databricks-sdk 0.20.0__py3-none-any.whl → 0.21.0__py3-none-any.whl

databricks/sdk/service/settings.py

@@ -14,6 +14,220 @@ _LOG = logging.getLogger('databricks.sdk')
 # all definitions in this file are in alphabetical order
 
 
+@dataclass
+class AutomaticClusterUpdateSetting:
+    automatic_cluster_update_workspace: ClusterAutoRestartMessage
+
+    etag: Optional[str] = None
+    """etag used for versioning. The response is at least as fresh as the eTag provided. This is used
+    for optimistic concurrency control as a way to help prevent simultaneous writes of a setting
+    overwriting each other. It is strongly suggested that systems make use of the etag in the read
+    -> update pattern to perform setting updates in order to avoid race conditions. That is, get an
+    etag from a GET request, and pass it with the PATCH request to identify the setting version you
+    are updating."""
+
+    setting_name: Optional[str] = None
+    """Name of the corresponding setting. This field is populated in the response, but it will not be
+    respected even if it's set in the request body. The setting name in the path parameter will be
+    respected instead. Setting name is required to be 'default' if the setting only has one instance
+    per workspace."""
+
+    def as_dict(self) -> dict:
+        """Serializes the AutomaticClusterUpdateSetting into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.automatic_cluster_update_workspace:
+            body['automatic_cluster_update_workspace'] = self.automatic_cluster_update_workspace.as_dict()
+        if self.etag is not None: body['etag'] = self.etag
+        if self.setting_name is not None: body['setting_name'] = self.setting_name
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> AutomaticClusterUpdateSetting:
+        """Deserializes the AutomaticClusterUpdateSetting from a dictionary."""
+        return cls(automatic_cluster_update_workspace=_from_dict(d, 'automatic_cluster_update_workspace',
+                                                                 ClusterAutoRestartMessage),
+                   etag=d.get('etag', None),
+                   setting_name=d.get('setting_name', None))
+
+
+@dataclass
+class ClusterAutoRestartMessage:
+    can_toggle: Optional[bool] = None
+
+    enabled: Optional[bool] = None
+
+    enablement_details: Optional[ClusterAutoRestartMessageEnablementDetails] = None
+    """Contains an information about the enablement status judging (e.g. whether the enterprise tier is
+    enabled) This is only additional information that MUST NOT be used to decide whether the setting
+    is enabled or not. This is intended to use only for purposes like showing an error message to
+    the customer with the additional details. For example, using these details we can check why
+    exactly the feature is disabled for this customer."""
+
+    maintenance_window: Optional[ClusterAutoRestartMessageMaintenanceWindow] = None
+
+    restart_even_if_no_updates_available: Optional[bool] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the ClusterAutoRestartMessage into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.can_toggle is not None: body['can_toggle'] = self.can_toggle
+        if self.enabled is not None: body['enabled'] = self.enabled
+        if self.enablement_details: body['enablement_details'] = self.enablement_details.as_dict()
+        if self.maintenance_window: body['maintenance_window'] = self.maintenance_window.as_dict()
+        if self.restart_even_if_no_updates_available is not None:
+            body['restart_even_if_no_updates_available'] = self.restart_even_if_no_updates_available
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> ClusterAutoRestartMessage:
+        """Deserializes the ClusterAutoRestartMessage from a dictionary."""
+        return cls(can_toggle=d.get('can_toggle', None),
+                   enabled=d.get('enabled', None),
+                   enablement_details=_from_dict(d, 'enablement_details',
+                                                 ClusterAutoRestartMessageEnablementDetails),
+                   maintenance_window=_from_dict(d, 'maintenance_window',
+                                                 ClusterAutoRestartMessageMaintenanceWindow),
+                   restart_even_if_no_updates_available=d.get('restart_even_if_no_updates_available', None))
+
+
+@dataclass
+class ClusterAutoRestartMessageEnablementDetails:
+    """Contains an information about the enablement status judging (e.g. whether the enterprise tier is
+    enabled) This is only additional information that MUST NOT be used to decide whether the setting
+    is enabled or not. This is intended to use only for purposes like showing an error message to
+    the customer with the additional details. For example, using these details we can check why
+    exactly the feature is disabled for this customer."""
+
+    forced_for_compliance_mode: Optional[bool] = None
+    """The feature is force enabled if compliance mode is active"""
+
+    unavailable_for_disabled_entitlement: Optional[bool] = None
+    """The feature is unavailable if the corresponding entitlement disabled (see
+    getShieldEntitlementEnable)"""
+
+    unavailable_for_non_enterprise_tier: Optional[bool] = None
+    """The feature is unavailable if the customer doesn't have enterprise tier"""
+
+    def as_dict(self) -> dict:
+        """Serializes the ClusterAutoRestartMessageEnablementDetails into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.forced_for_compliance_mode is not None:
+            body['forced_for_compliance_mode'] = self.forced_for_compliance_mode
+        if self.unavailable_for_disabled_entitlement is not None:
+            body['unavailable_for_disabled_entitlement'] = self.unavailable_for_disabled_entitlement
+        if self.unavailable_for_non_enterprise_tier is not None:
+            body['unavailable_for_non_enterprise_tier'] = self.unavailable_for_non_enterprise_tier
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> ClusterAutoRestartMessageEnablementDetails:
+        """Deserializes the ClusterAutoRestartMessageEnablementDetails from a dictionary."""
+        return cls(forced_for_compliance_mode=d.get('forced_for_compliance_mode', None),
+                   unavailable_for_disabled_entitlement=d.get('unavailable_for_disabled_entitlement', None),
+                   unavailable_for_non_enterprise_tier=d.get('unavailable_for_non_enterprise_tier', None))
+
+
+@dataclass
+class ClusterAutoRestartMessageMaintenanceWindow:
+    week_day_based_schedule: Optional[ClusterAutoRestartMessageMaintenanceWindowWeekDayBasedSchedule] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the ClusterAutoRestartMessageMaintenanceWindow into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.week_day_based_schedule:
+            body['week_day_based_schedule'] = self.week_day_based_schedule.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> ClusterAutoRestartMessageMaintenanceWindow:
+        """Deserializes the ClusterAutoRestartMessageMaintenanceWindow from a dictionary."""
+        return cls(week_day_based_schedule=_from_dict(
+            d, 'week_day_based_schedule', ClusterAutoRestartMessageMaintenanceWindowWeekDayBasedSchedule))
+
+
+class ClusterAutoRestartMessageMaintenanceWindowDayOfWeek(Enum):
+
+    DAY_OF_WEEK_UNSPECIFIED = 'DAY_OF_WEEK_UNSPECIFIED'
+    FRIDAY = 'FRIDAY'
+    MONDAY = 'MONDAY'
+    SATURDAY = 'SATURDAY'
+    SUNDAY = 'SUNDAY'
+    THURSDAY = 'THURSDAY'
+    TUESDAY = 'TUESDAY'
+    WEDNESDAY = 'WEDNESDAY'
+
+
+@dataclass
+class ClusterAutoRestartMessageMaintenanceWindowWeekDayBasedSchedule:
+    day_of_week: Optional[ClusterAutoRestartMessageMaintenanceWindowDayOfWeek] = None
+
+    frequency: Optional[ClusterAutoRestartMessageMaintenanceWindowWeekDayFrequency] = None
+
+    window_start_time: Optional[ClusterAutoRestartMessageMaintenanceWindowWindowStartTime] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the ClusterAutoRestartMessageMaintenanceWindowWeekDayBasedSchedule into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.day_of_week is not None: body['day_of_week'] = self.day_of_week.value
+        if self.frequency is not None: body['frequency'] = self.frequency.value
+        if self.window_start_time: body['window_start_time'] = self.window_start_time.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> ClusterAutoRestartMessageMaintenanceWindowWeekDayBasedSchedule:
+        """Deserializes the ClusterAutoRestartMessageMaintenanceWindowWeekDayBasedSchedule from a dictionary."""
+        return cls(day_of_week=_enum(d, 'day_of_week', ClusterAutoRestartMessageMaintenanceWindowDayOfWeek),
+                   frequency=_enum(d, 'frequency',
+                                   ClusterAutoRestartMessageMaintenanceWindowWeekDayFrequency),
+                   window_start_time=_from_dict(d, 'window_start_time',
+                                                ClusterAutoRestartMessageMaintenanceWindowWindowStartTime))
+
+
+class ClusterAutoRestartMessageMaintenanceWindowWeekDayFrequency(Enum):
+
+    EVERY_WEEK = 'EVERY_WEEK'
+    FIRST_AND_THIRD_OF_MONTH = 'FIRST_AND_THIRD_OF_MONTH'
+    FIRST_OF_MONTH = 'FIRST_OF_MONTH'
+    FOURTH_OF_MONTH = 'FOURTH_OF_MONTH'
+    SECOND_AND_FOURTH_OF_MONTH = 'SECOND_AND_FOURTH_OF_MONTH'
+    SECOND_OF_MONTH = 'SECOND_OF_MONTH'
+    THIRD_OF_MONTH = 'THIRD_OF_MONTH'
+    WEEK_DAY_FREQUENCY_UNSPECIFIED = 'WEEK_DAY_FREQUENCY_UNSPECIFIED'
+
+
+@dataclass
+class ClusterAutoRestartMessageMaintenanceWindowWindowStartTime:
+    hours: Optional[int] = None
+
+    minutes: Optional[int] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the ClusterAutoRestartMessageMaintenanceWindowWindowStartTime into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.hours is not None: body['hours'] = self.hours
+        if self.minutes is not None: body['minutes'] = self.minutes
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> ClusterAutoRestartMessageMaintenanceWindowWindowStartTime:
+        """Deserializes the ClusterAutoRestartMessageMaintenanceWindowWindowStartTime from a dictionary."""
+        return cls(hours=d.get('hours', None), minutes=d.get('minutes', None))
+
+
+class ComplianceStandard(Enum):
+    """Compliance stardard for SHIELD customers"""
+
+    COMPLIANCE_STANDARD_UNSPECIFIED = 'COMPLIANCE_STANDARD_UNSPECIFIED'
+    FEDRAMP_HIGH = 'FEDRAMP_HIGH'
+    FEDRAMP_IL5 = 'FEDRAMP_IL5'
+    FEDRAMP_MODERATE = 'FEDRAMP_MODERATE'
+    HIPAA = 'HIPAA'
+    IRAP_PROTECTED = 'IRAP_PROTECTED'
+    ITAR_EAR = 'ITAR_EAR'
+    NONE = 'NONE'
+    PCI_DSS = 'PCI_DSS'
+
+
 @dataclass
 class CreateIpAccessList:
     """Details required to configure a block list or allow list."""
@@ -72,8 +286,8 @@ class CreateNetworkConnectivityConfigRequest:
     must match the regular expression `^[0-9a-zA-Z-_]{3,30}$`."""
 
