supported now. This option is exclusive with '--id'.Type of the tag. Only allowed values are: user, service or access (default value : user)Invalid input, tag-type 'service' is not compatible with classic-infrastructure providerCanceling service instance {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...Unlocking service instance {{.Name}} under account {{.AccountName}} as {{.UserEmail}}...https://ibm-cloud-cli-plugin-metadata.s3.private.us.cloud-object-storage.appdomain.cloudDeleting API key {{.APIKeyNameorUUID}} under account {{.AccountID}} as {{.UserEmail}}...Enabling API key {{.APIKeyNameorUUID}} under account {{.AccountID}} as {{.UserEmail}}...Updating API key {{.APIKeyNameOrUUID}} under account {{.AccountID}} as {{.UserEmail}}...${COMMAND_NAME} iam authorization-policy-assignments [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam trusted-profile-template-version-delete TEMPLATE_ID TEMPLATE_VERSIONGetting all rules of trusted profile ID {{.Name}} under {{.Account}} as {{.Username}}...Command '*' in the plug-in being installed must have a namespace defined in the plug-in.x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)Compute resource token used for login. Can either be a token string or a path to a @file.Plug-in '{{.Name}} {{.LatestVersion}}' is now available (you have {{.InstalledVersion}}).${COMMAND_NAME} iam access-group-user-remove GROUP_NAME IBMid [-q, --quiet] [-f, --force]End date. List audit logs before the end date. Supported formats are yyyy-MM-ddTHH:mm:ss.List only accounts that are active (exclude states: CANCEL_PENDING, CANCELED, SUSPENDED).Name of the parent account group. If omitted, the parent would be the current enterprise.The comma-separated list of account IDs allowed access under the specified identity type.Getting report with reference {{.Reference}} for account {{.Account}} as {{.UserName}}...Disabling API key {{.APIKeyNameorUUID}} under account {{.AccountID}} as {{.UserEmail}}...Unlocking API key {{.APIKeyNameOrUUID}} under account {{.AccountID}} as {{.UserEmail}}...${COMMAND_NAME} iam authorization-policy-assignment-update ASSIGNMENT_ID TEMPLATE_VERSIONSource service of the authorization role. '--service' must be set along with this option.Region '{{.Region}}' was not found. Use '{{.Command}}' to view all the available regions.(?<=^ *)(?<ws> *)(?<keyword>=(?:for|defn))(?<ws2> +)(?<name>\w[\w'-]*)(?<config>[^\n]*\n)${COMMAND_NAME} api [API_ENDPOINT] [--unset] [--skip-ssl-validation] [--vpc] [-q, --quiet]
You have additional security features enabled on the account.
Select a security question:Plug-in '{{.Old}}' was already installed. Do you want to update it with '{{.New}}' or not?Plug-in '{{.Plugin}}' has no binary available for your {{.OS}} {{.ARCH}} operating system.http2: server sent GOAWAY and closed the connection; LastStreamID=%v, ErrCode=%v, debug=%qGetting version of template {{.TemplateID}} as {{.UserEmail}} under account {{.AccountID}}${COMMAND_NAME} iam access-group get GROUP_NAME [--id] [-o, --output FORMAT] [-q, --quiet]The state of the external identitiy. Valid values are "limited", "enabled", and "monitor".Invalid datacenter name specified. Please provide the lower case short name (e.g.: dal09).'--target-service-name' is only optional when '--target-resource-type' is 'resource-group'GUID of service instance of the policy definition. This option is exclusive with '--file'.Getting policies of user {{.TargetUserName}} under current account as {{.OperatorName}}...Creating policy under current account for user {{.TargetUserName}} as {{.OperatorName}}...(<\s*(?:script|style).*?lang\s*=\s*['"])(.+?)(['"].*?>)(.+?)(<\s*/\s*(?:script|style)\s*>)Logging in using custom VPC instance identity service endpoint from environment variable...${COMMAND_NAME} iam access-group-service-ids GROUP_NAME [-o, --output FORMAT] [-q, --quiet]List access groups the trusted profile belongs to. This flag is exclusive to '-s' and '-u'.Invalid input, tag-type 'service' and 'access' are not compatible with resource-type optionThe attempt to get activity failed, but the specified ID was found. Try without --activity.Getting versions of template {{.TemplateID}} as {{.UserEmail}} under account {{.AccountID}}Really delete rule {{.RULENAME}} of trusted profile {{.PROFILENAME}} under current account?username,openIdConnectUserName,traceId,ipAddress,objectName,label,eventName,eventCreateDateArguments 'SOURCE_SERVICE_NAME TARGET_SERVICE_NAME ROLE_NAME...' and '--file' are exclusiveGetting all policies of trusted profile {{.Profile}} under {{.Account}} as {{.UserName}}...xml: EncodeToken of ProcInst xml target only valid for xml declaration, first token encoded\b(?:alnum|alpha|blank|cntrl|digit|graph|lower|print|punct|space|upper|xdigit|same|ident)\b${COMMAND_NAME} config get (http-timeout | trace | color | locale | sso-otp | check-version)Allow the CLI to accept incoming network connections, if prompted by the system during loginVersion of the plug-in to be upgraded to. Accepts a specific semantic version or constraint.The downloaded binary is possibly corrupt. The computed checksum doesn't match its metadata.The attempt to get activity failed, but the specified key was found. Try without --activity.Start date. List audit logs after the start date. Supported formats are yyyy-MM-ddTHH:mm:ss.${COMMAND_FULL_NAME} (-n, --name NEW_NAME) [-f, --force] [-o, --output FORMAT] [-q, --quiet]Unable to remove plug-in directory: {{.Error}}. If necessary, manually remove the directory.Command/alias '{{.Command}}' is already taken by a namespace in the plug-in being installed.Command/alias '{{.Command}}' in the plug-in being installed is already taken by a namespace.tls: handshake hash for a client certificate requested after discarding the handshake buffer'(\\['"\\abfnrtv]|\\x[0-9a-fA-F]{2}|\\[0-7]{1,3}|\\u[0-9a-fA-F]{4}|\\U[0-9a-fA-F]{8}|[^\\])'Unable to obtain plug-in's name. Ensure that you specified the correct plug-in and try again.No account targeted or specified. Use '-c, --account-id ACCOUNT_ID' to specify an account ID.${COMMAND_NAME} iam access-group-assignment ASSIGNMENT_ID [-o, --output FORMAT] [-q, --quiet]Connecting id {{.ID}} to trusted profile {{.ProfileName}} under {{.Account}} as {{.UserName}}Creating link to trusted profile {{.ProfileName}} under account {{.Account}} as {{.Username}}The snapshot space for this volume is set for cancellation; unable to order replicant volume.Snapshot space not found for original volume, origin snapshot space is needed for duplicationtls: unsupported certificate: private key is *ed25519.PrivateKey, expected ed25519.PrivateKey${COMMAND_FULL_NAME} ID [--comment COMMENT] [-f, --force] [-o, --output FORMAT] [-q, --quiet]${COMMAND_FULL_NAME} GROUP_NAME POLICY_ID [-f, --force] [-q, --quiet] [--api-version v1 | v2]Really delete policy {{.PolicyID}} of trusted profile {{.TrustedProfileID}} under {{.Scope}}?^hsl\([ ]*([012]?[0-9]{1,2}|3[0-5][0-9]|360),[ ]*([0-9]{0,2}|100)\%,[ ]*([0-9]{0,2}|100)\%\)$(translate|translate3d|translatex|translatey|translatez|scale|scale3d|scalex|scaley|scalez)\(${COMMAND_NAME} config unset (http-timeout | trace | color | locale | sso-otp | check-version)Types of the service endpoints. Possible values are 'public', 'private', 'public-and-private'.${COMMAND_FULL_NAME} [--active | --exclude EXCLUDE_STATES] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam access-policy-assignment ASSIGNMENT_ID [-q, --quiet] [-o, --output FORMAT]Submitting request to delete assignment {{.ID}} under account {{.Account}} as {{.UserText}}...Submitting request to update assignment {{.ID}} under account {{.Account}} as {{.UserText}}...${COMMAND_NAME} iam trusted-profiles [--id | -o, --output FORMAT] [--can-assume] [-q, --quiet]Create an authorization policy to allow a service instance access to another service instance.The ID of the account that owns the tags to be deleted (required if tag-type is set to service)Current user is not authorized to list templates. Please check with your account administrator.${COMMAND_NAME} iam access-group-assignment-update ASSIGNMENT_ID TEMPLATE_VERSION [-q, --quiet]The restriction level on API Key creation (one of "RESTRICTED", "NOT_RESTRICTED", or "NOT_SET")Update an assignment in order to retry failed assignments or migrate resources to a new versionCreating new version of template {{.TemplateID}} as {{.UserEmail}} under account {{.AccountID}}Unable to download the plug-in binary from the URL {{.URL}}.
