elasticsearch 8.13.2__py3-none-any.whl → 8.15.0__py3-none-any.whl

elasticsearch/_async/client/security.py

@@ -32,7 +32,7 @@ class SecurityClient(NamespacedClient):
         self,
         *,
         grant_type: t.Optional[
-            t.Union["t.Literal['access_token', 'password']", str]
+            t.Union[str, t.Literal["access_token", "password"]]
         ] = None,
         access_token: t.Optional[str] = None,
         error_trace: t.Optional[bool] = None,
@@ -44,9 +44,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates or updates the user profile on behalf of another user.
+        Creates or updates a user profile on behalf of another user.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-activate-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-activate-user-profile.html>`_
 
         :param grant_type:
         :param access_token:
@@ -97,10 +97,14 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Enables authentication as a user and retrieve information about the authenticated
-        user.
+        Enables you to submit a request with a basic auth header to authenticate a user
+        and retrieve information about the authenticated user. A successful call returns
+        a JSON structure that shows user information such as their username, the roles
+        that are assigned to the user, any assigned metadata, and information about the
+        realms that authenticated and authorized the user. If the user cannot be authenticated,
+        this API returns a 401 status code.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-authenticate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-authenticate.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/_authenticate"
@@ -123,6 +127,122 @@ class SecurityClient(NamespacedClient):
             path_parts=__path_parts,
         )
 
+    @_rewrite_parameters(
+        body_fields=("names",),
+    )
+    async def bulk_delete_role(
+        self,
+        *,
+        names: t.Optional[t.Sequence[str]] = None,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        refresh: t.Optional[
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
+        ] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The bulk delete roles API cannot delete
+        roles that are defined in roles files.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-bulk-delete-role.html>`_
+
+        :param names: An array of role names to delete
+        :param refresh: If `true` (the default) then refresh the affected shards to make
+            this operation visible to search, if `wait_for` then wait for a refresh to
+            make this operation visible to search, if `false` then do nothing with refreshes.
+        """
+        if names is None and body is None:
+            raise ValueError("Empty value passed for parameter 'names'")
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/role"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if refresh is not None:
+            __query["refresh"] = refresh
+        if not __body:
+            if names is not None:
+                __body["names"] = names
+        __headers = {"accept": "application/json", "content-type": "application/json"}
+        return await self.perform_request(  # type: ignore[return-value]
+            "DELETE",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.bulk_delete_role",
+            path_parts=__path_parts,
+        )
+
+    @_rewrite_parameters(
+        body_fields=("roles",),
+    )
+    async def bulk_put_role(
+        self,
+        *,
+        roles: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        refresh: t.Optional[
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
+        ] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The bulk create or update roles API cannot
+        update roles that are defined in roles files.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-bulk-put-role.html>`_
+
+        :param roles: A dictionary of role name to RoleDescriptor objects to add or update
+        :param refresh: If `true` (the default) then refresh the affected shards to make
+            this operation visible to search, if `wait_for` then wait for a refresh to
+            make this operation visible to search, if `false` then do nothing with refreshes.
+        """
+        if roles is None and body is None:
+            raise ValueError("Empty value passed for parameter 'roles'")
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/role"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if refresh is not None:
+            __query["refresh"] = refresh
+        if not __body:
+            if roles is not None:
+                __body["roles"] = roles
+        __headers = {"accept": "application/json", "content-type": "application/json"}
+        return await self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.bulk_put_role",
+            path_parts=__path_parts,
+        )
+
     @_rewrite_parameters(
         body_fields=("password", "password_hash"),
     )
@@ -137,14 +257,14 @@ class SecurityClient(NamespacedClient):
         password_hash: t.Optional[str] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Changes the passwords of users in the native realm and built-in users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-change-password.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-change-password.html>`_
 
         :param username: The user whose password you want to change. If you do not specify
             this parameter, the password is changed for the current user.
@@ -204,9 +324,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Clear a subset or all entries from the API key cache.
+        Evicts a subset of all entries from the API key cache. The cache is also automatically
+        cleared on state changes of the security index.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-clear-api-key-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-api-key-cache.html>`_
 