     region: str
-    """The Azure region for this network connectivity configuration. Only workspaces in the same Azure
-    region can be attached to this network connectivity configuration."""
+    """The region for the network connectivity configuration. Only workspaces in the same region can be
+    attached to the network connectivity configuration."""
 
     def as_dict(self) -> dict:
         """Serializes the CreateNetworkConnectivityConfigRequest into a dictionary suitable for use as a JSON request body."""
@@ -223,6 +437,130 @@ class CreateTokenResponse:
                    token_value=d.get('token_value', None))
 
 
+@dataclass
+class CspEnablement:
+    """Compliance Security Profile (CSP) - one of the features in ESC product Tracks if the feature is
+    enabled."""
+
+    compliance_standards: Optional[List[ComplianceStandard]] = None
+    """Set by customers when they request Compliance Security Profile (CSP) Invariants are enforced in
+    Settings policy."""
+
+    is_enabled: Optional[bool] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the CspEnablement into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.compliance_standards:
+            body['compliance_standards'] = [v.value for v in self.compliance_standards]
+        if self.is_enabled is not None: body['is_enabled'] = self.is_enabled
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> CspEnablement:
+        """Deserializes the CspEnablement from a dictionary."""
+        return cls(compliance_standards=_repeated_enum(d, 'compliance_standards', ComplianceStandard),
+                   is_enabled=d.get('is_enabled', None))
+
+
+@dataclass
+class CspEnablementAccount:
+    """Account level policy for CSP"""
+
+    compliance_standards: Optional[List[ComplianceStandard]] = None
+    """Set by customers when they request Compliance Security Profile (CSP) Invariants are enforced in
+    Settings policy."""
+
+    is_enforced: Optional[bool] = None
+    """Enforced = it cannot be overriden at workspace level."""
+
+    def as_dict(self) -> dict:
+        """Serializes the CspEnablementAccount into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.compliance_standards:
+            body['compliance_standards'] = [v.value for v in self.compliance_standards]
+        if self.is_enforced is not None: body['is_enforced'] = self.is_enforced
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> CspEnablementAccount:
+        """Deserializes the CspEnablementAccount from a dictionary."""
+        return cls(compliance_standards=_repeated_enum(d, 'compliance_standards', ComplianceStandard),
+                   is_enforced=d.get('is_enforced', None))
+
+
+@dataclass
+class CspEnablementAccountSetting:
+    csp_enablement_account: CspEnablementAccount
+    """Account level policy for CSP"""
+
+    etag: Optional[str] = None
+    """etag used for versioning. The response is at least as fresh as the eTag provided. This is used
+    for optimistic concurrency control as a way to help prevent simultaneous writes of a setting
+    overwriting each other. It is strongly suggested that systems make use of the etag in the read
+    -> update pattern to perform setting updates in order to avoid race conditions. That is, get an
+    etag from a GET request, and pass it with the PATCH request to identify the setting version you
+    are updating."""
+
+    setting_name: Optional[str] = None
+    """Name of the corresponding setting. This field is populated in the response, but it will not be
+    respected even if it's set in the request body. The setting name in the path parameter will be
+    respected instead. Setting name is required to be 'default' if the setting only has one instance
+    per workspace."""
+
+    def as_dict(self) -> dict:
+        """Serializes the CspEnablementAccountSetting into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.csp_enablement_account: body['csp_enablement_account'] = self.csp_enablement_account.as_dict()
+        if self.etag is not None: body['etag'] = self.etag
+        if self.setting_name is not None: body['setting_name'] = self.setting_name
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> CspEnablementAccountSetting:
+        """Deserializes the CspEnablementAccountSetting from a dictionary."""
+        return cls(csp_enablement_account=_from_dict(d, 'csp_enablement_account', CspEnablementAccount),
+                   etag=d.get('etag', None),
+                   setting_name=d.get('setting_name', None))
+
+
+@dataclass
+class CspEnablementSetting:
+    csp_enablement_workspace: CspEnablement
+    """Compliance Security Profile (CSP) - one of the features in ESC product Tracks if the feature is
+    enabled."""
+
+    etag: Optional[str] = None
+    """etag used for versioning. The response is at least as fresh as the eTag provided. This is used
+    for optimistic concurrency control as a way to help prevent simultaneous writes of a setting
+    overwriting each other. It is strongly suggested that systems make use of the etag in the read
+    -> update pattern to perform setting updates in order to avoid race conditions. That is, get an
+    etag from a GET request, and pass it with the PATCH request to identify the setting version you
+    are updating."""
+
+    setting_name: Optional[str] = None
+    """Name of the corresponding setting. This field is populated in the response, but it will not be
+    respected even if it's set in the request body. The setting name in the path parameter will be
+    respected instead. Setting name is required to be 'default' if the setting only has one instance
+    per workspace."""
+
+    def as_dict(self) -> dict:
+        """Serializes the CspEnablementSetting into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.csp_enablement_workspace:
+            body['csp_enablement_workspace'] = self.csp_enablement_workspace.as_dict()
+        if self.etag is not None: body['etag'] = self.etag
+        if self.setting_name is not None: body['setting_name'] = self.setting_name
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> CspEnablementSetting:
+        """Deserializes the CspEnablementSetting from a dictionary."""
+        return cls(csp_enablement_workspace=_from_dict(d, 'csp_enablement_workspace', CspEnablement),
+                   etag=d.get('etag', None),
+                   setting_name=d.get('setting_name', None))
+
+
 @dataclass
 class DefaultNamespaceSetting:
     """This represents the setting configuration for the default namespace in the Databricks workspace.
@@ -289,6 +627,20 @@ class DeleteDefaultNamespaceSettingResponse:
         return cls(etag=d.get('etag', None))
 
 
+@dataclass
+class DeleteNetworkConnectivityConfigurationResponse:
+
+    def as_dict(self) -> dict:
+        """Serializes the DeleteNetworkConnectivityConfigurationResponse into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> DeleteNetworkConnectivityConfigurationResponse:
+        """Deserializes the DeleteNetworkConnectivityConfigurationResponse from a dictionary."""
+        return cls()
+
+
 @dataclass
 class DeletePersonalComputeSettingResponse:
     """The etag is returned."""
@@ -313,6 +665,20 @@ class DeletePersonalComputeSettingResponse:
         return cls(etag=d.get('etag', None))
 
 
+@dataclass
+class DeleteResponse:
+
+    def as_dict(self) -> dict:
+        """Serializes the DeleteResponse into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> DeleteResponse:
+        """Deserializes the DeleteResponse from a dictionary."""
+        return cls()
+
+
 @dataclass
 class DeleteRestrictWorkspaceAdminsSettingResponse:
     """The etag is returned."""
@@ -337,6 +703,115 @@ class DeleteRestrictWorkspaceAdminsSettingResponse:
         return cls(etag=d.get('etag', None))
 