Error: {{.Error}}
Try again later.Getting authorization policy {{.PolicyID}} under account {{.AccountID}} as {{.OperatorName}}...Creating policy under account {{.Account}} for trusted profile {{.Profile}} as {{.UserName}}...Do you really want to remove policy {{.PolicyID}} under current account for user {{.Username}}?invalid group name: group names must begin with a word character and have a matching terminator
  [environment variables] {{.Name}} [global options] command [arguments...] [command options]

Invalid input. For a list of required parameters, see documentation for the catalog entry model.${COMMAND_NAME} iam access-group-trusted-profiles GROUP_NAME [-o, --output FORMAT] [-q, --quiet]Cannot create key for service instance {{.Name}}. Invalid definition of service {{.ServiceName}}The attempt to get activity failed, but the specified profile was found. Try without --activity.Current user is not authorized to view a template. Please check with your account administrator.${COMMAND_FULL_NAME} USER_EMAIL [--access-groups ACCESS_GROUP_1,ACCESS_GROUP_2...] [-q, --quiet]${COMMAND_NAME} iam account-settings-assignment ASSIGNMENT_ID [-q,--quiet] [-o, --output FORMAT]Delete an account settings assignment. This will remove any resources created by this assignmentGetting API key {{.serviceAPIKeyNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...${COMMAND_NAME} iam trusted-profile-assignment ASSIGNMENT_ID [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam trusted-profile-delete (PROFILE_NAME|PROFILE_ID) [-f, --force] [-q, --quiet]Getting identities connected to trusted profile {{.Name}} under {{.Account}} as {{.UserName}}...(?i)\\[!"#$%&'()*+,./:;<=>?@[\\\]^_`{|}~-]|&(?:#x[a-f0-9]{1,8}|#[0-9]{1,8}|[a-z][a-z0-9]{1,31});Creating policy for access group {{.GroupName}} under account {{.AccountID}} as {{.UserName}}...b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aefaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f^[\-]?([0-9]+|[0-9]*[\.][0-9]+)(%|cm|mm|in|px|pt|pc|em|ex|ch|rem|vw|vh|vmin|vmax|deg|rad|turn)?$Specify additional columns for the table. Currently "group", "provider", and "tags" are supportedhttp: RoundTripper implementation (%T) returned a *Response with content length %d but a nil BodyCurrent user is not authorized to get an assignment. Please check with your account administratorCurrent user is not authorized to list assignments. Please check with your account administrator.'--parent-account-group' or '--parent-account-group-id' or '-parent-enterprise' must be specified${COMMAND_NAME} iam account-settings-assigment-update ASSIGNMENT_ID TEMPLATE_VERSION [-q,--quiet]Creating rule to trusted profile {{.Profile_Name}} under account {{.Account}} as {{.Username}}...Namespace '{{.Namespace}}' in the plug-in being installed is not recognized. Ensure it's defined.Current user is not authorized to delete templates. Please check with your account administrator.mask[id, username, displayName, userStatus[name], hardwareCount, virtualGuestCount, email, roles]List all policies under current account filtered by policy type. Valid options are: access | authDeleting policy {{.PolicyID}} under {{.Scope}} for service ID {{.ServiceID}} as {{.UserEmail}}...${BINARY_NAME} entry-create [-c PARAMETERS_AS_JSON] [-p, --parent PARENT] [--global] [-q, --quiet]${COMMAND_NAME} plugin repo-plugin PLUGIN_NAME [-r REPO_NAME] [-o, --output FORMAT] [-q, --quiet]
Deployment {{.Deployment}} is not available under service plan {{.Name}} in location {{.Location}}Deleting service key {{.Name}} with ID {{.ID}} under account {{.AccountName}} as {{.UserEmail}}...Current user is not authorized to delete assignment. Please check with your account administrator.Current user is not authorized to create a template. Please check with your account administrator.Account is not a paid account. To enable or disable service endpoint, you need to upgrade account.Deleting access group {{.Name}} with ID {{.ID}} under account {{.AccountName}} as {{.Username}}...Updating access group {{.Name}} with ID {{.ID}} under account {{.AccountName}} as {{.Username}}...The restriction level on Service ID creation (one of "RESTRICTED", "NOT_RESTRICTED", or "NOT_SET")UUID of the service ID which the API keys belong to. If set to 'all', show all service ID API keys${COMMAND_NAME} iam trusted-profile list [--id | -o, --output FORMAT] [--can-assume] [-q, --quiet]Current user is not authorized to view user settings. Please check with your account administratorCurrent user is not authorized to delete the account. Please check with your account administratorCurrent user is not authorized to update a template. Please check with your account administrator.Current user is not authorized to commit a template. Please check with your account administrator.NoClientCertRequestClientCertRequireAnyClientCertVerifyClientCertIfGivenRequireAndVerifyClientCert^www\.[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-z]+(?:[/#?][-a-zA-Z0-9@:%_\+.~#!?&/=\(\);,'">\^{}\[\]`]*)?^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*Wrong 'accountId' of target resource in 'resources'. Specify the ID of currently targeted account.Optional: Output format value. Specify output format, json or csv. The default is terminal display.Accept an invitation to join the targeted account. The provided account must be a valid account ID.Resource group '{{.Name}}' was not found. Use '{{.Command}}' to list all available resource groups.Role {{.RoleName}} was not found for service {{.ServiceName}}. Valid roles are {{.SupportedRoles}}.If no repository is specified, the command uses the official plug-in repository '{{.DefaultRepo}}'.The ID of the account that owns the resources to be tagged (required if tag-type is set to service)Service endpoint type {{.ServiceEndpointInput}} is not valid. Accepted inputs are {{.ValidValues}}.https://ibm-cloud-cli-mod.s3.direct.us.cloud-object-storage.appdomain.cloud/message-of-the-day.json${COMMAND_NAME} account user-status-update USER_ID NEW_STATUS [-o, --output FORMAT] [-q, --quiet]

${COMMAND_NAME} iam account-settings [--show-external-identity] [-o, --output FORMAT] [-q, --quiet]Invalid condition '{{.Condition}}', it must be in format claim:CLAIM,operator:OPERATOR,value:VALUE.Command/alias 'help' in the plug-in being installed should have a namespace defined in the plug-in.Current user is not authorized to view user's profile. Please check with your account administratorCurrent user is not authorized to view an assignment. Please check with your account administrator.Source service name, may be used when SOURCE_SERVICE_NAME and TARGET_SERVICE_NAME are not specifiedTarget service name, may be used when SOURCE_SERVICE_NAME and TARGET_SERVICE_NAME are not specifiedGetting policy {{.PolicyID}} of service ID {{.ServiceIDName}} under {{.Scope}} as {{.UserEmail}}...Getting policy {{.PolicyID}} of trusted profile {{.Profile}} under {{.Account}} as {{.UserName}}...(<<=|>>=|<<|>>|<=|>=|&\^=|&\^|\+=|-=|\*=|/=|%=|&=|\|=|&&|\|\||<-|\+\+|--|==|!=|:=|\.\.\.|[+\-*/%&])^(\S.*)(\n)(={3,}|-{3,}|`{3,}|:{3,}|\.{3,}|\'{3,}|"{3,}|~{3,}|\^{3,}|_{3,}|\*{3,}|\+{3,}|#{3,})(\n)A command line tool to interact with {{.Cloud}}
  Find more information at: https://ibm.biz/cli-docsThe action to take if the key is leaked, can be "none", "disable", or "delete". Default is "disable"${COMMAND_NAME} iam service-id (NAME|UUID) [--uuid] [-o, --output FORMAT] [-q, --quiet] [--activity]Creating service key of {{.ResourceDescription}} under account {{.AccountName}} as {{.UserEmail}}...https://ibm-cloud-cli-mod.s3.private.us.cloud-object-storage.appdomain.cloud/message-of-the-day.jsonRemote server error. Status code: {{.StatusCode}}, error code: {{.ErrorCode}}, message: {{.Message}}Current user is not authorized to create an assignment. Please check with your account administratorCurrent user is not authorized to update an assignment. Please check with your account administrator${COMMAND_NAME} iam trusted-profile assume [PROFILE_NAME|PROFILE_ID] [--output FORMAT] [-q, --quiet]${COMMAND_NAME} iam trusted-profile-assume [PROFILE_NAME|PROFILE_ID] [--output FORMAT] [-q, --quiet]Current user is not authorized to update user settings. Please check with your account administrator
Your login state has expired or you are unauthorized. Use '{{.Command}}' to relogin and try again.
Invalid policy type provided. Valid options are: user | service_id | access_group | trusted_profile.Deleting policy {{.PolicyID}} under current account for user {{.TargetUser}} as {{.OperatorName}}...cipher: the nonce can't have zero length, or the security of the key will be immediately compromised(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+Could not get visibility at this time from the name provided. Please review the ID or Name specified.The ID of the account that owns the resources to be detached (required if tag-type is set to service)Show the CRN of the service instance. This option is exclusive with '--output', '--id', and '--guid'.Show the GUID of the service instance. This option is exclusive with '--output', '--id', and '--crn'.Getting all API keys of service ID {{.ServiceID}} under account {{.AccountGUID}} as {{.UserEmail}}...${COMMAND_NAME} iam authorization-policy-assignment ASSIGNMENT_ID [-q, --quiet] [-o, --output FORMAT]Current user is not authorized to update user's profile. Please check with your account administratorCurrent user is not authorized to update an assignment. Please check with your account administrator.Current user is not authorized to delete an assignment. Please check with your account administrator.${COMMAND_FULL_NAME} GROUP_NAME POLICY_ID [-o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]Updating policy {{.PolicyID}} under {{.Scope}} for service ID {{.ServiceIDName}} as {{.UserEmail}}...Deleting policy {{.PolicyID}} under {{.Account}} for trusted profile {{.Profile}} as {{.UserName}}...cgocheck > 1 mode is no longer supported at runtime. Use GOEXPERIMENT=cgocheck2 at build time instead.Retrieving information of the account group {{.Name}} as {{.UserText}} under account {{.AccountID}}...Current user is not authorized to list policy templates. Please check with your account administrator.Getting policy {{.PolicyID}} of user {{.TargetUserName}} under current account as {{.OperatorName}}...xtg-x-cel-gaulishen-GB-oxendicten-x-i-defaultund-x-i-enochiansee-x-i-mingonan-x-zh-minen-US-u-va-posix'{{.Command}}' is not a registered command. Check your list of installed plug-ins. See '{{.App}} help'.The ID of the account that owns the tags that you want to list (required if tag-type is set to service)HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad RequestCurrent user is not authorized to update account settings. Please check with your account administrator${COMMAND_FULL_NAME} iam role (ROLE_NAME|ROLE_DISPLAY_NAME|ROLE_ID) [-o, --output FORMAT] [-q, --quiet]Creating link {{.Name}} to trusted profile {{.ProfileName}} under account {{.Account}} as {{.Username}}List all resource reclamations of instance {{.IDOrName}} under account {{.Account}} as {{.UserText}}...Retrieving all policies of access group {{.GroupName}} under account {{.AccountID}} as {{.UserName}}...Optional: Filter by tag.  This flag is repeatable and results in a logical OR of all the tags specified.${COMMAND_NAME} billing resource-group-usage GROUP_NAME [-d YYYY-MM] [-o, --output FORMAT] [-q, --quiet]Retrieving identity {{.Identity}} of trusted profile {{.Profile}} under {{.Account}} as {{.UserName}}...Current user is not authorized to delete the account group. Please check with your account administratorCurrent user is not authorized to create template version. Please check with your account administrator.Submitting request to delete resource reclamation {{.ID}} under account {{.Account}} as {{.UserText}}...Do you really want to remove policy {{.PolicyID}} under current account for access group {{.GroupName}}?Service endpoints can not be specified because no option found for the service plan in the given location${COMMAND_NAME} resource service-key-delete ( NAME | ID ) [-g RESOURCE_GROUP] [-f, --force] [-q, --quiet]Getting system defined access policy roles {{.RoleList}}under account {{.AccountID}} as {{.UserEmail}}...New description of the profile. Providing an empty description will clear the description of the profile.Submitting request to restore resource reclamation {{.ID}} under account {{.Account}} as {{.UserText}}...	For more information on available statuses, see https://cloud.ibm.com/apidocs/user-management#user-statesRetrieving all access groups to which {{.Member}} belongs under account {{.AccountID}} as {{.Username}}...${COMMAND_NAME} iam trusted-profile-template-version-commit (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION${COMMAND_NAME} iam trusted-profile-template-version-create (TEMPLATE_ID | TEMPLATE_NAME) --file JSON_FILEUpdate rule {{.RULE_NAME}} under {{.ACCOUNT}} for trusted profile ID {{.PROFILE_NAME}} as {{.USERNAME}}...(?:[\r\n \t]+[a-zA-Z_:][a-zA-Z0-9:._-]*(?:[\r\n \t]*=[\r\n \t]*(?:[^\"'=<>`\x00-\x20]+|'[^']*'|"[^"]*"))?)ed25519: expected opts.HashFunc() zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)^[0-9]{4}(-[0-9]{2}(-[0-9]{2}([ T][0-9]{2}(:[0-9]{2}){1,2}(.[0-9]{1,6})?Z?([\+-][0-9]{2}:[0-9]{2})?)?)?)?$asn1: time did not serialize back to the original value and may be invalid: given %q, but serialized as %q(GET|POST|PUT|DELETE|HEAD|OPTIONS|TRACE|PATCH|CONNECT)( +)([^ ]+)( +)(HTTP)(/)([123](?:\.[01])?)(\r?\n|\Z)(?<!(?:\d+|\.(?:Int|Numeric)|[$@%]\*?[\w':-]+\s+|[\])}]\s+)\s*)(«)(?![^»]+?[},;] *\n)(?![^»]+?»\S+?»)Notice: You have selected a public endpoint. IBM recommends using private endpoints for increased security.${COMMAND_NAME} iam access-group-template (TEMPLATE_ID | TEMPLATE_NAME) [-o, --output FORMAT] [-q, --quiet]Parent namespace of '{{.Namespace}}' in the plug-in being installed is not recognized. Ensure it's defined.${COMMAND_FULL_NAME} GROUP_NAME [--total-items | -o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]${COMMAND_NAME} iam user-policy IBMid POLICY_ID [-o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
This is an error in the application.  Please contact the distributor of this application if this is not you.The browser cannot be launched. Copy the URL and paste it into your browser window to get the one-time code.${COMMAND_NAME} iam access-group-delete GROUP_NAME [-f, --force] [-r, --recursive] [-a, --all] [-q, --quiet]List all users under the access group filtered by membership type. Valid options are: static | dynamic | all{{.Plugin}} is built into the IBM Cloud CLI. You can check for IBM Cloud CLI updates with '{{.App}} update'.Type of instances. 'service_instance' type is used if not specified, use all to list all types of instances.${COMMAND_NAME} resource service-instance-lock ( NAME | ID ) [-g RESOURCE_GROUP] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam access-policy-template (TEMPLATE_ID | TEMPLATE_NAME) [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam access-group delete GROUP_NAME [-f, --force] [-r, --recursive] [-a, --all] [-q, --quiet]Do you really want to remove version {{.TemplateVersion}} of template {{.TemplateID}} under current account?Creating access policy role {{.RoleName}} under {{.Scope}} for service {{.ServiceName}} as {{.UserEmail}}...'{{.RepoName}}' does not exist as an available plug-in repo.