         :param ids: Comma-separated list of API key IDs to evict from the API key cache.
             To evict all API keys, use `*`. Does not support other wildcard patterns.
@@ -247,7 +368,7 @@ class SecurityClient(NamespacedClient):
         """
         Evicts application privileges from the native application privileges cache.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-clear-privilege-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-privilege-cache.html>`_
 
         :param application: A comma-separated list of application names
         """
@@ -289,7 +410,7 @@ class SecurityClient(NamespacedClient):
         Evicts users from the user cache. Can completely clear the cache or evict specific
         users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-clear-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-cache.html>`_
 
         :param realms: Comma-separated list of realms to clear
         :param usernames: Comma-separated list of usernames to clear from the cache
@@ -332,7 +453,7 @@ class SecurityClient(NamespacedClient):
         """
         Evicts roles from the native role cache.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-clear-role-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-role-cache.html>`_
 
         :param name: Role name
         """
@@ -374,7 +495,7 @@ class SecurityClient(NamespacedClient):
         """
         Evicts tokens from the service account token caches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-clear-service-token-caches.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-service-token-caches.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -418,22 +539,26 @@ class SecurityClient(NamespacedClient):
         self,
         *,
         error_trace: t.Optional[bool] = None,
-        expiration: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None,
+        expiration: t.Optional[t.Union[str, t.Literal[-1], t.Literal[0]]] = None,
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         human: t.Optional[bool] = None,
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         name: t.Optional[str] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         role_descriptors: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates an API key for access without requiring basic authentication.
+        Creates an API key for access without requiring basic authentication. A successful
+        request returns a JSON structure that contains the API key, its unique id, and
+        its name. If applicable, it also returns expiration information for the API key
+        in milliseconds. NOTE: By default, API keys never expire. You can specify expiration
+        information when you create the API keys.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-create-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-create-api-key.html>`_
 
         :param expiration: Expiration time for the API key. By default, API keys never
             expire.
@@ -499,13 +624,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a service account token for access without requiring basic authentication.
+        Creates a service accounts token for access without requiring basic authentication.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-create-service-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-create-service-token.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -569,13 +694,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Removes application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-delete-privilege.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-privilege.html>`_
 
         :param application: Application name
         :param name: Privilege name
@@ -625,13 +750,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Removes roles in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-delete-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-role.html>`_
 
         :param name: Role name
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -673,13 +798,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Removes role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-delete-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-role-mapping.html>`_
 
         :param name: Role-mapping name
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -723,13 +848,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Deletes a service account token.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-delete-service-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-service-token.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -781,13 +906,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Deletes users from the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-delete-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-user.html>`_
 
         :param username: username
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -829,13 +954,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Disables users in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-disable-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-disable-user.html>`_
 
         :param username: The username of the user to disable
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -877,13 +1002,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Disables a user profile so it's not visible in user profile searches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-disable-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-disable-user-profile.html>`_
 
         :param uid: Unique identifier for the user profile.
         :param refresh: If 'true', Elasticsearch refreshes the affected shards to make
@@ -925,13 +1050,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Enables users in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-enable-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-enable-user.html>`_
 
         :param username: The username of the user to enable
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -973,13 +1098,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Enables a user profile so it's visible in user profile searches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-enable-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-enable-user-profile.html>`_
 
         :param uid: Unique identifier for the user profile.
         :param refresh: If 'true', Elasticsearch refreshes the affected shards to make
@@ -1021,10 +1146,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Allows a kibana instance to configure itself to communicate with a secured elasticsearch
-        cluster.
+        Enables a Kibana instance to configure itself for communication with a secured
+        Elasticsearch cluster.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-kibana-enrollment.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-kibana-enrollment.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/enroll/kibana"
@@ -1057,9 +1182,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Allows a new node to enroll to an existing cluster with security enabled.
+        Allows a new node to join an existing cluster with security features enabled.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-node-enrollment.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-node-enrollment.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/enroll/node"
@@ -1097,11 +1222,15 @@ class SecurityClient(NamespacedClient):
         realm_name: t.Optional[str] = None,
         username: t.Optional[str] = None,
         with_limited_by: t.Optional[bool] = None,
+        with_profile_uid: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for one or more API keys.
+        Retrieves information for one or more API keys. NOTE: If you have only the `manage_own_api_key`
+        privilege, this API returns only the API keys that you own. If you have `read_security`,
+        `manage_api_key` or greater privileges (including `manage_security`), this API
+        returns all API keys regardless of ownership.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-api-key.html>`_
 