 
+@dataclass
+class EsmEnablement:
+    """Enhanced Security Monitoring (ESM) - one of the features in ESC product Tracks if the feature is
+    enabled."""
+
+    is_enabled: Optional[bool] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the EsmEnablement into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.is_enabled is not None: body['is_enabled'] = self.is_enabled
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> EsmEnablement:
+        """Deserializes the EsmEnablement from a dictionary."""
+        return cls(is_enabled=d.get('is_enabled', None))
+
+
+@dataclass
+class EsmEnablementAccount:
+    """Account level policy for ESM"""
+
+    is_enforced: Optional[bool] = None
+
+    def as_dict(self) -> dict:
+        """Serializes the EsmEnablementAccount into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.is_enforced is not None: body['is_enforced'] = self.is_enforced
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> EsmEnablementAccount:
+        """Deserializes the EsmEnablementAccount from a dictionary."""
+        return cls(is_enforced=d.get('is_enforced', None))
+
+
+@dataclass
+class EsmEnablementAccountSetting:
+    esm_enablement_account: EsmEnablementAccount
+    """Account level policy for ESM"""
+
+    etag: Optional[str] = None
+    """etag used for versioning. The response is at least as fresh as the eTag provided. This is used
+    for optimistic concurrency control as a way to help prevent simultaneous writes of a setting
+    overwriting each other. It is strongly suggested that systems make use of the etag in the read
+    -> update pattern to perform setting updates in order to avoid race conditions. That is, get an
+    etag from a GET request, and pass it with the PATCH request to identify the setting version you
+    are updating."""
+
+    setting_name: Optional[str] = None
+    """Name of the corresponding setting. This field is populated in the response, but it will not be
+    respected even if it's set in the request body. The setting name in the path parameter will be
+    respected instead. Setting name is required to be 'default' if the setting only has one instance
+    per workspace."""
+
+    def as_dict(self) -> dict:
+        """Serializes the EsmEnablementAccountSetting into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.esm_enablement_account: body['esm_enablement_account'] = self.esm_enablement_account.as_dict()
+        if self.etag is not None: body['etag'] = self.etag
+        if self.setting_name is not None: body['setting_name'] = self.setting_name
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> EsmEnablementAccountSetting:
+        """Deserializes the EsmEnablementAccountSetting from a dictionary."""
+        return cls(esm_enablement_account=_from_dict(d, 'esm_enablement_account', EsmEnablementAccount),
+                   etag=d.get('etag', None),
+                   setting_name=d.get('setting_name', None))
+
+
+@dataclass
+class EsmEnablementSetting:
+    esm_enablement_workspace: EsmEnablement
+    """Enhanced Security Monitoring (ESM) - one of the features in ESC product Tracks if the feature is
+    enabled."""
+
+    etag: Optional[str] = None
+    """etag used for versioning. The response is at least as fresh as the eTag provided. This is used
+    for optimistic concurrency control as a way to help prevent simultaneous writes of a setting
+    overwriting each other. It is strongly suggested that systems make use of the etag in the read
+    -> update pattern to perform setting updates in order to avoid race conditions. That is, get an
+    etag from a GET request, and pass it with the PATCH request to identify the setting version you
+    are updating."""
+
+    setting_name: Optional[str] = None
+    """Name of the corresponding setting. This field is populated in the response, but it will not be
+    respected even if it's set in the request body. The setting name in the path parameter will be
+    respected instead. Setting name is required to be 'default' if the setting only has one instance
+    per workspace."""
+
+    def as_dict(self) -> dict:
+        """Serializes the EsmEnablementSetting into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.esm_enablement_workspace:
+            body['esm_enablement_workspace'] = self.esm_enablement_workspace.as_dict()
+        if self.etag is not None: body['etag'] = self.etag
+        if self.setting_name is not None: body['setting_name'] = self.setting_name
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> EsmEnablementSetting:
+        """Deserializes the EsmEnablementSetting from a dictionary."""
+        return cls(esm_enablement_workspace=_from_dict(d, 'esm_enablement_workspace', EsmEnablement),
+                   etag=d.get('etag', None),
+                   setting_name=d.get('setting_name', None))
+
+
 @dataclass
 class ExchangeToken:
     """The exchange token is the result of the token exchange with the IdP"""
@@ -686,6 +1161,27 @@ class ListType(Enum):
     BLOCK = 'BLOCK'
 
 
+@dataclass
+class NccAwsStableIpRule:
+    """The stable AWS IP CIDR blocks. You can use these to configure the firewall of your resources to
+    allow traffic from your Databricks workspace."""
+
+    cidr_blocks: Optional[List[str]] = None
+    """The list of stable IP CIDR blocks from which Databricks network traffic originates when
+    accessing your resources."""
+
+    def as_dict(self) -> dict:
+        """Serializes the NccAwsStableIpRule into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.cidr_blocks: body['cidr_blocks'] = [v for v in self.cidr_blocks]
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> NccAwsStableIpRule:
+        """Deserializes the NccAwsStableIpRule from a dictionary."""
+        return cls(cidr_blocks=d.get('cidr_blocks', None))
+
+
 @dataclass
 class NccAzurePrivateEndpointRule:
     connection_state: Optional[NccAzurePrivateEndpointRuleConnectionState] = None
@@ -854,6 +1350,10 @@ class NccEgressDefaultRules:
     configurations. You can find the stable network information of your serverless compute resources
     here."""
 
+    aws_stable_ip_rule: Optional[NccAwsStableIpRule] = None
+    """The stable AWS IP CIDR blocks. You can use these to configure the firewall of your resources to
+    allow traffic from your Databricks workspace."""
+
     azure_service_endpoint_rule: Optional[NccAzureServiceEndpointRule] = None
     """The stable Azure service endpoints. You can configure the firewall of your Azure resources to
     allow traffic from your Databricks serverless compute resources."""
@@ -861,6 +1361,7 @@ class NccEgressDefaultRules:
     def as_dict(self) -> dict:
         """Serializes the NccEgressDefaultRules into a dictionary suitable for use as a JSON request body."""
         body = {}
+        if self.aws_stable_ip_rule: body['aws_stable_ip_rule'] = self.aws_stable_ip_rule.as_dict()
         if self.azure_service_endpoint_rule:
             body['azure_service_endpoint_rule'] = self.azure_service_endpoint_rule.as_dict()
         return body
@@ -868,7 +1369,8 @@ class NccEgressDefaultRules:
     @classmethod
     def from_dict(cls, d: Dict[str, any]) -> NccEgressDefaultRules:
         """Deserializes the NccEgressDefaultRules from a dictionary."""
-        return cls(azure_service_endpoint_rule=_from_dict(d, 'azure_service_endpoint_rule',
+        return cls(aws_stable_ip_rule=_from_dict(d, 'aws_stable_ip_rule', NccAwsStableIpRule),
+                   azure_service_endpoint_rule=_from_dict(d, 'azure_service_endpoint_rule',
                                                           NccAzureServiceEndpointRule))
 
 
@@ -914,8 +1416,8 @@ class NetworkConnectivityConfiguration:
     """Databricks network connectivity configuration ID."""
 
     region: Optional[str] = None
-    """The Azure region for this network connectivity configuration. Only workspaces in the same Azure
-    region can be attached to this network connectivity configuration."""
+    """The region for the network connectivity configuration. Only workspaces in the same region can be
+    attached to the network connectivity configuration."""
 
     updated_time: Optional[int] = None
     """Time in epoch milliseconds when this object was updated."""
@@ -1103,6 +1605,20 @@ class ReplaceIpAccessList:
                    list_type=_enum(d, 'list_type', ListType))
 
 
+@dataclass
+class ReplaceResponse:
+
+    def as_dict(self) -> dict:
+        """Serializes the ReplaceResponse into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> ReplaceResponse:
+        """Deserializes the ReplaceResponse from a dictionary."""
+        return cls()
+
+
 @dataclass
 class RestrictWorkspaceAdminsMessage:
     status: RestrictWorkspaceAdminsMessageStatus
@@ -1179,6 +1695,34 @@ class RevokeTokenRequest:
         return cls(token_id=d.get('token_id', None))
 
 
+@dataclass
+class RevokeTokenResponse:
+
+    def as_dict(self) -> dict:
+        """Serializes the RevokeTokenResponse into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> RevokeTokenResponse:
+        """Deserializes the RevokeTokenResponse from a dictionary."""
+        return cls()
+
+
+@dataclass
+class SetStatusResponse:
+
+    def as_dict(self) -> dict:
+        """Serializes the SetStatusResponse into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> SetStatusResponse:
+        """Deserializes the SetStatusResponse from a dictionary."""
+        return cls()
+
+
 @dataclass
 class StringMessage:
     value: Optional[str] = None
@@ -1414,6 +1958,96 @@ class TokenType(Enum):
     AZURE_ACTIVE_DIRECTORY_TOKEN = 'AZURE_ACTIVE_DIRECTORY_TOKEN'
 