Use '{{.Command}}' to list all the added repos.id,name,createDate,cpuCount,diskCapacity,memoryCapacity,guestCount,datacenter,backendRouter,allocationStatusGetting policy {{.PolicyID}} of access group {{.GroupName}} under account {{.AccountID}} as {{.UserName}}...${COMMAND_NAME} iam user-policy-delete USER_ID POLICY_ID [-f, --force] [-q, --quiet] [--api-version v1 | v2]^( *\.\.)(\s*)((?:source)?code(?:-block)?)(::)([ \t]*)([^\n]+)(\n[ \t]*\n)([ \t]+)(.*)(\n)((?:(?:\8.*|)\n)+)Warning: plug-in '{{.Plugin}}' may have compatibility issue with current version of {{.CLIProductShortName}}.Plug-in '{{.Plugin}}' was successfully installed into {{.PluginDir}}. Use '{{.Command}}' to show its details.Current user is not authorized to view a version of a template. Please check with your account administrator.Getting all links to compute resources of trusted profile ID {{.Name}} under {{.Account}} as {{.Username}}...The downloaded plug-in binary might be corrupt. The computed checksum doesn't match repo metadata. Try again.Updating policy {{.PolicyID}} under account {{.Account}} for trusted profile {{.Profile}} as {{.UserName}}...(?<=^ *)(?<keyword> *=)(?<ws> *)(?<config>(?::\w[\w'-]*(?:(?:<<|<|«|\(|\[|\{).+?(?:>>|>|»|\)|\]|\})) *)*\n)[$@%&]+\*(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+A problem occurred during the attempt to accept the invitation to join the account: account ID cannot be empty${COMMAND_NAME} iam access-group-trusted-profile-purge (PROFILE_NAME | PROFILE_ID) [-f, --force] [-q, --quiet]There are more than one resource with the same name, please use --resource-id option setting the crn attribute${COMMAND_NAME} resource service-instance-unlock ( NAME | ID ) [-g RESOURCE_GROUP] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam account-settings-template (TEMPLATE_ID | TEMPLATE_NAME) [-q,--quiet] [-o, --output FORMAT]Delete version {{.TemplateVersion}} of template {{.TemplateID}} as {{.UserEmail}} under account {{.AccountID}}Getting access policy roles {{.RoleList}}of {{.ServiceName}} under account {{.AccountID}} as {{.UserEmail}}...The type of identity to retrieve. USER for a user IAM ID, SERVICEID for a service ID, or CRN for a service CRNDeleting policy {{.PolicyID}} under account {{.AccountID}} for access group {{.GroupName}} as {{.UserName}}...Updating policy {{.PolicyID}} for access group {{.GroupName}} under account {{.AccountID}} as {{.UserName}}...white-space: pre; -webkit-user-select: none; user-select: none; margin-right: 0.4em; padding: 0 0.4em 0 0.4em;Invalid service endpoints. The service plan only supports {{.Options}} service endpoints in the given location.Specify output format, only JSON is supported now. This option is exclusive with '--id', '--crn', and '--guid'.${COMMAND_NAME} resource service-key (NAME | ID) [-g RESOURCE_GROUP] [--id] [-o, --output FORMAT] [-q, --quiet]Current user is not authorized to view trusted profile identities. Please check with your account administratorCurrent user is not authorized to update a version of a template. Please check with your account administrator.Current user is not authorized to delete a version of a template. Please check with your account administrator.Current user is not authorized to commit a version of a template. Please check with your account administrator.Namespace name/alias '{{.Namespace}}' in the plug-in being installed is already used by a native command/alias.Current user is not authorized to get Trusted Profile Assignments. Please check with your account administrator(?=[\w\-])(GMENU_FOLDOUT|GMENU_LAYERS|GMENU|IMGMENUITEM|IMGMENU|JSMENUITEM|JSMENU|TMENUITEM|TMENU_LAYERS|TMENU)Show the ID (CRN and GUID) of service instance. This option is exclusive with '--crn', '--guid', and '--output'.Retrieving all service keys in {{.ResourceGroupDescription}} under account {{.AccountName}} as {{.UserEmail}}...The number of seconds after which session will expire (can also be "NOT_SET", which will reset value to default)${COMMAND_NAME} iam account-settings-template-commit (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q,--quiet]Creating rule {{.Rule_Name}} to trusted profile {{.Profile_Name}} under account {{.Account}} as {{.Username}}...(?<!<\s*(?:script|style)(?:(?!(?:script|style)\s*>).)*?){(?!(?:(?!<\s*(?:script|style)).)*?(?:script|style)\s*>)${COMMAND_NAME} iam access-group-service-id-purge (SERVICE_ID_NAME | SERVICE_ID_UUID) [-f, --force] [-q, --quiet]Current user is not authorized to create trusted profile identities. Please check with your account administrator${COMMAND_FULL_NAME} NAME [-d, --domain DOMAIN_NAME] [--primary-contact-id PRIMARY_CONTACT_USER_ID] [-q, --quiet]Creating API key {{.APIKeyName}} of service ID {{.ServiceID}} under account {{.AccountGUID}} as {{.UserEmail}}...^v?([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$^rgba\(([ ]*((([0-9]{1,2}|100)\%)|(([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))),){3}[ ]*(1(\.0)?|0|(0\.[0-9]+))\)$
You have additional security features enabled on the account.
Press Enter after phone authentication is completed${COMMAND_NAME} resource group-update NAME [-n, --name NEW_NAME] [-f, --force] [-o, --output FORMAT] [-q, --quiet]Whether the service instance should be deleted (cleaned up) during the processing of a region instance delete callhttp2: Transport: cannot retry err [%v] after Request.Body was written; define Request.GetBody to avoid this errorCommitting version {{.TemplateVersion}} of template {{.TemplateID}} as {{.UserEmail}} under account {{.AccountID}}${COMMAND_NAME} iam access-group-assignment-create TEMPLATE_ID TEMPLATE_VERSION --target-type TYPE --target TARGETThe type of MFA on the account (one of "NONE", "NONE_NO_RPC", "TOTP", "TOTP4ALL", "LEVEL1", "LEVEL2", or "LEVEL3")${COMMAND_NAME} iam service-policy-delete SERVICE_ID POLICY_ID [-f, --force] [-q, --quiet] [--api-version v1 | v2]Adding an account (or list of comma separated accounts) to the excludes list. Email or Account GUIDs are acceptableCurrent user is not authorized to delete the trusted profile identity. Please check with your account administratorCurrent user is not authorized to create a new version of a template. Please check with your account administrator.${COMMAND_NAME} iam authorization-policy-template (TEMPLATE_ID | TEMPLATE_NAME) [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam user-policies IBMid [--total-items | -o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]${COMMAND_NAME} iam access-group-template-versions (TEMPLATE_ID | TEMPLATE_NAME) [-q, --quiet] [-o, --output FORMAT]The service ID {{.ServiceID}} was not found in the current account. Do you want to proceed with the policy creation?3940200619639447921227904010014361380507973927046544666794829340424572177149687032904726608825893800186160697311231939402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643${COMMAND_NAME} iam access-group-users GROUP_NAME [-o, --output FORMAT] [--type static | dynamic | all] [-q, --quiet]Attention: Plugin {{.Name}} is not from official repository or is written by 3rd party. Download it at your own risk.Creating service instance {{.Name}} in resource group {{.GroupName}} of account {{.AccountName}} as {{.UserEmail}}...Retrieving service key {{.Name}} in {{.ResourceGroupDescription}} under account {{.AccountName}} as {{.UserEmail}}...${COMMAND_NAME} iam access-policy-template-versions (TEMPLATE_ID | TEMPLATE_NAME) [-q, --quiet] [-o, --output FORMAT]The maximum number of sessions per identity on the account (can also be "NOT_SET", which will reset value to default)${COMMAND_NAME} iam account-settings-assignment-create TEMPLATE_NAME TEMPLATE_VERSION TARGET_TYPE TARGET [-q,--quiet]${COMMAND_NAME} iam trusted-profile-assignment-create TEMPLATE_ID TEMPLATE_VERSION --target-type TYPE --target TARGET${COMMAND_NAME} iam trusted-profile-template-versions TEMPLATE_ID | TEMPLATE_NAME [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam trusted-profile (PROFILE_NAME|PROFILE_ID) [--id | -o, --output FORMAT] [-q, --quiet] [--activity]${COMMAND_NAME} iam trusted-profile-rules (PROFILE_NAME|PROFILE_ID) [-o, --output FORMAT] [-f, --force] [-q, --quiet]tls: failed to find "CERTIFICATE" PEM block in certificate input after skipping PEM blocks of the following types: %vConsolas, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New, monospace[$@%&]+[.^:?=!~]?(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+${COMMAND_NAME} iam access-group-create GROUP_NAME [-d, --description DESCRIPTION] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam access-policy-template-version-commit (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet]${COMMAND_NAME} iam access-group create GROUP_NAME [-d, --description DESCRIPTION] [-o, --output FORMAT] [-q, --quiet]Command/alias '{{.Command}}' in the plug-in being installed is a command/alias in the installed plug-in '{{.Plugin}}'.The requested duplicate volume size is too small. Duplicate volumes must be at least as large as their origin volumes.${COMMAND_NAME} iam authorization-policies [--total-items | -o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]Either input arguments 'SOURCE_SERVICE_NAME TARGET_SERVICE_NAME ROLE_NAME...', or specify a JSON file through '--file'(?<=\bconstant\s+)(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+${COMMAND_NAME} iam service-id-create NAME [-d, --description DESCRIPTION] [--lock] [-o, --output FORMAT] [-q, --quiet]Locking service instance {{.Name}} in resource group {{.GroupName}} under account {{.AccountName}} as {{.UserEmail}}...${COMMAND_NAME} iam account-settings-template-versions (TEMPLATE_ID | TEMPLATE_NAME) [-q,--quiet] [-o, --output FORMAT]mask[id, firstName, lastName, email, companyName, address1, city, country, postalCode, state, userStatusId, timezoneId]publicsuffix.org's public_suffix_list.dat, git revision 63cbc63d470d7b52c35266aa96c4c98c96ec499c (2023-08-03T10:01:25Z)${COMMAND_NAME} iam service-api-keys (SERVICE_ID_NAME|SERVICE_ID_UUID) [-o, --output FORMAT] [-f, --force] [-q, --quiet]Deleting service instance {{.Name}} in resource group {{.GroupName}} under account {{.AccountName}} as {{.UserEmail}}...Updating service instance {{.Name}} in {{.ResourceGroupDescription}} under account {{.AccountName}} as {{.UserEmail}}...${COMMAND_NAME} iam access-policy-template-version-create (TEMPLATE_ID | TEMPLATE_NAME) [--file JSON_FILE] [-q, --quiet]${COMMAND_NAME} iam account-settings-template-version-delete (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q,--quiet]${COMMAND_NAME} iam trusted-profile-rule-delete (PROFILE_NAME|PROFILE_ID (RULE_NAME|RULE_ID) [-f, --force] [-q, --quiet]Canceling service instance {{.Name}} in resource group {{.GroupName}} under account {{.AccountName}} as {{.UserEmail}}...Unlocking service instance {{.Name}} in resource group {{.GroupName}} under account {{.AccountName}} as {{.UserEmail}}...Name or UUID of the service ID which the role belongs to. Can only be set when ROLE_NAME is ommitted or is set to "None".${COMMAND_NAME} iam trusted-profile get (PROFILE_NAME|PROFILE_ID) [--id | -o, --output FORMAT] [-q, --quiet] [--activity]${COMMAND_NAME} iam trusted-profile-link-delete (PROFILE_NAME|PROFILE_ID) (LINK_NAME|LINK_ID) [-f, --force] [-q, --quiet]EXAMPLE:
    ${COMMAND_FULL_NAME} example_group --file policy.json
        Create an access group policy from a JSON file
	  ${COMMAND_NAME} iam authorization-policy-create --file JSON_FILE
		Create an authorization policy from a JSON file
		(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+(?=\s+\W?['\w:-]+:\W)(?<=^ *)(?<ws> *)(?<keyword>=begin)(?<ws2> +)(?!code)(?<name>\w[\w'-]*)(?<config>[^\n]*)(?<value>)(?<closing_delimiters>)^hsla\(([ ]*[012]?[0-9]{1,2}|3[0-5][0-9]|360),[ ]*([0-9]{0,2}|100)\%,[ ]*([0-9]{0,2}|100)\%,[ ]*(1|1\.0|0|(0\.[0-9]+))\)$${COMMAND_NAME} catalog locations [-i, --id ID] [-k, --kind KIND] [--col COLUMNS] [--output TYPE] [--global] [-q, --quiet]    flags=()
    two_word_flags=()
    local_nonpersistent_flags=()
    flags_with_completion=()
    flags_completion=()

${COMMAND_NAME} billing resource-instances-usage [-g RESOURCE_GROUP_NAME] [-d YYYY-MM] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam access-group-trusted-profile-remove GROUP_NAME (PROFILE_NAME | PROFILE_ID) [-f, --force] [-q, --quiet]
    ${COMMAND_FULL_NAME} example_group --roles Viewer
        Give example_group Viewer role for all resources in account(?<!(?:\d+|\.(?:Int|Numeric)|[$@%]\*?[\w':-]+\s+|[\])}]\s+)\s*)(<<)(?!(?:(?!>>)[^\n])+?[},;] *\n)(?!(?:(?!>>).)+?>>\S+?>>)
{{range .VisibleCommands}}  {{.Name}}{{with .Aliases}}{{range .}}, {{.}}{{end}}{{end}}{{ "\t" }} {{.Description}}
{{end}}
${COMMAND_NAME} iam trusted-profile-template-version-update (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION --file JSON_FILE${COMMAND_NAME} iam trusted-profile create PROFILE_NAME [-d, --description DESCRIPTION] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam trusted-profile-create PROFILE_NAME [-d, --description DESCRIPTION] [-o, --output FORMAT] [-q, --quiet]Namespace name/alias '{{.Namespace}}' in the plug-in being installed already exists in the installed plug-in '{{.Plugin}}'.^(?:http|https|ftp)://[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-z]+(?::\d+)?(?:[/#?][-a-zA-Z0-9@:%_+.~#$!?&/=\(\);,'">\^{}\[\]`]*)?${COMMAND_NAME} iam authorization-policy-delete AUTHORIZATION_POLICY_ID [-f, --force] [-q, --quiet] [--api-version v1 | v2]{{with (or .Long .Short)}}{{. | trimTrailingWhitespaces}}

{{end}}{{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}Attention: Plugin {{.Name}} is not from official repository or is written by 3rd party. Install and use it at your own risk.CRN of the resource on which the tags should be attached (for Classic Infrastructure resource, it is the ID of the resource)CRN of the resource on which the tags should be detached (for Classic Infrastructure resource, it is the ID of the resource)${COMMAND_NAME} resource service-instance-delete ( NAME | ID ) [-g RESOURCE_GROUP] [-f, --force] [--recursive] [-q, --quiet]${COMMAND_NAME} iam authorization-policy-template-versions (TEMPLATE_ID | TEMPLATE_NAME) [-q, --quiet] [-o, --output FORMAT]${COMMAND_NAME} iam trusted-profile-links (PROFILE_NAME|PROFILE_ID) [--id | -o, --output FORMAT] [-f, --force] [-q, --quiet]Plug-in '{{.Plugin}}' was not found in repository '{{.RepoName}}'.
Use '{{.Command}}' to list plugins available in the repo.tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched${COMMAND_NAME} iam authorization-policy AUTHORIZATION_POLICY_ID [-o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]Name of the resource group. '*' means all resource groups. This option is exclusive with '--file' and '--resource-group-id'.ID of the resource group. '*' means all resource groups. This option is exclusive with '--file' and '--resource-group-name'.${COMMAND_NAME} iam access-group-service-id-remove GROUP_NAME (SERVICE_ID_NAME | SERVICE_ID_UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam api-key (APIKEY_NAME|APIKEY_UUID) [--uuid] [-o, --output FORMAT] [-f, --force] [-q, --quiet] [--activity]Specify a download directory for the plugin(s). Downloaded plugin(s) will be in working directory if option is not specified.The plug-in is not available for your system architecture. Download the amd64 version that may have limited capability [Y/n]?${COMMAND_NAME} iam authorization-policy-template-version-commit (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet]id,billingItem.location,snapshotCapacityGb,storageType.keyName,capacityGb,originalVolumeSize,provisionedIops,storageTierLevelid,username,notes,snapshotSizeBytes,storageType.keyName,snapshotCreationTimestamp,hourlySchedule,dailySchedule,weeklyScheduleid, lastOperatingSystemReload[id,modifyDate], activeTransaction[id,transactionStatus.name], provisionDate, powerState.keyNameRetrieving service instance {{.NameOrID}} in {{.ResourceGroupDescription}} under account {{.AccountName}} as {{.UserEmail}}...Filter report by activity type. If not specified, all five item types will appear. Must be specified if JSON is not requested.'--source-service-name' and '--target-service-name' cannot be set when SOURCE_SERVICE_NAME or TARGET_SERVICE_NAME is specifiedRegion of the policy definition. This option is exclusive with '--file'. For supported regions, run '${COMMAND_NAME} regions'.'--file' is exclusive with other flags. Specify policy contents either through a JSON file by '--file' or through other flags.Incorrect Usage. The -c flag cannot be used in conjunction with any other flags. All other flags can be used in any combinationDetermines if reclaimed documents should be included in the result set. Possible values are 'false' (default), 'true' or 'any'.${COMMAND_NAME} resource service-key-update ( NAME | ID ) [-n, --name NEW_NAME] [-g RESOURCE_GROUP] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam authorization-policy-template-version-create (TEMPLATE_ID | TEMPLATE_NAME) [--file JSON_FILE] [-q, --quiet]${COMMAND_FULL_NAME} [--resource-instance-id RESOURCE_INSTANCE_ID] [-g RESOURCE_GROUP_NAME] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam service-api-key-lock (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID) [-f, --force] [-q, --quiet]No deployment found for service plan {{.ServicePlan}} in location {{.Location}}.
Valid location(s) are: {{.SupportedLocations}}.Locking API key {{.APIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...Account {{.AccountID}} will be incorporated into enterprise {{.EnterpriseName}} (which cannot be undone). Do you want to proceed?${COMMAND_NAME} iam access-group-template-version-delete (TEMPLATE_ID|TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet] [-f, --force]Enabling API key {{.APIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...Updating API key {{.APIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: %v${COMMAND_NAME} iam service-policy SERVICE_ID POLICY_ID [-o, --output FORMAT] [-f, --force] [-q, --quiet] [--api-version v1 | v2]Optional: Filter by kind of resources. Currently "service" (default), "iaas", "runtime", "template", and "geography" are supported${COMMAND_NAME} iam service-api-key-delete (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam service-api-key-enable (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam service-api-key-unlock (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID) [-f, --force] [-q, --quiet]${COMMAND_NAME} iam account-settings-template-create TEMPLATE_NAME [-d, --description DESCRIPTION] [--file JSON_FILE] [-q,--quiet]Disabling API key {{.APIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...Unlocking API key {{.APIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...The type of identifiers to list for the trusted profile. USER for user IAM IDs, SERVICEID for service IDs, or CRN for service CRNs${COMMAND_NAME} iam service-api-key-disable (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID) [-f, --force] [-q, --quiet]The plug-in is not available for your system architecture. Instead, downloading the amd64 version that may have limited capability.You cannot assume another profile if you are already assuming one. Run {{.Command}} to view the ID of the profile you are assuming.Command/alias '{{.Command}}' in the plug-in being installed is already taken by a namespace in the installed plug-in '{{.Plugin}}'.You are using a federated user ID, please use one time passcode ( {{.Command1}} ), or use API key ( {{.Command2}} ) to authenticate.${COMMAND_NAME} iam access-group-service-id-add GROUP_NAME SERVICE_ID_UUID [SERVICE_ID_UUID2...] [-o, --output FORMAT] [-q, --quiet]The updated plug-in is not available for your system architecture. Install the amd64 version that may have limited capability [Y/n]?${COMMAND_NAME} iam access-policy-template-version-delete (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet] [-f, --force]v?([0-9|x|X|\*]+)(\.[0-9|x|X|\*]+)?(\.[0-9|x|X|\*]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f0000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650(?<=\b(?:use|module|package)\s+)(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+Plug-in '{{.Name}}' was not found on disk or in the repository '{{.Repo}}'.