         :param active_only: A boolean flag that can be used to query API keys that are
             currently active. An API key is considered active if it is neither invalidated,
@@ -1123,6 +1252,8 @@ class SecurityClient(NamespacedClient):
         :param with_limited_by: Return the snapshot of the owner user's role descriptors
             associated with the API key. An API key's actual permission is the intersection
             of its assigned role descriptors and the owner user's role descriptors.
+        :param with_profile_uid: Determines whether to also retrieve the profile uid,
+            for the API key owner principal, if it exists.
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/api_key"
@@ -1149,6 +1280,8 @@ class SecurityClient(NamespacedClient):
             __query["username"] = username
         if with_limited_by is not None:
             __query["with_limited_by"] = with_limited_by
+        if with_profile_uid is not None:
+            __query["with_profile_uid"] = with_profile_uid
         __headers = {"accept": "application/json"}
         return await self.perform_request(  # type: ignore[return-value]
             "GET",
@@ -1172,7 +1305,7 @@ class SecurityClient(NamespacedClient):
         Retrieves the list of cluster privileges and index privileges that are available
         in this version of Elasticsearch.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-builtin-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-builtin-privileges.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/privilege/_builtin"
@@ -1209,7 +1342,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-privileges.html>`_
 
         :param application: Application name
         :param name: Privilege name
@@ -1254,9 +1387,11 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves roles in the native realm.
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The get roles API cannot retrieve roles
+        that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-role.html>`_
 
         :param name: The name of the role. You can specify multiple roles as a comma-separated
             list. If you do not specify this parameter, the API returns information about
@@ -1301,7 +1436,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-role-mapping.html>`_
 
         :param name: The distinct name that identifies the role mapping. The name is
             used solely as an identifier to facilitate interaction via the API; it does
@@ -1347,9 +1482,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information about service accounts.
+        This API returns a list of service accounts that match the provided path parameter(s).
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-service-accounts.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-service-accounts.html>`_
 
         :param namespace: Name of the namespace. Omit this parameter to retrieve information
             about all service accounts. If you omit this parameter, you must also omit
@@ -1400,7 +1535,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves information of all service credentials for a service account.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-service-credentials.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-service-credentials.html>`_
 
         :param namespace: Name of the namespace.
         :param service: Name of the service name.
@@ -1450,8 +1585,10 @@ class SecurityClient(NamespacedClient):
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         grant_type: t.Optional[
             t.Union[
-                "t.Literal['_kerberos', 'client_credentials', 'password', 'refresh_token']",
                 str,
+                t.Literal[
+                    "_kerberos", "client_credentials", "password", "refresh_token"
+                ],
             ]
         ] = None,
         human: t.Optional[bool] = None,
@@ -1466,7 +1603,7 @@ class SecurityClient(NamespacedClient):
         """
         Creates a bearer token for access without requiring basic authentication.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-token.html>`_
 
         :param grant_type:
         :param kerberos_ticket:
@@ -1525,7 +1662,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves information about users in the native realm and built-in users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user.html>`_
 
         :param username: An identifier for the user. You can specify multiple usernames
             as a comma-separated list. If you omit this parameter, the API retrieves
@@ -1576,7 +1713,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves security privileges for the logged in user.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-user-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user-privileges.html>`_
 
         :param application: The name of the application. Application privileges are always
             associated with exactly one application. If you do not specify this parameter,
@@ -1624,9 +1761,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves user profiles for the given unique ID(s).
+        Retrieves a user's profile using the unique profile ID.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-get-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user-profile.html>`_
 