 
+@dataclass
+class UpdateAutomaticClusterUpdateSettingRequest:
+    """Details required to update a setting."""
+
+    allow_missing: bool
+    """This should always be set to true for Settings API. Added for AIP compliance."""
+
+    setting: AutomaticClusterUpdateSetting
+
+    field_mask: str
+    """Field mask is required to be passed into the PATCH request. Field mask specifies which fields of
+    the setting payload will be updated. The field mask needs to be supplied as single string. To
+    specify multiple fields in the field mask, use comma as the separator (no space)."""
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateAutomaticClusterUpdateSettingRequest into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.allow_missing is not None: body['allow_missing'] = self.allow_missing
+        if self.field_mask is not None: body['field_mask'] = self.field_mask
+        if self.setting: body['setting'] = self.setting.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> UpdateAutomaticClusterUpdateSettingRequest:
+        """Deserializes the UpdateAutomaticClusterUpdateSettingRequest from a dictionary."""
+        return cls(allow_missing=d.get('allow_missing', None),
+                   field_mask=d.get('field_mask', None),
+                   setting=_from_dict(d, 'setting', AutomaticClusterUpdateSetting))
+
+
+@dataclass
+class UpdateCspEnablementAccountSettingRequest:
+    """Details required to update a setting."""
+
+    allow_missing: bool
+    """This should always be set to true for Settings API. Added for AIP compliance."""
+
+    setting: CspEnablementAccountSetting
+
+    field_mask: str
+    """Field mask is required to be passed into the PATCH request. Field mask specifies which fields of
+    the setting payload will be updated. The field mask needs to be supplied as single string. To
+    specify multiple fields in the field mask, use comma as the separator (no space)."""
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateCspEnablementAccountSettingRequest into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.allow_missing is not None: body['allow_missing'] = self.allow_missing
+        if self.field_mask is not None: body['field_mask'] = self.field_mask
+        if self.setting: body['setting'] = self.setting.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> UpdateCspEnablementAccountSettingRequest:
+        """Deserializes the UpdateCspEnablementAccountSettingRequest from a dictionary."""
+        return cls(allow_missing=d.get('allow_missing', None),
+                   field_mask=d.get('field_mask', None),
+                   setting=_from_dict(d, 'setting', CspEnablementAccountSetting))
+
+
+@dataclass
+class UpdateCspEnablementSettingRequest:
+    """Details required to update a setting."""
+
+    allow_missing: bool
+    """This should always be set to true for Settings API. Added for AIP compliance."""
+
+    setting: CspEnablementSetting
+
+    field_mask: str
+    """Field mask is required to be passed into the PATCH request. Field mask specifies which fields of
+    the setting payload will be updated. The field mask needs to be supplied as single string. To
+    specify multiple fields in the field mask, use comma as the separator (no space)."""
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateCspEnablementSettingRequest into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.allow_missing is not None: body['allow_missing'] = self.allow_missing
+        if self.field_mask is not None: body['field_mask'] = self.field_mask
+        if self.setting: body['setting'] = self.setting.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> UpdateCspEnablementSettingRequest:
+        """Deserializes the UpdateCspEnablementSettingRequest from a dictionary."""
+        return cls(allow_missing=d.get('allow_missing', None),
+                   field_mask=d.get('field_mask', None),
+                   setting=_from_dict(d, 'setting', CspEnablementSetting))
+
+
 @dataclass
 class UpdateDefaultNamespaceSettingRequest:
     """Details required to update a setting."""
@@ -1451,6 +2085,66 @@ class UpdateDefaultNamespaceSettingRequest:
                    setting=_from_dict(d, 'setting', DefaultNamespaceSetting))
 
 
+@dataclass
+class UpdateEsmEnablementAccountSettingRequest:
+    """Details required to update a setting."""
+
+    allow_missing: bool
+    """This should always be set to true for Settings API. Added for AIP compliance."""
+
+    setting: EsmEnablementAccountSetting
+
+    field_mask: str
+    """Field mask is required to be passed into the PATCH request. Field mask specifies which fields of
+    the setting payload will be updated. The field mask needs to be supplied as single string. To
+    specify multiple fields in the field mask, use comma as the separator (no space)."""
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateEsmEnablementAccountSettingRequest into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.allow_missing is not None: body['allow_missing'] = self.allow_missing
+        if self.field_mask is not None: body['field_mask'] = self.field_mask
+        if self.setting: body['setting'] = self.setting.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> UpdateEsmEnablementAccountSettingRequest:
+        """Deserializes the UpdateEsmEnablementAccountSettingRequest from a dictionary."""
+        return cls(allow_missing=d.get('allow_missing', None),
+                   field_mask=d.get('field_mask', None),
+                   setting=_from_dict(d, 'setting', EsmEnablementAccountSetting))
+
+
+@dataclass
+class UpdateEsmEnablementSettingRequest:
+    """Details required to update a setting."""
+
+    allow_missing: bool
+    """This should always be set to true for Settings API. Added for AIP compliance."""
+
+    setting: EsmEnablementSetting
+
+    field_mask: str
+    """Field mask is required to be passed into the PATCH request. Field mask specifies which fields of
+    the setting payload will be updated. The field mask needs to be supplied as single string. To
+    specify multiple fields in the field mask, use comma as the separator (no space)."""
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateEsmEnablementSettingRequest into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.allow_missing is not None: body['allow_missing'] = self.allow_missing
+        if self.field_mask is not None: body['field_mask'] = self.field_mask
+        if self.setting: body['setting'] = self.setting.as_dict()
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> UpdateEsmEnablementSettingRequest:
+        """Deserializes the UpdateEsmEnablementSettingRequest from a dictionary."""
+        return cls(allow_missing=d.get('allow_missing', None),
+                   field_mask=d.get('field_mask', None),
+                   setting=_from_dict(d, 'setting', EsmEnablementSetting))
+
+
 @dataclass
 class UpdateIpAccessList:
     """Details required to update an IP access list."""
@@ -1522,6 +2216,20 @@ class UpdatePersonalComputeSettingRequest:
                    setting=_from_dict(d, 'setting', PersonalComputeSetting))
 
 
+@dataclass
+class UpdateResponse:
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateResponse into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, any]) -> UpdateResponse:
+        """Deserializes the UpdateResponse from a dictionary."""
+        return cls()
+
+
 @dataclass
 class UpdateRestrictWorkspaceAdminsSettingRequest:
     """Details required to update a setting."""
@@ -1771,49 +2479,42 @@ class AccountIpAccessListsAPI:
 
 
 class AccountSettingsAPI:
-    """The Personal Compute enablement setting lets you control which users can use the Personal Compute default
-    policy to create compute resources. By default all users in all workspaces have access (ON), but you can
-    change the setting to instead let individual workspaces configure access control (DELEGATE).
-    
-    There is only one instance of this setting per account. Since this setting has a default value, this
-    setting is present on all accounts even though it's never set on a given account. Deletion reverts the
-    value of the setting back to the default value."""
+    """Accounts Settings API allows users to manage settings at the account level."""
 
     def __init__(self, api_client):
         self._api = api_client
 
-    def delete_personal_compute_setting(self,
-                                        *,
-                                        etag: Optional[str] = None) -> DeletePersonalComputeSettingResponse:
-        """Delete Personal Compute setting.
-        
-        Reverts back the Personal Compute setting value to default (ON)
-        
-        :param etag: str (optional)
-          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
-          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
-          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
-          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
-          request, and pass it with the DELETE request to identify the rule set version you are deleting.
-        
-        :returns: :class:`DeletePersonalComputeSettingResponse`
-        """
+        self._csp_enablement_account = CspEnablementAccountAPI(self._api)
+        self._esm_enablement_account = EsmEnablementAccountAPI(self._api)
+        self._personal_compute = PersonalComputeAPI(self._api)
 
-        query = {}
-        if etag is not None: query['etag'] = etag
-        headers = {'Accept': 'application/json', }
+    @property
+    def csp_enablement_account(self) -> CspEnablementAccountAPI:
+        """The compliance security profile settings at the account level control whether to enable it for new workspaces."""
+        return self._csp_enablement_account
 
-        res = self._api.do(
-            'DELETE',
-            f'/api/2.0/accounts/{self._api.account_id}/settings/types/dcp_acct_enable/names/default',
-            query=query,
-            headers=headers)
-        return DeletePersonalComputeSettingResponse.from_dict(res)
+    @property
+    def esm_enablement_account(self) -> EsmEnablementAccountAPI:
+        """The enhanced security monitoring setting at the account level controls whether to enable the feature on new workspaces."""
+        return self._esm_enablement_account
 
-    def get_personal_compute_setting(self, *, etag: Optional[str] = None) -> PersonalComputeSetting:
-        """Get Personal Compute setting.
+    @property
+    def personal_compute(self) -> PersonalComputeAPI:
+        """The Personal Compute enablement setting lets you control which users can use the Personal Compute default policy to create compute resources."""
+        return self._personal_compute
+
+
+class AutomaticClusterUpdateAPI:
+    """Controls whether automatic cluster update is enabled for the current workspace. By default, it is turned
+    off."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def get(self, *, etag: Optional[str] = None) -> AutomaticClusterUpdateSetting:
+        """Get the automatic cluster update setting.
         