Use '{{.Command}}' to list plugins available in the repo.${COMMAND_NAME} iam access-policy-template-version (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet] [-o, --output FORMAT]${COMMAND_NAME} iam access-group-template-versions (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet] [-o, --output FORMAT]Specify an expiration in seconds for SAML rules. Must not be provided for trusts established to Compute Resources (type = Profile-CR)EXAMPLE:
    ${COMMAND_NAME} iam user-policy-create name@example.com --file policy.json
        Create a user policy from a JSON file(?:%=|&=|\|=|\^=|\+=|\-=|\*=|/=|<<=|>\s*>\s*=|>\s*>\s*>\s*=|==|!=|<=|>\s*=|&&|\|\||<<|>>>|>\s*>|\.\.\.|<|>|%|&|\||\^|\+|\*|/|\-|=>|=)${COMMAND_NAME} iam access-groups [-u IBMid | -s SERVICE_ID_NAME | -p (PROFILE_NAME | PROFILE_ID)] [-o, --output FORMAT] [-q, --quiet]No service endpoint type specified for this service that cannot default this setting. Use '--service-endpoints' to specify this value.${COMMAND_NAME} iam access-group-template-version-update (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION --file JSON_FILE [-q, --quiet]The type of identifier to connect to the trusted profile. USER for a user IAM ID, SERVICEID for a service ID, or CRN for a service CRN${COMMAND_NAME} iam account-settings-template-version (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q,--quiet] [-o, --output FORMAT]Getting API key {{.serviceAPIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...${COMMAND_NAME} iam trusted-profile-template-version (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam account-policies [--type access | auth] [--total-items | -o, --output FORMAT] [-q, --quiet] [--api-version v1 | v2]Optional: Filter by a country. Default is "USA". When using csv or json output, may use the value 'ALL' to get values for all countries.${COMMAND_NAME} resource service-instance (NAME|ID) [--location LOCATION] [-g RESOURCE_GROUP] [--id] [-o, --output FORMAT] [-q, --quiet]The number of seconds of inactivity after which a session will be invalidated (can also be "NOT_SET", which will reset value to default)Deleting API key {{.serviceAPIKeyNameOrUUID}} of service ID {{.serviceIDNameOrUUID}} under account {{.AccountGUID}} as {{.UserEmail}}...Volume does not have a valid storage type (with an appropriate 
keyName to indicate the volume is a PERFORMANCE or an ENDURANCE volume).(?<=^ *)\b(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+(?=:\s*(?:for|while|loop))No Softlayer account was found associated with target account. Use '{{.Command}}' to target an account associated with Softlayer account.Version of the plug-in to be installed. Accepts specific semantic version or constraint. Only applicable when installing a single plugin.${COMMAND_NAME} resource service-keys [ --instance-id ID | --instance-name NAME ] [-g RESOURCE_GROUP] [-o, --output FORMAT] [-q, --quiet]The plug-in that is being installed does not support the private endpoint. Run '{{.Command}}' to set a public API endpoint and try again.${COMMAND_NAME} iam service-policies SERVICE_ID [--total-items | -o, --output FORMAT] [-f, --force] [-q, --quiet] [--api-version v1 | v2]${COMMAND_NAME} iam trusted-profile-policy-delete (PROFILE_NAME|PROFILE_ID) POLICY_ID [-f, --force] [-q, --quiet] [--api-version v1 | v2]{.CLIProductShortName}} {{.Version}} or later is required to run plug-in '{{.Name}}'. Run '{{.Command}}' to update your CLI and try again.The plug-in '{{.Name}} {{.Version}}' does not support the private endpoint. Run '{{.Command}}' to set a public API endpoint and try again.The updated plug-in is not available for your system architecture. Instead, installing the amd64 version that may have limited capability.Origin volume does not have a valid storage type (with an appropriate keyName to indicate the volume is a PERFORMANCE or ENDURANCE volume)Version of the plug-in to be downloaded. Accepts specific semantic version or constraint. Only applicable when downlaoding a single plugin.${COMMAND_NAME} iam api-key lock (NAME|UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam authorization-policy-template-version-delete (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet] [-f, --force]The type of identifier to disconnect from the trusted profile. USER for a user IAM ID, SERVICEID for a service ID, or CRN for a service CRNSpecify output format, only JSON is supported now. The default is terminal display. This option is only compatible with --service-list flag.${BINARY_NAME} blacklist [--add service NAME or entry ID] [--remove service NAME or entry ID] [--service-list] [--output TYPE] [-q, --quiet]${BINARY_NAME} blocklist [--add service NAME or entry ID] [--remove service NAME or entry ID] [--service-list] [--output TYPE] [-q, --quiet]${COMMAND_NAME} iam authorization-policy-template-version (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION [-q, --quiet] [-o, --output FORMAT](?<=\b(?:my|our|constant|let|temp)\s+)\\(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+${COMMAND_FULL_NAME} (--account-id ID) [--parent-account-group ACCOUNT_GROUP_NAME | --parent-account-group-id ACCOUNT_GROUP_ID] [-q, --quiet]${COMMAND_NAME} iam api-key delete (NAME|UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam api-key-enable (NAME|UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam api-key unlock (NAME|UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [-f, --force] [-q, --quiet]billingItem.activeChildren,snapshotCapacityGb,schedules,hourlySchedule,dailySchedule,weeklySchedule,storageType.keyName,iops,storageTierLevelList all access policies under current account filtered by policy type. Valid options are: user | service_id | access_group | trusted_profile(?<=^ *)(?<ws> *)(?<keyword>=begin)(?<ws2> +)(?<name>code)(?<config>[^\n]*)(?<value>.*?)(?<ws3>^\k<ws>)(?<end_keyword>=end)(?<ws4> +)\k<name>The plug-in requires a minimum CLI version '{{.MinVersion}}'. Current CLI version is '{{.CurVersion}}'.
Run '{{.Command}}' to update your CLI.${COMMAND_NAME} iam api-key disable (NAME|UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [-f, --force] [-q, --quiet](?=[\w\-])(ACTIFSUBRO|ACTIFSUB|ACTRO|ACT|CURIFSUBRO|CURIFSUB|CURRO|CUR|IFSUBRO|IFSUB|NO|SPC|USERDEF1RO|USERDEF1|USERDEF2RO|USERDEF2|USRRO|USR)${COMMAND_NAME} iam access-group-user-add GROUP_NAME ([IBMid [IBMid2...]] | [--iam-ids IAM_ID1,IAM_ID2...]) [-o, --output FORMAT] [-q, --quiet]HTTP/1.1 431 Request Header Fields Too Large
Content-Type: text/plain; charset=utf-8
Connection: close

431 Request Header Fields Too LargeNamespace name/alias '{{.Namespace}}' in the plug-in being installed is already used by a command/alias in the installed plug-in '{{.Plugin}}'.${COMMAND_NAME} iam account-settings-template-version-create {(TEMPLATE_ID |TEMPLATE_NAME) (--file JSON_FILE)} [-q,--quiet] [-o, --output FORMAT]
    ${COMMAND_FULL_NAME} --roles Administrator,Operator
        List details of platform default access policy roles 'Administrator', 'Operator'
    ${COMMAND_FULL_NAME} --service is --resource-type image
        List details of access policy roles of resource type 'image' of service 'is'Account GUID of source service, mutually exclusive with --source-service-instance-name. Use this option if source service is from another account
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Viewer
        Give sample-service Viewer role for all resources in account
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Viewer
        Give my-profile Viewer role for all resources in accountGenerate the autocompletion script for %[1]s for the specified shell.
See each sub-command's help for details on how to use the generated script.
The MFA setting of the child account (one of "NONE", "NONE_NO_RPC", "TOTP", "TOTP4ALL", "LEVEL1", "LEVEL2", or "LEVEL3"). Default is "NONE_NO_RPC"Origin volume performance tier is 0.25 IOPS/GB, duplicate volume performance tier must also be 0.25 IOPS/GB. {{.DuplicateTier}} IOPS/GB requested.
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Viewer
        Give name@example.com Viewer role for all resources in accountEXAMPLE:
    ${COMMAND_NAME} iam service-policy-create sample-service --file policy.json
        Create a policy of sample-service from a JSON fileif [[ $(type -t compopt) = "builtin" ]]; then
    complete -o default -F __start_%s %s
else
    complete -o default -o nospace -F __start_%s %s
fi

${COMMAND_NAME} iam api-key-update (NAME|UUID) [-n name] [-d description] [--action-if-leaked (none|disable|delete)] [--output FORMAT] [-q, --quiet]
    ${COMMAND_FULL_NAME} --service allacctmgmtroles --output JSON
        List access policy roles of all account management service in JSON format${COMMAND_NAME} iam user-settings-update [--allowed_ip_addresses (IP1,IP2...|@/path/to/file)] [-u --user-ids USER_NAME1,USER_NAME2... [-q --quiet]

crypto/tls: ExportKeyingMaterial is unavailable when neither TLS 1.3 nor Extended Master Secret are negotiated; override with GODEBUG=tlsunsafeekm=1Adding an account (or list of comma separated accounts) to the includes list, granting visibility to the entry. Email or Account GUIDs are acceptable${COMMAND_NAME} iam access-policy-template-update (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION --file JSON_FILE [-q, --quiet] [-o, --output FORMAT]EXAMPLE:
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --file policy.json
        Create a trusted profile policy from a JSON file${COMMAND_NAME} catalog entry-copy ID Name NewID [-p, --parent PARENT] [--provider PROVIDER] [--provider-email PROVIDEREMAIL]  [--global] [-q, --quiet]The plug-in '{{.Plugin}} {{.Version}}' is not available for your system architecture. Install the amd64 version that may have limited capability [Y/n]?