         :param uid: A unique identifier for the user profile.
         :param data: List of filters for the `data` field of the profile document. To
@@ -1675,7 +1812,7 @@ class SecurityClient(NamespacedClient):
         *,
         api_key: t.Optional[t.Mapping[str, t.Any]] = None,
         grant_type: t.Optional[
-            t.Union["t.Literal['access_token', 'password']", str]
+            t.Union[str, t.Literal["access_token", "password"]]
         ] = None,
         access_token: t.Optional[str] = None,
         error_trace: t.Optional[bool] = None,
@@ -1688,9 +1825,23 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates an API key on behalf of another user.
-
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-grant-api-key.html>`_
+        Creates an API key on behalf of another user. This API is similar to Create API
+        keys, however it creates the API key for a user that is different than the user
+        that runs the API. The caller must have authentication credentials (either an
+        access token, or a username and password) for the user on whose behalf the API
+        key will be created. It is not possible to use this API to create an API key
+        without that user’s credentials. The user, for whom the authentication credentials
+        is provided, can optionally "run as" (impersonate) another user. In this case,
+        the API key will be created on behalf of the impersonated user. This API is intended
+        be used by applications that need to create and manage API keys for end users,
+        but cannot guarantee that those users have permission to create API keys on their
+        own behalf. A successful grant API key API call returns a JSON structure that
+        contains the API key, its unique id, and its name. If applicable, it also returns
+        expiration information for the API key in milliseconds. By default, API keys
+        never expire. You can specify expiration information when you create the API
+        keys.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-grant-api-key.html>`_
 
         :param api_key: Defines the API key.
         :param grant_type: The type of grant. Supported grant types are: `access_token`,
@@ -1756,8 +1907,68 @@ class SecurityClient(NamespacedClient):
         cluster: t.Optional[
             t.Sequence[
                 t.Union[
-                    "t.Literal['all', 'cancel_task', 'create_snapshot', 'cross_cluster_replication', 'cross_cluster_search', 'delegate_pki', 'grant_api_key', 'manage', 'manage_api_key', 'manage_autoscaling', 'manage_behavioral_analytics', 'manage_ccr', 'manage_data_frame_transforms', 'manage_enrich', 'manage_ilm', 'manage_index_templates', 'manage_ingest_pipelines', 'manage_logstash_pipelines', 'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml', 'manage_search_application', 'manage_search_query_rules', 'manage_search_synonyms', 'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform', 'manage_user_profile', 'manage_watcher', 'monitor', 'monitor_data_frame_transforms', 'monitor_enrich', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure', 'monitor_transform', 'monitor_watcher', 'none', 'post_behavioral_analytics_event', 'read_ccr', 'read_connector_secrets', 'read_fleet_secrets', 'read_ilm', 'read_pipeline', 'read_security', 'read_slm', 'transport_client', 'write_connector_secrets', 'write_fleet_secrets']",
                     str,
+                    t.Literal[
+                        "all",
+                        "cancel_task",
+                        "create_snapshot",
+                        "cross_cluster_replication",
+                        "cross_cluster_search",
+                        "delegate_pki",
+                        "grant_api_key",
+                        "manage",
+                        "manage_api_key",
+                        "manage_autoscaling",
+                        "manage_behavioral_analytics",
+                        "manage_ccr",
+                        "manage_data_frame_transforms",
+                        "manage_data_stream_global_retention",
+                        "manage_enrich",
+                        "manage_ilm",
+                        "manage_index_templates",
+                        "manage_inference",
+                        "manage_ingest_pipelines",
+                        "manage_logstash_pipelines",
+                        "manage_ml",
+                        "manage_oidc",
+                        "manage_own_api_key",
+                        "manage_pipeline",
+                        "manage_rollup",
+                        "manage_saml",
+                        "manage_search_application",
+                        "manage_search_query_rules",
+                        "manage_search_synonyms",
+                        "manage_security",
+                        "manage_service_account",
+                        "manage_slm",
+                        "manage_token",
+                        "manage_transform",
+                        "manage_user_profile",
+                        "manage_watcher",
+                        "monitor",
+                        "monitor_data_frame_transforms",
+                        "monitor_data_stream_global_retention",
+                        "monitor_enrich",
+                        "monitor_inference",
+                        "monitor_ml",
+                        "monitor_rollup",
+                        "monitor_snapshot",
+                        "monitor_text_structure",
+                        "monitor_transform",
+                        "monitor_watcher",
+                        "none",
+                        "post_behavioral_analytics_event",
+                        "read_ccr",
+                        "read_connector_secrets",
+                        "read_fleet_secrets",
+                        "read_ilm",
+                        "read_pipeline",
+                        "read_security",
+                        "read_slm",
+                        "transport_client",
+                        "write_connector_secrets",
+                        "write_fleet_secrets",
+                    ],
                 ]
             ]
         ] = None,
@@ -1771,7 +1982,7 @@ class SecurityClient(NamespacedClient):
         """
         Determines whether the specified user has a specified list of privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-has-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-has-privileges.html>`_
 