-        Gets the value of the Personal Compute setting.
+        Gets the automatic cluster update setting.
         
         :param etag: str (optional)
           etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
@@ -1822,35 +2523,37 @@ class AccountSettingsAPI:
           to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
           request, and pass it with the DELETE request to identify the rule set version you are deleting.
         
-        :returns: :class:`PersonalComputeSetting`
+        :returns: :class:`AutomaticClusterUpdateSetting`
         """
 
         query = {}
         if etag is not None: query['etag'] = etag
         headers = {'Accept': 'application/json', }
 
-        res = self._api.do(
-            'GET',
-            f'/api/2.0/accounts/{self._api.account_id}/settings/types/dcp_acct_enable/names/default',
-            query=query,
-            headers=headers)
-        return PersonalComputeSetting.from_dict(res)
+        res = self._api.do('GET',
+                           '/api/2.0/settings/types/automatic_cluster_update/names/default',
+                           query=query,
+                           headers=headers)
+        return AutomaticClusterUpdateSetting.from_dict(res)
 
-    def update_personal_compute_setting(self, allow_missing: bool, setting: PersonalComputeSetting,
-                                        field_mask: str) -> PersonalComputeSetting:
-        """Update Personal Compute setting.
+    def update(self, allow_missing: bool, setting: AutomaticClusterUpdateSetting,
+               field_mask: str) -> AutomaticClusterUpdateSetting:
+        """Update the automatic cluster update setting.
         
-        Updates the value of the Personal Compute setting.
+        Updates the automatic cluster update setting for the workspace. A fresh etag needs to be provided in
+        `PATCH` requests (as part of the setting field). The etag can be retrieved by making a `GET` request
+        before the `PATCH` request. If the setting is updated concurrently, `PATCH` fails with 409 and the
+        request must be retried by using the fresh etag in the 409 response.
         
         :param allow_missing: bool
           This should always be set to true for Settings API. Added for AIP compliance.
-        :param setting: :class:`PersonalComputeSetting`
+        :param setting: :class:`AutomaticClusterUpdateSetting`
         :param field_mask: str
           Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
           setting payload will be updated. The field mask needs to be supplied as single string. To specify
           multiple fields in the field mask, use comma as the separator (no space).
         
-        :returns: :class:`PersonalComputeSetting`
+        :returns: :class:`AutomaticClusterUpdateSetting`
         """
         body = {}
         if allow_missing is not None: body['allow_missing'] = allow_missing
@@ -1858,12 +2561,11 @@ class AccountSettingsAPI:
         if setting is not None: body['setting'] = setting.as_dict()
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
 
-        res = self._api.do(
-            'PATCH',
-            f'/api/2.0/accounts/{self._api.account_id}/settings/types/dcp_acct_enable/names/default',
-            body=body,
-            headers=headers)
-        return PersonalComputeSetting.from_dict(res)
+        res = self._api.do('PATCH',
+                           '/api/2.0/settings/types/automatic_cluster_update/names/default',
+                           body=body,
+                           headers=headers)
+        return AutomaticClusterUpdateSetting.from_dict(res)
 
 
 class CredentialsManagerAPI:
@@ -1902,41 +2604,415 @@ class CredentialsManagerAPI:
         return ExchangeTokenResponse.from_dict(res)
 
 
-class IpAccessListsAPI:
-    """IP Access List enables admins to configure IP access lists.
-    
-    IP access lists affect web application access and REST API access to this workspace only. If the feature
-    is disabled for a workspace, all access is allowed for this workspace. There is support for allow lists
-    (inclusion) and block lists (exclusion).
-    
-    When a connection is attempted: 1. **First, all block lists are checked.** If the connection IP address
-    matches any block list, the connection is rejected. 2. **If the connection was not rejected by block
-    lists**, the IP address is compared with the allow lists.
-    
-    If there is at least one allow list for the workspace, the connection is allowed only if the IP address
-    matches an allow list. If there are no allow lists for the workspace, all IP addresses are allowed.
+class CspEnablementAPI:
+    """Controls whether to enable the compliance security profile for the current workspace. Enabling it on a
+    workspace is permanent. By default, it is turned off.
     
-    For all allow lists and block lists combined, the workspace supports a maximum of 1000 IP/CIDR values,
-    where one CIDR counts as a single value.
-    
-    After changes to the IP access list feature, it can take a few minutes for changes to take effect."""
+    This settings can NOT be disabled once it is enabled."""
 
     def __init__(self, api_client):
         self._api = api_client
 
-    def create(self,
-               label: str,
-               list_type: ListType,
-               *,
-               ip_addresses: Optional[List[str]] = None) -> CreateIpAccessListResponse:
-        """Create access list.
-        
-        Creates an IP access list for this workspace.
+    def get(self, *, etag: Optional[str] = None) -> CspEnablementSetting:
+        """Get the compliance security profile setting.
         