    ${COMMAND_FULL_NAME} --service resource-controller --roles Administrator
        List details of resource group access policy role 'Administrator'
	For more information about MFA settings, see the "mfa" response description at https://cloud.ibm.com/apidocs/iam-identity-token-api#getaccountsettings${COMMAND_FULL_NAME} NAME [--parent-account-group ACCOUNT_GROUP_NAME] [--primary-contact-id PRIMARY_CONTACT_USER_ID] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam trusted-profile-policy (PROFILE_NAME|PROFILE_ID) POLICY_ID [-o, --output FORMAT] [-f, --force] [-q, --quiet] [--api-version v1 | v2]Removing an account (or list of comma separated accounts) from the includes list, revoking visibility to the entry. Email or Account GUIDs are acceptable${COMMAND_NAME} iam service-id-update (NAME|UUID) [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [-o, --output FORMAT] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam trusted-profile-identities (PROFILE_NAME|PROFILE_ID) [--id-type IDENTITY_TYPE] [--id | -o, --output FORMAT] [-f, --force] [-q, --quiet]EXAMPLE:
    ${COMMAND_NAME} iam user-policy-update name@example.com user-policy-id --file policy.json
        Update user policy with the one in JSON file${COMMAND_NAME} iam authorization-policy-template-update (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION --file JSON_FILE [-q, --quiet] [-o, --output FORMAT]${COMMAND_NAME} config set (http-timeout VALUE | trace VALUE | color [true | false] | locale VALUE | sso-otp [manual | auto] | check-version [true | false]) The plug-in '{{.Plugin}} {{.Version}}' is not available for your system architecture. Instead, installing the amd64 version that may have limited capability.${COMMAND_FULL_NAME} (-n, --name NAME | --id ID) (--new-name NEW_NAME) (--new-primary-contact-id PRIMARY_CONTACT_USER_ID) [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam activity-report REFERENCE [-q, --quiet] [-o, --output FORMAT] [-t, --type (api-keys | service-api-keys | service-ids | profiles | users)]68647976601306097149819007990813932172694353001433054093944634591855431833976560521225596406614545549772963113914808580371219879997166438125740282911150571516864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449^rgb\(([ ]*((([0-9]{1,2}|100)\%)|(([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))),){2}([ ]*((([0-9]{1,2}|100)\%)|(([01]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))))\)$
{{range .VisibleCategories}}
{{.Name}}
   {{range .VisibleCommands}}{{.Name}}{{with .ShortName}}, {{.}}{{end}}{{ "\t" }} {{.Description}}
   {{end}}
{{end}}
${COMMAND_NAME} iam access-group-update GROUP_NAME [-n, --name NEW_NAME] [-d, --description NEW_DESCRIPTION] [-o, --output FORMAT] [-f, --force] [-q, --quiet]${COMMAND_NAME} resource tag-delete (--tag-name TAG_NAME | -a, --all  [-f, --force]) [-p, --provider PROVIDER] [--tag-type TAG_TYPE] [--account-id ACCOUNT_ID]${COMMAND_NAME} iam access-group update GROUP_NAME [-n, --name NEW_NAME] [-d, --description NEW_DESCRIPTION] [-o, --output FORMAT] [-f, --force] [-q, --quiet]Origin volume performance tier is above 0.25 IOPS/GB, duplicate volume performance tier must also be above 0.25 IOPS/GB. {{.DuplicateTier}} IOPS/GB requested.Retrieving instances with {{.TypeDescription}} in {{.ResourceGroupDescription}} in {{.LocationDescription}} under account {{.AccountName}} as {{.UserEmail}}...${COMMAND_FULL_NAME} [--parent-account-group ACCOUNT_GROUP_NAME | --parent-account-group-id ACCOUNT_GROUP_ID] [--recursive] [-o, --output FORMAT] [-q, --quiet]Compute resource token string or @CR_TOKEN_FILE. If provided, the '--profile' flag, or 'IBMCLOUD_CR_PROFILE' environment variable, must also be provided or set.${COMMAND_NAME} iam access-group-trusted-profile-add GROUP_NAME (PROFILE_NAME | PROFILE_ID) [PROFILE_NAME2 | PROFILE_ID2...] [-o, --output FORMAT] [-q, --quiet]The compute resource type. VSI for Virtual Service Instance on VPC, IKS_SA for Service Accounts on Kubernetes clusters, or ROKS_SA for managed Red Hat OpenShift${COMMAND_NAME} iam trusted-profile-policies (PROFILE_NAME|PROFILE_ID) [--total-items | -o, --output FORMAT] [-f, --force] [-q, --quiet] [--api-version v1 | v2](?<=(?:^|\s)(?:class|grammar|role|does|but|is|subset|of)\s+)(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+${COMMAND_NAME} iam account-settings-template-update (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION --file JSON_FILE [-d, --description DESCRIPTION] [-q,--quiet]${BINARY_NAME} pricing <QUERY> [-r, --region REGION] [-k, --kind KIND] [-p, --price PRICE] [--tag TAG] [--country COUNTRY] [--global] [--iam] [-output json | csv]Tip: The service you are accessing does not support the private endpoint in the current region.
Run the '{{.Command}}' command to switch the region and try again.${COMMAND_FULL_NAME} NAME [--parent-account-group ACCOUNT_GROUP_NAME] [--owner USER_ID] [--mfa MFA] [--enterprise-iam-managed] [-o, --output FORMAT] [-q, --quiet]\b(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+(?=(:['\w-]+(?:<<|<|«|\(|\[|\{).+?(?:>>|>|»|\)|\]|\}))?\()EXAMPLE:
    ${COMMAND_NAME} iam service-policy-update sample-service service-policy-id --file policy.json
        Update service policy with contents in JSON fileThe service you are accessing does not support the private endpoint.
Run the '{{.Command}}' command to log in to IBM Cloud with a public API endpoint and try again.Plug-in being installed requires a minimum CLI version {{.MinVersion}}. Current CLI version is {{.CurVersion}}. Run '{{.Command}}' to update your CLI and try again.
    ${COMMAND_FULL_NAME} example_group --file policy.json --api-version v2
        Create an access group policy from a JSON file using Access Policy API Version 2
    ${COMMAND_FULL_NAME} example_group --roles Administrator --account-management
        Give example_group Administrator role for all account management servicesEXAMPLE:
    ${COMMAND_FULL_NAME} example_group b8638ceb-5c4d-4d58-ae06-7ad95a10c4d4 --file policy.json
        Update access group policy with the one in JSON fileid,allowedVirtualGuests.allowedHost.credential,allowedHardware.allowedHost.credential,allowedSubnets.allowedHost.credential,allowedIpAddresses.allowedHost.credentialYou cannot authenticate with username and password, as you are required to use MFA.
Use one time passcode ( {{.Command1}} ), or use API key ( {{.Command2}} ) to login.${COMMAND_NAME} iam service-api-key (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID) [--uuid] [-o, --output FORMAT] [-f, --force] [-q, --quiet] [--activity]${COMMAND_NAME} iam access-group list [-u, --user IBMid | -s, --service SERVICE_ID_NAME | -p, --profile (PROFILE_NAME | PROFILE_ID)] [-o, --output FORMAT] [-q, --quiet]WARNING:
   Providing your password as a command line option is not recommended
   Your password might be visible to others and might be recorded in your shell history

id,username,capacityGb,bytesUsed,serviceResource.datacenter.name,serviceResourceBackendIpAddress,activeTransactionCount,fileNetworkMountAddress,storageType.keyName,notes(?<!(?:\d+|\.(?:Int|Numeric)|[$@%]\*?[\w':-]+\s+|[\])}]\s+)\s*)(<)((?:(?![,;)}] *(?:#[^\n]+)?\n)[^<>])+?)(>)(?!\s*(?:\d+|\.(?:Int|Numeric)|[$@%]\*?\w[\w':-]*[^(]|\s+\[))
    ${COMMAND_FULL_NAME} example_group --roles Administrator --service-name sample-service
        Give example_group Administrator role for all sample-service resources${COMMAND_NAME} iam access-group purge user|(trusted_profile|tp)|service_id IBMid|(PROFILE_NAME|PROFILE_ID)|(SERVICE_ID_NAME | SERVICE_ID_UUID) [-f, --force] [-q, --quiet]<style>
@font-face {
	font-family: '%s';
	src: url(data:application/x-font-%s;charset=utf-8;base64,%s) format('%s');'
	font-weight: normal;
	font-style: normal;
}
</style>Getting authorization policy roles {{.RoleList}}of source service {{.SourceService}} and target service {{.TargetService}} under account {{.AccountID}} as {{.UserEmail}}...(?<=^|\b|\s)(?<keyword>(?:qq|q|Q))(?<adverbs>(?::?(?:heredoc|to|qq|ww|q|w|s|a|h|f|c|b|to|v|x))*)(?<ws>\s*)(?<opening_delimiters>(?<delimiter>[^0-9a-zA-Z:\s])\k<delimiter>*)${COMMAND_NAME} iam api-key-create NAME [-d DESCRIPTION] [--file FILE] [--lock] [--action-if-leaked none|disable|delete] [--support-sessions] [--output FORMAT] [-q, --quiet]${COMMAND_FULL_NAME} (-n, --name NAME | --id ID) (--parent-account-group ACCOUNT_GROUP_NAME | --parent-account-group-id ACCOUNT_GROUP_ID | --parent-enterprise) [-q, --quiet]
    ${COMMAND_FULL_NAME} --source-service cloud-object-storage --service kms
        List authorization roles for source service cloud-object-storage and target service kms${COMMAND_NAME} iam api-key list [-a, --all | --service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [--platform] [-f, --force] [-o, --output FORMAT] [-q, --quiet]${COMMAND_FULL_NAME} [--service SERVICE_NAME [--resource-type RESOURCE_TYPE] [--source-service SOURCE_SERVICE_NAME]] [--roles ROLE_NAME] [-o, --output FORMAT] [-q, --quiet]

%[1]s and %[2]s both match some paths, like %[3]q.
But neither is more specific than the other.
%[1]s matches %[4]q, but %[2]s doesn't.
%[2]s matches %[5]q, but %[1]s doesn't.${COMMAND_NAME} iam access-group-template-create (TEMPLATE_NAME --access-group-name ACCESS_GROUP_NAME [-d, --description DESCRIPTION] | --file JSON_FILE) [-o, --output FORMAT]${COMMAND_NAME} iam trusted-profile-identity-delete (PROFILE_NAME|PROFILE_ID) (IDENTITY_IDENTIFIER|IDENTITY_ID) --id-type IDENTIFIER_TYPE_TO_DELETE [-f, --force] [-q, --quiet]EXAMPLE:
    ${COMMAND_NAME} iam trusted-profile-policy-update my-profile profile-policy-id --file policy.json
        Update trusted profile policy with contents in JSON fileRole names of the policy definition. For supported roles of a specific service, run '${COMMAND_NAME} iam roles --service SERVICE_NAME'. This option is exclusive with '--file'.${COMMAND_NAME} iam authorization-policy-assignment-create (TEMPLATE_ID | TEMPLATE_NAME) TEMPLATE_VERSION --target-type TYPE --target TARGET [-q, --quiet] [-o, --output FORMAT]${COMMAND_NAME} iam trusted-profile-update (PROFILE_NAME|PROFILE_ID) [-n, --name NEW_NAME] [-d, --description NEW_DESCRIPTION] [-o, --output FORMAT] [-f, --force] [-q, --quiet]${COMMAND_NAME} iam trusted-profile update (PROFILE_NAME|PROFILE_ID) [-n, --name NEW_NAME] [-d, --description NEW_DESCRIPTION] [-o, --output FORMAT] [-f, --force] [-q, --quiet]
    ${COMMAND_NAME} iam user-policy-create name@example.com --file policy.json --api-version v2
        Create a user policy from a JSON file using Access Policy API Version 2${COMMAND_NAME} iam trusted-profile-identity (PROFILE_NAME|PROFILE_ID) (IDENTITY_IDENTIFIER|IDENTITY_ID) --id-type IDENTITY_TYPE_TO_GET [--id | -o, --output FORMAT] [-q, --quiet]Target service instance name, mutually exclusive with --target-service-instance-id. if target service instance not specified, all instances of target service will be able to accessTarget service instance id, mutually exclusive with --target-service-instance-name. if target service instance not specified, all instances of target service will be able to accessOrigin volume performance is < 0.3 IOPS/GB, duplicate volume performance must also be < 0.3 IOPS/GB. {{.DuplicateIopsPerGb}} IOPS/GB ({{.DuplicateIops}}/{{.DuplicateSize}}) requested.