         :param user: Username
         :param application:
@@ -1831,7 +2042,7 @@ class SecurityClient(NamespacedClient):
         Determines whether the users associated with the specified profile IDs have all
         the requested privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-has-privileges-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-has-privileges-user-profile.html>`_
 
         :param privileges:
         :param uids: A list of profile IDs. The privileges are checked for associated
@@ -1888,9 +2099,15 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Invalidates one or more API keys.
+        Invalidates one or more API keys. The `manage_api_key` privilege allows deleting
+        any API keys. The `manage_own_api_key` only allows deleting API keys that are
+        owned by the user. In addition, with the `manage_own_api_key` privilege, an invalidation
+        request must be issued in one of the three formats: - Set the parameter `owner=true`.
+        - Or, set both `username` and `realm_name` to match the user’s identity. - Or,
+        if the request is issued by an API key, i.e. an API key invalidates itself, specify
+        its ID in the `ids` field.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-invalidate-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-invalidate-api-key.html>`_
 
         :param id:
         :param ids: A list of API key ids. This parameter cannot be used with any of
@@ -1961,7 +2178,7 @@ class SecurityClient(NamespacedClient):
         """
         Invalidates one or more access tokens or refresh tokens.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-invalidate-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-invalidate-token.html>`_
 
         :param realm_name:
         :param refresh_token:
@@ -2015,13 +2232,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Adds or updates application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-put-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-privileges.html>`_
 