-        A list can be an allow list or a block list. See the top of this file for a description of how the
-        server treats allow lists and block lists at runtime.
-        
-        When creating or updating an IP access list:
+        Gets the compliance security profile setting.
+        
+        :param etag: str (optional)
+          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
+          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
+          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
+          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
+          request, and pass it with the DELETE request to identify the rule set version you are deleting.
+        
+        :returns: :class:`CspEnablementSetting`
+        """
+
+        query = {}
+        if etag is not None: query['etag'] = etag
+        headers = {'Accept': 'application/json', }
+
+        res = self._api.do('GET',
+                           '/api/2.0/settings/types/shield_csp_enablement_ws_db/names/default',
+                           query=query,
+                           headers=headers)
+        return CspEnablementSetting.from_dict(res)
+
+    def update(self, allow_missing: bool, setting: CspEnablementSetting,
+               field_mask: str) -> CspEnablementSetting:
+        """Update the compliance security profile setting.
+        
+        Updates the compliance security profile setting for the workspace. A fresh etag needs to be provided
+        in `PATCH` requests (as part of the setting field). The etag can be retrieved by making a `GET`
+        request before the `PATCH` request. If the setting is updated concurrently, `PATCH` fails with 409 and
+        the request must be retried by using the fresh etag in the 409 response.
+        
+        :param allow_missing: bool
+          This should always be set to true for Settings API. Added for AIP compliance.
+        :param setting: :class:`CspEnablementSetting`
+        :param field_mask: str
+          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
+          setting payload will be updated. The field mask needs to be supplied as single string. To specify
+          multiple fields in the field mask, use comma as the separator (no space).
+        
+        :returns: :class:`CspEnablementSetting`
+        """
+        body = {}
+        if allow_missing is not None: body['allow_missing'] = allow_missing
+        if field_mask is not None: body['field_mask'] = field_mask
+        if setting is not None: body['setting'] = setting.as_dict()
+        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
+
+        res = self._api.do('PATCH',
+                           '/api/2.0/settings/types/shield_csp_enablement_ws_db/names/default',
+                           body=body,
+                           headers=headers)
+        return CspEnablementSetting.from_dict(res)
+
+
+class CspEnablementAccountAPI:
+    """The compliance security profile settings at the account level control whether to enable it for new
+    workspaces. By default, this account-level setting is disabled for new workspaces. After workspace
+    creation, account admins can enable the compliance security profile individually for each workspace.
+    
+    This settings can be disabled so that new workspaces do not have compliance security profile enabled by
+    default."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def get(self, *, etag: Optional[str] = None) -> CspEnablementAccountSetting:
+        """Get the compliance security profile setting for new workspaces.
+        
+        Gets the compliance security profile setting for new workspaces.
+        
+        :param etag: str (optional)
+          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
+          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
+          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
+          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
+          request, and pass it with the DELETE request to identify the rule set version you are deleting.
+        
+        :returns: :class:`CspEnablementAccountSetting`
+        """
+
+        query = {}
+        if etag is not None: query['etag'] = etag
+        headers = {'Accept': 'application/json', }
+
+        res = self._api.do(
+            'GET',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/shield_csp_enablement_ac/names/default',
+            query=query,
+            headers=headers)
+        return CspEnablementAccountSetting.from_dict(res)
+
+    def update(self, allow_missing: bool, setting: CspEnablementAccountSetting,
+               field_mask: str) -> CspEnablementAccountSetting:
+        """Update the compliance security profile setting for new workspaces.
+        
+        Updates the value of the compliance security profile setting for new workspaces.
+        
+        :param allow_missing: bool
+          This should always be set to true for Settings API. Added for AIP compliance.
+        :param setting: :class:`CspEnablementAccountSetting`
+        :param field_mask: str
+          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
+          setting payload will be updated. The field mask needs to be supplied as single string. To specify
+          multiple fields in the field mask, use comma as the separator (no space).
+        
+        :returns: :class:`CspEnablementAccountSetting`
+        """
+        body = {}
+        if allow_missing is not None: body['allow_missing'] = allow_missing
+        if field_mask is not None: body['field_mask'] = field_mask
+        if setting is not None: body['setting'] = setting.as_dict()
+        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
+
+        res = self._api.do(
+            'PATCH',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/shield_csp_enablement_ac/names/default',
+            body=body,
+            headers=headers)
+        return CspEnablementAccountSetting.from_dict(res)
+
+
+class DefaultNamespaceAPI:
+    """The default namespace setting API allows users to configure the default namespace for a Databricks
+    workspace.
+    
+    Through this API, users can retrieve, set, or modify the default namespace used when queries do not
+    reference a fully qualified three-level name. For example, if you use the API to set 'retail_prod' as the
+    default catalog, then a query 'SELECT * FROM myTable' would reference the object
+    'retail_prod.default.myTable' (the schema 'default' is always assumed).
+    
+    This setting requires a restart of clusters and SQL warehouses to take effect. Additionally, the default
+    namespace only applies when using Unity Catalog-enabled compute."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def delete(self, *, etag: Optional[str] = None) -> DeleteDefaultNamespaceSettingResponse:
+        """Delete the default namespace setting.
+        
+        Deletes the default namespace setting for the workspace. A fresh etag needs to be provided in `DELETE`
+        requests (as a query parameter). The etag can be retrieved by making a `GET` request before the
+        `DELETE` request. If the setting is updated/deleted concurrently, `DELETE` fails with 409 and the
+        request must be retried by using the fresh etag in the 409 response.
+        
+        :param etag: str (optional)
+          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
+          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
+          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
+          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
+          request, and pass it with the DELETE request to identify the rule set version you are deleting.
+        
+        :returns: :class:`DeleteDefaultNamespaceSettingResponse`
+        """
+
+        query = {}
+        if etag is not None: query['etag'] = etag
+        headers = {'Accept': 'application/json', }
+
+        res = self._api.do('DELETE',
+                           '/api/2.0/settings/types/default_namespace_ws/names/default',
+                           query=query,
+                           headers=headers)
+        return DeleteDefaultNamespaceSettingResponse.from_dict(res)
+
+    def get(self, *, etag: Optional[str] = None) -> DefaultNamespaceSetting:
+        """Get the default namespace setting.
+        
+        Gets the default namespace setting.
+        
+        :param etag: str (optional)
+          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
+          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
+          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
+          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
+          request, and pass it with the DELETE request to identify the rule set version you are deleting.
+        
+        :returns: :class:`DefaultNamespaceSetting`
+        """
+
+        query = {}
+        if etag is not None: query['etag'] = etag
+        headers = {'Accept': 'application/json', }
+
+        res = self._api.do('GET',
+                           '/api/2.0/settings/types/default_namespace_ws/names/default',
+                           query=query,
+                           headers=headers)
+        return DefaultNamespaceSetting.from_dict(res)
+
+    def update(self, allow_missing: bool, setting: DefaultNamespaceSetting,
+               field_mask: str) -> DefaultNamespaceSetting:
+        """Update the default namespace setting.
+        
+        Updates the default namespace setting for the workspace. A fresh etag needs to be provided in `PATCH`
+        requests (as part of the setting field). The etag can be retrieved by making a `GET` request before
+        the `PATCH` request. Note that if the setting does not exist, `GET` returns a NOT_FOUND error and the
+        etag is present in the error response, which should be set in the `PATCH` request. If the setting is
+        updated concurrently, `PATCH` fails with 409 and the request must be retried by using the fresh etag
+        in the 409 response.
+        
+        :param allow_missing: bool
+          This should always be set to true for Settings API. Added for AIP compliance.
+        :param setting: :class:`DefaultNamespaceSetting`
+          This represents the setting configuration for the default namespace in the Databricks workspace.
+          Setting the default catalog for the workspace determines the catalog that is used when queries do
+          not reference a fully qualified 3 level name. For example, if the default catalog is set to
+          'retail_prod' then a query 'SELECT * FROM myTable' would reference the object
+          'retail_prod.default.myTable' (the schema 'default' is always assumed). This setting requires a
+          restart of clusters and SQL warehouses to take effect. Additionally, the default namespace only
+          applies when using Unity Catalog-enabled compute.
+        :param field_mask: str
+          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
+          setting payload will be updated. The field mask needs to be supplied as single string. To specify
+          multiple fields in the field mask, use comma as the separator (no space).
+        
+        :returns: :class:`DefaultNamespaceSetting`
+        """
+        body = {}
+        if allow_missing is not None: body['allow_missing'] = allow_missing
+        if field_mask is not None: body['field_mask'] = field_mask
+        if setting is not None: body['setting'] = setting.as_dict()
+        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
+
+        res = self._api.do('PATCH',
+                           '/api/2.0/settings/types/default_namespace_ws/names/default',
+                           body=body,
+                           headers=headers)
+        return DefaultNamespaceSetting.from_dict(res)
+
+
+class EsmEnablementAPI:
+    """Controls whether enhanced security monitoring is enabled for the current workspace. If the compliance
+    security profile is enabled, this is automatically enabled. By default, it is disabled. However, if the
+    compliance security profile is enabled, this is automatically enabled.
+    
+    If the compliance security profile is disabled, you can enable or disable this setting and it is not
+    permanent."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def get(self, *, etag: Optional[str] = None) -> EsmEnablementSetting:
+        """Get the enhanced security monitoring setting.
+        
+        Gets the enhanced security monitoring setting.
+        
+        :param etag: str (optional)
+          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
+          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
+          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
+          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
+          request, and pass it with the DELETE request to identify the rule set version you are deleting.
+        
+        :returns: :class:`EsmEnablementSetting`
+        """
+
+        query = {}
+        if etag is not None: query['etag'] = etag
+        headers = {'Accept': 'application/json', }
+
+        res = self._api.do('GET',
+                           '/api/2.0/settings/types/shield_esm_enablement_ws_db/names/default',
+                           query=query,
+                           headers=headers)
+        return EsmEnablementSetting.from_dict(res)
+
+    def update(self, allow_missing: bool, setting: EsmEnablementSetting,
+               field_mask: str) -> EsmEnablementSetting:
+        """Update the enhanced security monitoring setting.
+        
+        Updates the enhanced security monitoring setting for the workspace. A fresh etag needs to be provided
+        in `PATCH` requests (as part of the setting field). The etag can be retrieved by making a `GET`
+        request before the `PATCH` request. If the setting is updated concurrently, `PATCH` fails with 409 and
+        the request must be retried by using the fresh etag in the 409 response.
+        
+        :param allow_missing: bool
+          This should always be set to true for Settings API. Added for AIP compliance.
+        :param setting: :class:`EsmEnablementSetting`
+        :param field_mask: str
+          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
+          setting payload will be updated. The field mask needs to be supplied as single string. To specify
+          multiple fields in the field mask, use comma as the separator (no space).
+        
+        :returns: :class:`EsmEnablementSetting`
+        """
+        body = {}
+        if allow_missing is not None: body['allow_missing'] = allow_missing
+        if field_mask is not None: body['field_mask'] = field_mask
+        if setting is not None: body['setting'] = setting.as_dict()
+        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
+
+        res = self._api.do('PATCH',
+                           '/api/2.0/settings/types/shield_esm_enablement_ws_db/names/default',
+                           body=body,
+                           headers=headers)
+        return EsmEnablementSetting.from_dict(res)
+
+
+class EsmEnablementAccountAPI:
+    """The enhanced security monitoring setting at the account level controls whether to enable the feature on
+    new workspaces. By default, this account-level setting is disabled for new workspaces. After workspace
+    creation, account admins can enable enhanced security monitoring individually for each workspace."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def get(self, *, etag: Optional[str] = None) -> EsmEnablementAccountSetting:
+        """Get the enhanced security monitoring setting for new workspaces.
+        
+        Gets the enhanced security monitoring setting for new workspaces.
+        
+        :param etag: str (optional)
+          etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
+          optimistic concurrency control as a way to help prevent simultaneous writes of a setting overwriting
+          each other. It is strongly suggested that systems make use of the etag in the read -> delete pattern
+          to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
+          request, and pass it with the DELETE request to identify the rule set version you are deleting.
+        
+        :returns: :class:`EsmEnablementAccountSetting`
+        """
+
+        query = {}
+        if etag is not None: query['etag'] = etag
+        headers = {'Accept': 'application/json', }
+
+        res = self._api.do(
+            'GET',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/shield_esm_enablement_ac/names/default',
+            query=query,
+            headers=headers)
+        return EsmEnablementAccountSetting.from_dict(res)
+
+    def update(self, allow_missing: bool, setting: EsmEnablementAccountSetting,
+               field_mask: str) -> EsmEnablementAccountSetting:
+        """Update the enhanced security monitoring setting for new workspaces.
+        
+        Updates the value of the enhanced security monitoring setting for new workspaces.
+        
+        :param allow_missing: bool
+          This should always be set to true for Settings API. Added for AIP compliance.
+        :param setting: :class:`EsmEnablementAccountSetting`
+        :param field_mask: str
+          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
+          setting payload will be updated. The field mask needs to be supplied as single string. To specify
+          multiple fields in the field mask, use comma as the separator (no space).
+        
+        :returns: :class:`EsmEnablementAccountSetting`
+        """
+        body = {}
+        if allow_missing is not None: body['allow_missing'] = allow_missing
+        if field_mask is not None: body['field_mask'] = field_mask
+        if setting is not None: body['setting'] = setting.as_dict()
+        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
+
+        res = self._api.do(
+            'PATCH',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/shield_esm_enablement_ac/names/default',
+            body=body,
+            headers=headers)
+        return EsmEnablementAccountSetting.from_dict(res)
+
+
+class IpAccessListsAPI:
+    """IP Access List enables admins to configure IP access lists.
+    
+    IP access lists affect web application access and REST API access to this workspace only. If the feature
+    is disabled for a workspace, all access is allowed for this workspace. There is support for allow lists
+    (inclusion) and block lists (exclusion).
+    
+    When a connection is attempted: 1. **First, all block lists are checked.** If the connection IP address
+    matches any block list, the connection is rejected. 2. **If the connection was not rejected by block
+    lists**, the IP address is compared with the allow lists.
+    
+    If there is at least one allow list for the workspace, the connection is allowed only if the IP address
+    matches an allow list. If there are no allow lists for the workspace, all IP addresses are allowed.
+    
+    For all allow lists and block lists combined, the workspace supports a maximum of 1000 IP/CIDR values,
+    where one CIDR counts as a single value.
+    
+    After changes to the IP access list feature, it can take a few minutes for changes to take effect."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def create(self,
+               label: str,
+               list_type: ListType,
+               *,
+               ip_addresses: Optional[List[str]] = None) -> CreateIpAccessListResponse:
+        """Create access list.
+        
+        Creates an IP access list for this workspace.
+        
+        A list can be an allow list or a block list. See the top of this file for a description of how the
+        server treats allow lists and block lists at runtime.
+        
+        When creating or updating an IP access list:
         