    ${COMMAND_NAME} iam user-policy-update name@example.com user-policy-id --roles Viewer
        Update user policy to give name@example.com Viewer role for all resources in account${COMMAND_NAME} iam access-group remove user|service_id|(trusted_profile|tp) GROUP_NAME IBMid|(SERVICE_ID_NAME | SERVICE_ID_UUID)|(PROFILE_NAME | PROFILE_ID) [-q, --quiet] [-f, --force]Origin volume performance is >= 0.3 IOPS/GB, duplicate volume performance must also be >= 0.3 IOPS/GB. {{.DuplicateIopsPerGb}} IOPS/GB ({{.DuplicateIops}}/{{.DuplicateSize}}) requested.
    ${COMMAND_FULL_NAME} --service cloud-object-storage --roles Writer --output JSON
        List details of access policy role 'Writer' of 'cloud-object-storage' service in JSON formatSource service instance id, mutually exclusive with --source-service-instance-name. If source service instance not specified, all instances of source service will be authorized to accessCheck the regions that have private endpoint enabled at https://cloud.ibm.com/docs/cli?topic=cli-ibm-cli-faq#cli-private-endpoint-faq.
Select a region that has a private endpoint enabled:
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Administrator --account-management
        Give sample-service Administrator role for all account management services
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Administrator --account-management
        Give my-profile Administrator role for all account management services
    ${COMMAND_NAME} iam service-policy-update sample-service service-policy-id --roles Viewer
        Update service policy to give sample-service Viewer role for all resources in account
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Administrator --account-management
        Give name@example.com Administrator role for all account management services${COMMAND_NAME} resource tag-detach --tag-names TAG_NAMES (--resource-name NAME | --resource-id RESOURCE_ID ) [--resource-type RESOURCE_TYPE] [--tag-type TAG_TYPE] [--account-id ACCOUNT_ID]http2: TLSConfig.CipherSuites is missing an HTTP/2-required AES_128_GCM_SHA256 cipher (need at least one of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)${COMMAND_NAME} iam account-settings-external-interaction-update (service|service_id|user) [--state STATE] [--allowed-accounts ACCOUNT_1, ACCOUNT_2, ...] [-o, --output FORMAT] [-q, --quiet]
    ${COMMAND_FULL_NAME} example_group b8638ceb-5c4d-4d58-ae06-7ad95a10c4d4 --roles Viewer
        Update access group policy to give example_group Viewer role for all resources in account
    ${COMMAND_NAME} iam service-policy-create sample-service --file policy.json --api-version v2
        Create a policy of sample-service from a JSON file using Access Policy API Version 2\b(most_recently_modified|largest_size|smallest_size|first_exist|internal|disable_redirects|ignore_loaded_certs|disable_certs|private_ranges|first|last|before|after|on|off)\b(\||(?=\]|\s|$))(?<operator>\.)(?<method_name>(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+)(?=(:['\w-]+(?:<<|<|«|\(|\[|\{).+?(?:>>|>|»|\)|\]|\}))?\()
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --file policy.json --api-version v2
        Create a trusted profile policy from a JSON file using Access Policy API Version 2${COMMAND_NAME} resource instances [--location LOCATION] [-g RESOURCE_GROUP | --all-resource-groups] [--long] [--limit LIMIT] [--offset OFFSET] [--all-pages] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} iam activity-report-create [-d, --duration] [-r, --reference-only] [-t, --type (api-keys | service-api-keys | service-ids | profiles | users) [-o, --output FORMAT] [-q, --quiet]
    ${COMMAND_FULL_NAME} example_group --roles Viewer --resource-group-name sample-resource-group
        Give example_group Viewer role for the members of resource group sample-resource-group
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Administrator --service-name target-service
        Give sample-service Administrator role for all target-service resources
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Administrator --service-name target-service
        Give my-profile Administrator role for all target-service resources
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Administrator --service-name sample-service
        Give name@example.com Administrator role for all sample-service resources${COMMAND_NAME} iam api-key get (APIKEY_NAME|APIKEY_UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [--uuid] [-o, --output FORMAT] [-f, --force] [-q, --quiet] [--activity]
    ${COMMAND_NAME} iam trusted-profile-policy-update my-profile profile-policy-id --roles Viewer
        Update trusted profile policy to give my-profile Viewer role for all resources in account${COMMAND_NAME} iam api-key create NAME [--service-id-name  SERVICE_ID_NAME | --service-id SERVICE_ID_UUID] [-d DESCRIPTION] [--file FILE] [--lock] [-o, --output FORMAT] [-f, --force] [-q, --quiet]A profile name, ID, or CRN is required when authenticating with a compute resource token.
Use '--profile' or set the 'IBMCLOUD_CR_PROFILE' environment variable to specify a profile name, ID, or CRN.${COMMAND_NAME} account audit-logs [--user-name IBMid] [--object-type OBJECT_TYPE] [--object OBJECT] [--action ACTION] [--start-date START_DATE] [--end-date END_DATE] [--output FORMAT] [-q, --quiet]
    ${COMMAND_NAME} iam user-policy-update name@example.com user-policy-id --file policy.json --api-version v2
        Update user policy with the one in JSON file using Access Policy API Version 200010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899(?<!\.\.[?^*+]?)(?<=(?:\.[?^*+&]?)|self!)(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+(?=(:['\w-]+(?:<<|<|«|\(|\[|\{).+?(?:>>|>|»|\)|\]|\}))?\b)ibmcloud iam role-create ROLE_NAME --display-name DISPLAY_NAME --service-name SERVICE_NAME -a, --actions ROLE_ACTION1 [ROLE_ACTION2...] [-d, --description DESCRIPTION] [-o, --output FORMAT] [-q --quiet]${COMMAND_FULL_NAME} (ROLE_NAME|ROLE_DISPLAY_NAME|ROLE_ID) [--display-name DISPLAY_NAME] [-a, --actions ROLE_ACTION [ROLE_ACTION2...]] [-d, --description DESCRIPTION] [-o, --output FORMAT] [-q, --quiet]Issuer Id for trusts established via IBMid with federation, or appid:// for trusts established via App ID federation. Must not be provided for trusts established to Compute Resources (type = Profile-CR)id,username,lunId,capacityGb,bytesUsed,serviceResource.datacenter.name,serviceResourceBackendIpAddress,storageType.keyName,activeTransactionCount,billingItem.orderItem.order[id,userRecord.username],notes(?<=(?:^|\s)(?:regex|token|rule)(\s+))(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+(?=(:['\w-]+(?:<<|<|«|\(|\[|\{).+?(?:>>|>|»|\)|\]|\}))?\s*[({])${COMMAND_NAME} target [-r REGION_NAME | --unset-region] [-c ACCOUNT_ID | --ca, --choose-account] [-g (RESOURCE_GROUP_NAME | RESOURCE_GROUP_ID) | --unset-resource-group] [-o, --output FORMAT] [-q, --quiet]
    ${COMMAND_NAME} iam service-policy-update sample-service service-policy-id --file policy.json --api-version v2
        Update service policy with contents in JSON file using Access Policy API Version 2
    ${COMMAND_FULL_NAME} example_group --roles Viewer --service-name is --attributes "instanceId=*"
        Give example_group Viewer role for service "is" resources with attribute "instanceId" equal to "*"
    ${COMMAND_FULL_NAME} example_group b8638ceb-5c4d-4d58-ae06-7ad95a10c4d4 --file policy.json --api-version v2
        Update access group policy with the one in JSON file using Access Policy API Version 2^([ ]*["'][\x{0022}\x{0027}\x{2039}\x{2039}\x{203A}\x{00AB}\x{00BB}\x{2018}\x{2019}\x{201C}-\x{201E}]["'] ["'][\x{0022}\x{0027}\x{2039}\x{2039}\x{203A}\x{00AB}\x{00BB}\x{2018}\x{2019}\x{201C}-\x{201E}]["'])+$The name, ID, or CRN of the linked trusted IAM profile to be used when obtaining the IAM access token. If authenticating as a VPC VSI compute resource, only specifying a trusted profile CRN or ID is supported.${COMMAND_NAME} iam trusted-profile-identity-create (PROFILE_NAME|PROFILE_ID|CRN) --id IDENTIFIER_TO_CONNECT --id-type IDENTIFIER_TYPE_TO_CONNECT [--description DESCRIPTION] [-o, --output FORMAT] [-q, --quiet]Valid JSON object containing catalog-specific configuration parameters, provided either in-line or in a file. For a list of supported configuration parameters, see documentation for the particular catalog entry.${COMMAND_FULL_NAME} [--account-group ACCOUNT_GROUP_NAME | --account-group-id ACCOUNT_GROUP_ID | --account ACCOUNT_NAME | --account-id ACCOUNT_ID] [--month MONTH] [--children] [-o, --output FORMAT] [-q, --quiet]If generating a new report, this is the duration of history (ending now) that the report will capature. Acceptable formats include an integer up to 720 (max) for no. hours, or an hour/day combination (e.g. 2d4h)${COMMAND_NAME} resource tag-attach --tag-names TAG_NAMES (--resource-name NAME | --resource-id RESOURCE_ID ) [--resource-type RESOURCE_TYPE] [--tag-type TAG_TYPE] [--account-id ACCOUNT_ID] [--replace] [--update](?<=(?:^|\s)(?:sub|method|multi sub|multi)\s+)!?(?:(?!(?<!:)(?<colon>:)(?<key>\w[\w'-]*)(?<opening_delimiters>(?:<<|<|«|\(|\[|\{)))(?:::|[\w':-]))+(?=(:['\w-]+(?:<<|<|«|\(|\[|\{).+?(?:>>|>|»|\)|\]|\}))?\s*[({])Sort the policies based on attributes. Valid options are: id | type | href | created_at | created_by_id | last_modified_at | last_modified_by_id | state. Prepend a minus ("-id", "-type", etc.), for reverse sorting.The custom server URL to use when obtaining an instance identity token and IAM token as a VPC VSI compute resource. This value will replace the default server endpoint of the VPC VSI instance identity token service.Source service instance name, mutually exclusive with --source-service-instance-id and --source-service-account. If source service instance not specified, all instances of source service will be authorized to access
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Viewer --resource-group-name sample-resource-group
        Give sample-service Viewer role for the members of resource group sample-resource-group
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Viewer --resource-group-name sample-resource-group
        Give my-profile Viewer role for the members of resource group sample-resource-groupitems[keyName,capacity,description,attributes[id,attributeTypeKeyName],itemCategory[id,categoryCode],softwareDescription[id,referenceCode,longDescription],prices],activePresets,regions[location[location[priceGroups]]]
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Viewer --resource-group-name sample-resource-group
        Give name@example.com Viewer role for the members of resource group sample-resource-group
    ${COMMAND_NAME} iam trusted-profile-policy-update my-profile profile-policy-id --file policy.json --api-version v2