         :param privileges:
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -2063,6 +2280,7 @@ class SecurityClient(NamespacedClient):
         body_fields=(
             "applications",
             "cluster",
+            "description",
             "global_",
             "indices",
             "metadata",
@@ -2079,11 +2297,72 @@ class SecurityClient(NamespacedClient):
         cluster: t.Optional[
             t.Sequence[
                 t.Union[
-                    "t.Literal['all', 'cancel_task', 'create_snapshot', 'cross_cluster_replication', 'cross_cluster_search', 'delegate_pki', 'grant_api_key', 'manage', 'manage_api_key', 'manage_autoscaling', 'manage_behavioral_analytics', 'manage_ccr', 'manage_data_frame_transforms', 'manage_enrich', 'manage_ilm', 'manage_index_templates', 'manage_ingest_pipelines', 'manage_logstash_pipelines', 'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml', 'manage_search_application', 'manage_search_query_rules', 'manage_search_synonyms', 'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform', 'manage_user_profile', 'manage_watcher', 'monitor', 'monitor_data_frame_transforms', 'monitor_enrich', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure', 'monitor_transform', 'monitor_watcher', 'none', 'post_behavioral_analytics_event', 'read_ccr', 'read_connector_secrets', 'read_fleet_secrets', 'read_ilm', 'read_pipeline', 'read_security', 'read_slm', 'transport_client', 'write_connector_secrets', 'write_fleet_secrets']",
                     str,
+                    t.Literal[
+                        "all",
+                        "cancel_task",
+                        "create_snapshot",
+                        "cross_cluster_replication",
+                        "cross_cluster_search",
+                        "delegate_pki",
+                        "grant_api_key",
+                        "manage",
+                        "manage_api_key",
+                        "manage_autoscaling",
+                        "manage_behavioral_analytics",
+                        "manage_ccr",
+                        "manage_data_frame_transforms",
+                        "manage_data_stream_global_retention",
+                        "manage_enrich",
+                        "manage_ilm",
+                        "manage_index_templates",
+                        "manage_inference",
+                        "manage_ingest_pipelines",
+                        "manage_logstash_pipelines",
+                        "manage_ml",
+                        "manage_oidc",
+                        "manage_own_api_key",
+                        "manage_pipeline",
+                        "manage_rollup",
+                        "manage_saml",
+                        "manage_search_application",
+                        "manage_search_query_rules",
+                        "manage_search_synonyms",
+                        "manage_security",
+                        "manage_service_account",
+                        "manage_slm",
+                        "manage_token",
+                        "manage_transform",
+                        "manage_user_profile",
+                        "manage_watcher",
+                        "monitor",
+                        "monitor_data_frame_transforms",
+                        "monitor_data_stream_global_retention",
+                        "monitor_enrich",
+                        "monitor_inference",
+                        "monitor_ml",
+                        "monitor_rollup",
+                        "monitor_snapshot",
+                        "monitor_text_structure",
+                        "monitor_transform",
+                        "monitor_watcher",
+                        "none",
+                        "post_behavioral_analytics_event",
+                        "read_ccr",
+                        "read_connector_secrets",
+                        "read_fleet_secrets",
+                        "read_ilm",
+                        "read_pipeline",
+                        "read_security",
+                        "read_slm",
+                        "transport_client",
+                        "write_connector_secrets",
+                        "write_fleet_secrets",
+                    ],
                 ]
             ]
         ] = None,
+        description: t.Optional[str] = None,
         error_trace: t.Optional[bool] = None,
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         global_: t.Optional[t.Mapping[str, t.Any]] = None,
@@ -2092,21 +2371,24 @@ class SecurityClient(NamespacedClient):
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         run_as: t.Optional[t.Sequence[str]] = None,
         transient_metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Adds and updates roles in the native realm.
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The create or update roles API cannot
+        update roles that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-put-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-role.html>`_
 
         :param name: The name of the role.
         :param applications: A list of application privilege entries.
         :param cluster: A list of cluster privileges. These privileges define the cluster-level
             actions for users with this role.
+        :param description: Optional description of the role descriptor
         :param global_: An object defining global privileges. A global privilege is a
             form of cluster privilege that is request-aware. Support for global privileges
             is currently limited to the management of application privileges.
@@ -2117,6 +2399,9 @@ class SecurityClient(NamespacedClient):
             this operation visible to search, if `wait_for` then wait for a refresh to
             make this operation visible to search, if `false` then do nothing with refreshes.
         :param run_as: A list of users that the owners of this role can impersonate.
+            *Note*: in Serverless, the run-as feature is disabled. For API compatibility,
+            you can still specify an empty `run_as` field, but a non-empty list will
+            be rejected.
         :param transient_metadata: Indicates roles that might be incompatible with the
             current cluster license, specifically roles with document and field level
             security. When the cluster license doesn’t allow certain features for a given
@@ -2145,6 +2430,8 @@ class SecurityClient(NamespacedClient):
                 __body["applications"] = applications
             if cluster is not None:
                 __body["cluster"] = cluster
+            if description is not None:
+                __body["description"] = description
             if global_ is not None:
                 __body["global"] = global_
             if indices is not None:
@@ -2187,7 +2474,7 @@ class SecurityClient(NamespacedClient):
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         role_templates: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
         roles: t.Optional[t.Sequence[str]] = None,
@@ -2198,7 +2485,7 @@ class SecurityClient(NamespacedClient):
         """
         Creates and updates role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-put-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-role-mapping.html>`_
 