         * For all allow lists and block lists combined, the API supports a maximum of 1000 IP/CIDR values,
         where one CIDR counts as a single value. Attempts to exceed that number return error 400 with
@@ -2106,12 +3182,7 @@ class IpAccessListsAPI:
 
 class NetworkConnectivityAPI:
     """These APIs provide configurations for the network connectivity of your workspaces for serverless compute
-    resources. This API provides stable subnets for your workspace so that you can configure your firewalls on
-    your Azure Storage accounts to allow access from Databricks. You can also use the API to provision private
-    endpoints for Databricks to privately connect serverless compute resources to your Azure resources using
-    Azure Private Link. See [configure serverless secure connectivity].
-    
-    [configure serverless secure connectivity]: https://learn.microsoft.com/azure/databricks/security/network/serverless-network-security"""
+    resources."""
 
     def __init__(self, api_client):
         self._api = api_client
@@ -2120,25 +3191,13 @@ class NetworkConnectivityAPI:
                                                   region: str) -> NetworkConnectivityConfiguration:
         """Create a network connectivity configuration.
         
-        Creates a network connectivity configuration (NCC), which provides stable Azure service subnets when
-        accessing your Azure Storage accounts. You can also use a network connectivity configuration to create
-        Databricks-managed private endpoints so that Databricks serverless compute resources privately access
-        your resources.
-        
-        **IMPORTANT**: After you create the network connectivity configuration, you must assign one or more
-        workspaces to the new network connectivity configuration. You can share one network connectivity
-        configuration with multiple workspaces from the same Azure region within the same Databricks account.
-        See [configure serverless secure connectivity].
-        
-        [configure serverless secure connectivity]: https://learn.microsoft.com/azure/databricks/security/network/serverless-network-security
-        
         :param name: str
           The name of the network connectivity configuration. The name can contain alphanumeric characters,
           hyphens, and underscores. The length must be between 3 and 30 characters. The name must match the
           regular expression `^[0-9a-zA-Z-_]{3,30}$`.
         :param region: str
-          The Azure region for this network connectivity configuration. Only workspaces in the same Azure
-          region can be attached to this network connectivity configuration.
+          The region for the network connectivity configuration. Only workspaces in the same region can be
+          attached to the network connectivity configuration.
         
         :returns: :class:`NetworkConnectivityConfiguration`
         """
@@ -2340,30 +3399,22 @@ class NetworkConnectivityAPI:
             query['page_token'] = json['next_page_token']
 
 
-class SettingsAPI:
-    """The default namespace setting API allows users to configure the default namespace for a Databricks
-    workspace.
-    
-    Through this API, users can retrieve, set, or modify the default namespace used when queries do not
-    reference a fully qualified three-level name. For example, if you use the API to set 'retail_prod' as the
-    default catalog, then a query 'SELECT * FROM myTable' would reference the object
-    'retail_prod.default.myTable' (the schema 'default' is always assumed).
+class PersonalComputeAPI:
+    """The Personal Compute enablement setting lets you control which users can use the Personal Compute default
+    policy to create compute resources. By default all users in all workspaces have access (ON), but you can
+    change the setting to instead let individual workspaces configure access control (DELEGATE).
     
-    This setting requires a restart of clusters and SQL warehouses to take effect. Additionally, the default
-    namespace only applies when using Unity Catalog-enabled compute."""
+    There is only one instance of this setting per account. Since this setting has a default value, this
+    setting is present on all accounts even though it's never set on a given account. Deletion reverts the
+    value of the setting back to the default value."""
 
     def __init__(self, api_client):
         self._api = api_client
 
-    def delete_default_namespace_setting(self,
-                                         *,
-                                         etag: Optional[str] = None) -> DeleteDefaultNamespaceSettingResponse:
-        """Delete the default namespace setting.
+    def delete(self, *, etag: Optional[str] = None) -> DeletePersonalComputeSettingResponse:
+        """Delete Personal Compute setting.
         
-        Deletes the default namespace setting for the workspace. A fresh etag needs to be provided in DELETE
-        requests (as a query parameter). The etag can be retrieved by making a GET request before the DELETE
-        request. If the setting is updated/deleted concurrently, DELETE will fail with 409 and the request
-        will need to be retried by using the fresh etag in the 409 response.
+        Reverts back the Personal Compute setting value to default (ON)
         
         :param etag: str (optional)
           etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
@@ -2372,29 +3423,24 @@ class SettingsAPI:
           to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
           request, and pass it with the DELETE request to identify the rule set version you are deleting.
         
-        :returns: :class:`DeleteDefaultNamespaceSettingResponse`
+        :returns: :class:`DeletePersonalComputeSettingResponse`
         """
 
         query = {}
         if etag is not None: query['etag'] = etag
         headers = {'Accept': 'application/json', }
 
-        res = self._api.do('DELETE',
-                           '/api/2.0/settings/types/default_namespace_ws/names/default',
-                           query=query,
-                           headers=headers)
-        return DeleteDefaultNamespaceSettingResponse.from_dict(res)
+        res = self._api.do(
+            'DELETE',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/dcp_acct_enable/names/default',
+            query=query,
+            headers=headers)
+        return DeletePersonalComputeSettingResponse.from_dict(res)
 
-    def delete_restrict_workspace_admins_setting(self,
-                                                 *,
-                                                 etag: Optional[str] = None
-                                                 ) -> DeleteRestrictWorkspaceAdminsSettingResponse:
-        """Delete the restrict workspace admins setting.
+    def get(self, *, etag: Optional[str] = None) -> PersonalComputeSetting:
+        """Get Personal Compute setting.
         
-        Reverts the restrict workspace admins setting status for the workspace. A fresh etag needs to be
-        provided in DELETE requests (as a query parameter). The etag can be retrieved by making a GET request
-        before the DELETE request. If the setting is updated/deleted concurrently, DELETE will fail with 409
-        and the request will need to be retried by using the fresh etag in the 409 response.
+        Gets the value of the Personal Compute setting.
         
         :param etag: str (optional)
           etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
@@ -2403,23 +3449,71 @@ class SettingsAPI:
           to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
           request, and pass it with the DELETE request to identify the rule set version you are deleting.
         
-        :returns: :class:`DeleteRestrictWorkspaceAdminsSettingResponse`
+        :returns: :class:`PersonalComputeSetting`
         """
 
         query = {}
         if etag is not None: query['etag'] = etag
         headers = {'Accept': 'application/json', }
 
-        res = self._api.do('DELETE',
-                           '/api/2.0/settings/types/restrict_workspace_admins/names/default',
-                           query=query,
-                           headers=headers)
-        return DeleteRestrictWorkspaceAdminsSettingResponse.from_dict(res)
+        res = self._api.do(
+            'GET',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/dcp_acct_enable/names/default',
+            query=query,
+            headers=headers)
+        return PersonalComputeSetting.from_dict(res)
 
-    def get_default_namespace_setting(self, *, etag: Optional[str] = None) -> DefaultNamespaceSetting:
-        """Get the default namespace setting.
+    def update(self, allow_missing: bool, setting: PersonalComputeSetting,
+               field_mask: str) -> PersonalComputeSetting:
+        """Update Personal Compute setting.
         