        Update trusted profile policy with contents in JSON file using Access Policy API Version 2${COMMAND_NAME} iam trusted-profile-link-create (PROFILE_NAME|PROFILE_ID) --name LINK_NAME --cr-type CR_TYPE --link-crn CRN [--link-namespace NAMESPACE --link-name NAME] [-o, --output FORMAT] [-q, --quiet] [-f, --force]${COMMAND_NAME} resource tags [-o, --offset OFFSET] [-l, --limit LIMIT]  [-p, --provider classic-infrastructure] [-d, --details true] [-a, --attached true] [--output FORMAT] [--tag-type TAG_TYPE] [--account-id ACCOUNT_ID]
    ${COMMAND_FULL_NAME} example_group --roles Administrator --service-name sample-service --api-version v2
        Give example_group Administrator role for all sample-service resources using Access Policy API Version 2
    ${COMMAND_FULL_NAME} example_group --roles Viewer --resource-group-id dda27e49d2a1efca58083a01dfde18f6
        Give example_group Viewer role for the members of resource group with ID dda27e49d2a1efca58083a01dfde18f6If logging in as an IKS compute resource, use '--cr-token' or set the 'IBMCLOUD_CR_TOKEN' environment variable to specify a compute resource token. If logging in as a VPC VSI compute resource, specify the '--vpc-cri' flag.EXAMPLE:
    ${COMMAND_NAME} iam authorization-policy-create EXAMPLE_SOURCE_SERVICE EXAMPLE_TARGET_SERVICE Administrator,Operator
        Create an authorization policy with both source service and target service specified${COMMAND_NAME} iam service-api-key-create NAME (SERVICE_ID_NAME|SERVICE_ID_UUID) [-d, --description DESCRIPTION] [--lock] [--file FILE] [--action-if-leaked none|disable|delete] [--output FORMAT] [-f, --force] [-q, --quiet]
    ${COMMAND_NAME} iam user-policy-update name@example.com user-policy-id --roles Administrator --account-management
        Update user policy to give name@example.com Administrator role for all account management servicesShow Classic Infrastructure resources, only value allowed is: classic-infrastructure. Use it for SoftLayer_Hardware, SoftLayer_Network_Application_Delivery_Controller, SoftLayer_Network_Subnet_IpAddress, SoftLayer_Network_Vlanid,globalIdentifier,name,datacenter.name,status.name,transaction.transactionStatus.name,accountId,publicFlag,imageType,flexImageFlag,note,createDate,blockDevicesDiskSpaceTotal,children[blockDevicesDiskSpaceTotal,datacenter.name]
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Viewer --service-name is --attributes "instanceId=*"
        Give sample-service Viewer role for service "is" resources with attribute "instanceId" equal to "*"
    ${COMMAND_NAME} iam service-policy-update sample-service service-policy-id --roles Administrator --account-management
        Update service policy to give sample-service Administrator role for all account management services
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Viewer --service-name is --attributes "instanceId=*"
        Give my-profile Viewer role for service "is" resources with attribute "instanceId" equal to "*"
    ${COMMAND_FULL_NAME} example_group b8638ceb-5c4d-4d58-ae06-7ad95a10c4d4 --roles Administrator --account-management
        Update access group policy to give example_group Administrator role for all account management services
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Viewer --service-name is --attributes "instanceId=*"
        Give name@example.com Viewer role for service "is" resources with attribute "instanceId" equal to "*"
    ${COMMAND_NAME} iam user-policy-update name@example.com user-policy-id --roles Administrator --service-name sample-service
        Update user policy to give name@example.com Administrator role for all sample-service resources
    ${COMMAND_FULL_NAME} example_group --roles Operator --resource-type resource-group --resource dda27e49d2a1efca58083a01dfde18f6
        Give example_group Operator role for resource group with ID dda27e49d2a1efca58083a01dfde18f6To use advanced operators to create wildcard policies, use a JSON policy document with the "--file" option. For more information about creating wildcard policies, see https://cloud.ibm.com/docs/account?topic=account-wildcard#policy-jsid, hostname, domain, datacenter.name, maxCpu, maxMemory, hourlyBillingFlag, localDiskFlag, dedicatedAccountHostOnlyFlag, privateNetworkOnlyFlag, postInstallScriptUri, userData, networkComponents[maxSpeed], operatingSystemReferenceCode
    ${COMMAND_NAME} iam service-policy-update sample-service service-policy-id --roles Administrator --service-name target-service
        Update service policy to give sample-service Administrator role for all target-service resources(?=[\w\-])(HTMLparser|HTMLparser_tags|addParams|cache|encapsLines|filelink|if|imageLinkWrap|imgResource|makelinks|numRows|numberFormat|parseFunc|replacement|round|select|split|stdWrap|strPad|tableStyle|tags|textStyle|typolink)(?![\w\-])
    ${COMMAND_FULL_NAME} example_group b8638ceb-5c4d-4d58-ae06-7ad95a10c4d4 --roles Administrator --service-name sample-service
        Update access group policy to give example_group Administrator role for all sample-service resources
    ${COMMAND_NAME} iam trusted-profile-policy-update my-profile profile-policy-id --roles Administrator --account-management
        Update trusted profile policy to give my-profile Administrator role for all account management servicesRemoving an account (or list of comma separated accounts) from the excludes list, revoking visibility to the entry. If the account was set by global admins, the account admins cannot remove the account.Email or Account GUIDs are acceptableResource type on which the tags should be attached (required for Classic Infrastructure resource of type SoftLayer_Hardware, SoftLayer_Network_Application_Delivery_Controller, SoftLayer_Network_Subnet_IpAddress or SoftLayer_Network_Vlan only)Resource type on which the tags should be detached (required for Classic Infrastructure resource of type SoftLayer_Hardware, SoftLayer_Network_Application_Delivery_Controller, SoftLayer_Network_Subnet_IpAddress or SoftLayer_Network_Vlan only)The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Values are VSI for Virtual Service Instance on VPC, IKS_SA for Service Accounts on Kubernetes clusters, or ROKS_SA for managed Red Hat OpenShift
        To use advanced operators to create wildcard policies, use a JSON policy document with the "--file" option. For more information about creating wildcard policies, see https://cloud.ibm.com/docs/account?topic=account-wildcard#policy-js${BINARY_NAME} entry-visibility-set ID [--includes-add LIST] [--includes-remove LIST] [--excludes-add LIST] [--excludes-remove LIST] [--owner ID or Email] [--restrict] [--ibm-only] [--unrestrict] [-c PARAMETERS_AS_JSON] [--global] [-q, --quiet]${COMMAND_NAME} iam service-api-key-update (APIKEY_NAME|APIKEY_UUID) (SERVICE_ID_NAME|SERVICE_ID_UUID)  [-n, --name NEW_NAME] [-d, --description DESCRIPTION] [--action-if-leaked none|disable|delete] [--output FORMAT] [-f, --force] [-q, --quiet]
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Administrator --service-name target-service --api-version v2
        Give sample-service Administrator role for all target-service resources using Access Policy API Version 2
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Viewer --resource-group-id dda27e49d2a1efca58083a01dfde18f6
        Give sample-service Viewer role for the members of resource group with ID dda27e49d2a1efca58083a01dfde18f6
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Administrator --service-name target-service --api-version v2
        Give my-profile Administrator role for all target-service resources using Access Policy API Version 2
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Viewer --resource-group-id dda27e49d2a1efca58083a01dfde18f6
        Give my-profile Viewer role for the members of resource group with ID dda27e49d2a1efca58083a01dfde18f6
    ${COMMAND_NAME} iam trusted-profile-policy-update my-profile profile-policy-id --roles Administrator --service-name target-service
        Update trusted profile policy to give my-profile Administrator role for all target-service resources
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Administrator --service-name sample-service --api-version v2
        Give name@example.com Administrator role for all sample-service resources using Access Policy API Version 2
    ${COMMAND_NAME} iam user-policy-create name@example.com --roles Viewer --resource-group-id dda27e49d2a1efca58083a01dfde18f6
        Give name@example.com Viewer role for the members of resource group with ID dda27e49d2a1efca58083a01dfde18f6Show Classic Infrastructure resources, only value allowed is: classic-infrastructure. Use it for resources of type SoftLayer_Hardware, SoftLayer_Network_Application_Delivery_Controller, SoftLayer_Network_Subnet_IpAddress or SoftLayer_Network_Vlan(?i)^(?:<[A-Za-z][A-Za-z0-9-]*(?:\s+[a-zA-Z_:][a-zA-Z0-9:._-]*(?:\s*=\s*(?:[^"'=<>`\x00-\x20]+|'[^']*'|"[^"]*"))?)*\s*/?>|</[A-Za-z][A-Za-z0-9-]*\s*[>]|<!---->|<!--(?:-?[^>-])(?:-?[^-])*-->|[<][?].*?[?][>]|<![A-Z]+\s+[^>]*>|<!\[CDATA\[[\s\S]*?\]\]>)
    ${COMMAND_NAME} iam user-policy-update name@example.com user-policy-id --roles Viewer --resource-group-name sample-resource-group
        Update user policy to give name@example.com Viewer role for members of resource group sample-resource-groupDelete the tag in the specified provider (only supported value is classic-infrastructure). Use it for resources of type SoftLayer_Hardware, SoftLayer_Network_Application_Delivery_Controller, SoftLayer_Network_Subnet_IpAddress or SoftLayer_Network_Vlan${COMMAND_NAME} iam api-key update (NAME|UUID) [--service-id-name SERVICE_ID_NAME | --service-id SERVICE_ID] [-n, --name name] [-d, --description description] [--action-if-leaked (none|disable|delete)] [-f, --force] [-o, --output FORMAT] [-q, --quiet]${COMMAND_NAME} resource service-instances [--service-name SERVICE_NAME] [--location LOCATION] [--type INSTANCE_TYPE] [-g RESOURCE_GROUP | --all-resource-groups] [--long] [--limit LIMIT] [--offset OFFSET] [--all-pages] [-o, --output FORMAT] [-q, --quiet]
    ${COMMAND_NAME} iam service-policy-create sample-service --roles Operator --resource-type resource-group --resource dda27e49d2a1efca58083a01dfde18f6
        Give sample-service Operator role for resource group with ID dda27e49d2a1efca58083a01dfde18f6
    ${COMMAND_NAME} iam service-policy-update sample-service service-policy-id --roles Viewer --resource-group-name sample-resource-group
        Update service policy to give sample-service Viewer role for members of resource group sample-resource-group
    ${COMMAND_NAME} iam trusted-profile-policy-create my-profile --roles Operator --resource-type resource-group --resource dda27e49d2a1efca58083a01dfde18f6
        Give my-profile Operator role for resource group with ID dda27e49d2a1efca58083a01dfde18f6