         :param name: Role-mapping name
         :param enabled:
@@ -2277,7 +2564,7 @@ class SecurityClient(NamespacedClient):
         password_hash: t.Optional[str] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         roles: t.Optional[t.Sequence[str]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
@@ -2286,7 +2573,7 @@ class SecurityClient(NamespacedClient):
         Adds and updates users in the native realm. These users are commonly referred
         to as native users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-put-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-user.html>`_
 
         :param username: The username of the User
         :param email:
@@ -2377,12 +2664,14 @@ class SecurityClient(NamespacedClient):
         ] = None,
         typed_keys: t.Optional[bool] = None,
         with_limited_by: t.Optional[bool] = None,
+        with_profile_uid: t.Optional[bool] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for API keys using a subset of query DSL
+        Retrieves information for API keys in a paginated manner. You can optionally
+        filter the results with a query.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-query-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-api-key.html>`_
 
         :param aggregations: Any aggregations to run over the corpus of returned API
             keys. Aggregations and queries work together. Aggregations are computed only
@@ -2418,6 +2707,8 @@ class SecurityClient(NamespacedClient):
         :param with_limited_by: Return the snapshot of the owner user's role descriptors
             associated with the API key. An API key's actual permission is the intersection
             of its assigned role descriptors and the owner user's role descriptors.
+        :param with_profile_uid: Determines whether to also retrieve the profile uid,
+            for the API key owner principal, if it exists.
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/_query/api_key"
@@ -2446,6 +2737,8 @@ class SecurityClient(NamespacedClient):
             __query["typed_keys"] = typed_keys
         if with_limited_by is not None:
             __query["with_limited_by"] = with_limited_by
+        if with_profile_uid is not None:
+            __query["with_profile_uid"] = with_profile_uid
         if not __body:
             if aggregations is not None:
                 __body["aggregations"] = aggregations
@@ -2476,6 +2769,181 @@ class SecurityClient(NamespacedClient):
             path_parts=__path_parts,
         )
 