-        Gets the default namespace setting.
+        Updates the value of the Personal Compute setting.
+        
+        :param allow_missing: bool
+          This should always be set to true for Settings API. Added for AIP compliance.
+        :param setting: :class:`PersonalComputeSetting`
+        :param field_mask: str
+          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
+          setting payload will be updated. The field mask needs to be supplied as single string. To specify
+          multiple fields in the field mask, use comma as the separator (no space).
+        
+        :returns: :class:`PersonalComputeSetting`
+        """
+        body = {}
+        if allow_missing is not None: body['allow_missing'] = allow_missing
+        if field_mask is not None: body['field_mask'] = field_mask
+        if setting is not None: body['setting'] = setting.as_dict()
+        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
+
+        res = self._api.do(
+            'PATCH',
+            f'/api/2.0/accounts/{self._api.account_id}/settings/types/dcp_acct_enable/names/default',
+            body=body,
+            headers=headers)
+        return PersonalComputeSetting.from_dict(res)
+
+
+class RestrictWorkspaceAdminsAPI:
+    """The Restrict Workspace Admins setting lets you control the capabilities of workspace admins. With the
+    setting status set to ALLOW_ALL, workspace admins can create service principal personal access tokens on
+    behalf of any service principal in their workspace. Workspace admins can also change a job owner to any
+    user in their workspace. And they can change the job run_as setting to any user in their workspace or to a
+    service principal on which they have the Service Principal User role. With the setting status set to
+    RESTRICT_TOKENS_AND_JOB_RUN_AS, workspace admins can only create personal access tokens on behalf of
+    service principals they have the Service Principal User role on. They can also only change a job owner to
+    themselves. And they can change the job run_as setting to themselves or to a service principal on which
+    they have the Service Principal User role."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+    def delete(self, *, etag: Optional[str] = None) -> DeleteRestrictWorkspaceAdminsSettingResponse:
+        """Delete the restrict workspace admins setting.
+        
+        Reverts the restrict workspace admins setting status for the workspace. A fresh etag needs to be
+        provided in `DELETE` requests (as a query parameter). The etag can be retrieved by making a `GET`
+        request before the DELETE request. If the setting is updated/deleted concurrently, `DELETE` fails with
+        409 and the request must be retried by using the fresh etag in the 409 response.
         
         :param etag: str (optional)
           etag used for versioning. The response is at least as fresh as the eTag provided. This is used for
@@ -2428,22 +3522,20 @@ class SettingsAPI:
           to perform setting deletions in order to avoid race conditions. That is, get an etag from a GET
           request, and pass it with the DELETE request to identify the rule set version you are deleting.
         
-        :returns: :class:`DefaultNamespaceSetting`
+        :returns: :class:`DeleteRestrictWorkspaceAdminsSettingResponse`
         """
 
         query = {}
         if etag is not None: query['etag'] = etag
         headers = {'Accept': 'application/json', }
 
-        res = self._api.do('GET',
-                           '/api/2.0/settings/types/default_namespace_ws/names/default',
+        res = self._api.do('DELETE',
+                           '/api/2.0/settings/types/restrict_workspace_admins/names/default',
                            query=query,
                            headers=headers)
-        return DefaultNamespaceSetting.from_dict(res)
+        return DeleteRestrictWorkspaceAdminsSettingResponse.from_dict(res)
 
-    def get_restrict_workspace_admins_setting(self,
-                                              *,
-                                              etag: Optional[str] = None) -> RestrictWorkspaceAdminsSetting:
+    def get(self, *, etag: Optional[str] = None) -> RestrictWorkspaceAdminsSetting:
         """Get the restrict workspace admins setting.
         
         Gets the restrict workspace admins setting.
@@ -2468,55 +3560,14 @@ class SettingsAPI:
                            headers=headers)
         return RestrictWorkspaceAdminsSetting.from_dict(res)
 
-    def update_default_namespace_setting(self, allow_missing: bool, setting: DefaultNamespaceSetting,
-                                         field_mask: str) -> DefaultNamespaceSetting:
-        """Update the default namespace setting.
-        
-        Updates the default namespace setting for the workspace. A fresh etag needs to be provided in PATCH
-        requests (as part of the setting field). The etag can be retrieved by making a GET request before the
-        PATCH request. Note that if the setting does not exist, GET will return a NOT_FOUND error and the etag
-        will be present in the error response, which should be set in the PATCH request. If the setting is
-        updated concurrently, PATCH will fail with 409 and the request will need to be retried by using the
-        fresh etag in the 409 response.
-        
-        :param allow_missing: bool
-          This should always be set to true for Settings API. Added for AIP compliance.
-        :param setting: :class:`DefaultNamespaceSetting`
-          This represents the setting configuration for the default namespace in the Databricks workspace.
-          Setting the default catalog for the workspace determines the catalog that is used when queries do
-          not reference a fully qualified 3 level name. For example, if the default catalog is set to
-          'retail_prod' then a query 'SELECT * FROM myTable' would reference the object
-          'retail_prod.default.myTable' (the schema 'default' is always assumed). This setting requires a
-          restart of clusters and SQL warehouses to take effect. Additionally, the default namespace only
-          applies when using Unity Catalog-enabled compute.
-        :param field_mask: str
-          Field mask is required to be passed into the PATCH request. Field mask specifies which fields of the
-          setting payload will be updated. The field mask needs to be supplied as single string. To specify
-          multiple fields in the field mask, use comma as the separator (no space).
-        
-        :returns: :class:`DefaultNamespaceSetting`
-        """
-        body = {}
-        if allow_missing is not None: body['allow_missing'] = allow_missing
-        if field_mask is not None: body['field_mask'] = field_mask
-        if setting is not None: body['setting'] = setting.as_dict()
-        headers = {'Accept': 'application/json', 'Content-Type': 'application/json', }
-
-        res = self._api.do('PATCH',
-                           '/api/2.0/settings/types/default_namespace_ws/names/default',
-                           body=body,
-                           headers=headers)
-        return DefaultNamespaceSetting.from_dict(res)
-
-    def update_restrict_workspace_admins_setting(self, allow_missing: bool,
-                                                 setting: RestrictWorkspaceAdminsSetting,
-                                                 field_mask: str) -> RestrictWorkspaceAdminsSetting:
+    def update(self, allow_missing: bool, setting: RestrictWorkspaceAdminsSetting,
+               field_mask: str) -> RestrictWorkspaceAdminsSetting:
         """Update the restrict workspace admins setting.
         
         Updates the restrict workspace admins setting for the workspace. A fresh etag needs to be provided in
-        PATCH requests (as part of the setting field). The etag can be retrieved by making a GET request
-        before the PATCH request. If the setting is updated concurrently, PATCH will fail with 409 and the
-        request will need to be retried by using the fresh etag in the 409 response.
+        `PATCH` requests (as part of the setting field). The etag can be retrieved by making a GET request
+        before the `PATCH` request. If the setting is updated concurrently, `PATCH` fails with 409 and the
+        request must be retried by using the fresh etag in the 409 response.
         
         :param allow_missing: bool
           This should always be set to true for Settings API. Added for AIP compliance.
@@ -2541,6 +3592,44 @@ class SettingsAPI:
         return RestrictWorkspaceAdminsSetting.from_dict(res)
 
 
+class SettingsAPI:
+    """Workspace Settings API allows users to manage settings at the workspace level."""
+
+    def __init__(self, api_client):
+        self._api = api_client
+
+        self._automatic_cluster_update = AutomaticClusterUpdateAPI(self._api)
+        self._csp_enablement = CspEnablementAPI(self._api)
+        self._default_namespace = DefaultNamespaceAPI(self._api)
+        self._esm_enablement = EsmEnablementAPI(self._api)
+        self._restrict_workspace_admins = RestrictWorkspaceAdminsAPI(self._api)
+
+    @property
+    def automatic_cluster_update(self) -> AutomaticClusterUpdateAPI:
+        """Controls whether automatic cluster update is enabled for the current workspace."""
+        return self._automatic_cluster_update
+
+    @property
+    def csp_enablement(self) -> CspEnablementAPI:
+        """Controls whether to enable the compliance security profile for the current workspace."""
+        return self._csp_enablement
+
+    @property
+    def default_namespace(self) -> DefaultNamespaceAPI:
+        """The default namespace setting API allows users to configure the default namespace for a Databricks workspace."""
+        return self._default_namespace
+
+    @property
+    def esm_enablement(self) -> EsmEnablementAPI:
+        """Controls whether enhanced security monitoring is enabled for the current workspace."""
+        return self._esm_enablement
+
+    @property
+    def restrict_workspace_admins(self) -> RestrictWorkspaceAdminsAPI:
+        """The Restrict Workspace Admins setting lets you control the capabilities of workspace admins."""
+        return self._restrict_workspace_admins
+
+
 class TokenManagementAPI:
     """Enables administrators to get all tokens and delete tokens for other users. Admins can either get every
     token, get a specific token by ID, or get all tokens for a particular user."""