+    @_rewrite_parameters(
+        body_fields=("from_", "query", "search_after", "size", "sort"),
+        parameter_aliases={"from": "from_"},
+    )
+    async def query_role(
+        self,
+        *,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        from_: t.Optional[int] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        query: t.Optional[t.Mapping[str, t.Any]] = None,
+        search_after: t.Optional[
+            t.Sequence[t.Union[None, bool, float, int, str, t.Any]]
+        ] = None,
+        size: t.Optional[int] = None,
+        sort: t.Optional[
+            t.Union[
+                t.Sequence[t.Union[str, t.Mapping[str, t.Any]]],
+                t.Union[str, t.Mapping[str, t.Any]],
+            ]
+        ] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        Retrieves roles in a paginated manner. You can optionally filter the results
+        with a query.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-role.html>`_
+
+        :param from_: Starting document offset. By default, you cannot page through more
+            than 10,000 hits using the from and size parameters. To page through more
+            hits, use the `search_after` parameter.
+        :param query: A query to filter which roles to return. If the query parameter
+            is missing, it is equivalent to a `match_all` query. The query supports a
+            subset of query types, including `match_all`, `bool`, `term`, `terms`, `match`,
+            `ids`, `prefix`, `wildcard`, `exists`, `range`, and `simple_query_string`.
+            You can query the following information associated with roles: `name`, `description`,
+            `metadata`, `applications.application`, `applications.privileges`, `applications.resources`.
+        :param search_after: Search after definition
+        :param size: The number of hits to return. By default, you cannot page through
+            more than 10,000 hits using the `from` and `size` parameters. To page through
+            more hits, use the `search_after` parameter.
+        :param sort: All public fields of a role are eligible for sorting. In addition,
+            sort can also be applied to the `_doc` field to sort by index order.
+        """
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/_query/role"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if not __body:
+            if from_ is not None:
+                __body["from"] = from_
+            if query is not None:
+                __body["query"] = query
+            if search_after is not None:
+                __body["search_after"] = search_after
+            if size is not None:
+                __body["size"] = size
+            if sort is not None:
+                __body["sort"] = sort
+        if not __body:
+            __body = None  # type: ignore[assignment]
+        __headers = {"accept": "application/json"}
+        if __body is not None:
+            __headers["content-type"] = "application/json"
+        return await self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.query_role",
+            path_parts=__path_parts,
+        )
+
+    @_rewrite_parameters(
+        body_fields=("from_", "query", "search_after", "size", "sort"),
+        parameter_aliases={"from": "from_"},
+    )
+    async def query_user(
+        self,
+        *,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        from_: t.Optional[int] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        query: t.Optional[t.Mapping[str, t.Any]] = None,
+        search_after: t.Optional[
+            t.Sequence[t.Union[None, bool, float, int, str, t.Any]]
+        ] = None,
+        size: t.Optional[int] = None,
+        sort: t.Optional[
+            t.Union[
+                t.Sequence[t.Union[str, t.Mapping[str, t.Any]]],
+                t.Union[str, t.Mapping[str, t.Any]],
+            ]
+        ] = None,
+        with_profile_uid: t.Optional[bool] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        Retrieves information for Users in a paginated manner. You can optionally filter
+        the results with a query.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-user.html>`_
+
+        :param from_: Starting document offset. By default, you cannot page through more
+            than 10,000 hits using the from and size parameters. To page through more
+            hits, use the `search_after` parameter.
+        :param query: A query to filter which users to return. If the query parameter
+            is missing, it is equivalent to a `match_all` query. The query supports a
+            subset of query types, including `match_all`, `bool`, `term`, `terms`, `match`,
+            `ids`, `prefix`, `wildcard`, `exists`, `range`, and `simple_query_string`.
+            You can query the following information associated with user: `username`,
+            `roles`, `enabled`
+        :param search_after: Search after definition
+        :param size: The number of hits to return. By default, you cannot page through
+            more than 10,000 hits using the `from` and `size` parameters. To page through
+            more hits, use the `search_after` parameter.
+        :param sort: Fields eligible for sorting are: username, roles, enabled In addition,
+            sort can also be applied to the `_doc` field to sort by index order.
+        :param with_profile_uid: If true will return the User Profile ID for the users
+            in the query result, if any.
+        """
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/_query/user"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if with_profile_uid is not None:
+            __query["with_profile_uid"] = with_profile_uid
+        if not __body:
+            if from_ is not None:
+                __body["from"] = from_
+            if query is not None:
+                __body["query"] = query
+            if search_after is not None:
+                __body["search_after"] = search_after
+            if size is not None:
+                __body["size"] = size
+            if sort is not None:
+                __body["sort"] = sort
+        if not __body:
+            __body = None  # type: ignore[assignment]
+        __headers = {"accept": "application/json"}
+        if __body is not None:
+            __headers["content-type"] = "application/json"
+        return await self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.query_user",
+            path_parts=__path_parts,
+        )
+
     @_rewrite_parameters(
         body_fields=("content", "ids", "realm"),
     )
@@ -2492,10 +2960,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Exchanges a SAML Response message for an Elasticsearch access token and refresh
-        token pair
+        Submits a SAML Response message to Elasticsearch for consumption.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-saml-authenticate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-authenticate.html>`_
 
         :param content: The SAML response as it was sent by the user’s browser, usually
             a Base64 encoded XML document.
@@ -2555,9 +3022,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Verifies the logout response sent from the SAML IdP
+        Verifies the logout response sent from the SAML IdP.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-saml-complete-logout.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-complete-logout.html>`_
 
         :param ids: A json array with all the valid SAML Request Ids that the caller
             of the API has for the current user.
@@ -2621,9 +3088,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Consumes a SAML LogoutRequest
+        Submits a SAML LogoutRequest message to Elasticsearch for consumption.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-saml-invalidate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-invalidate.html>`_
 
         :param query_string: The query part of the URL that the user was redirected to
             by the SAML IdP to initiate the Single Logout. This query should include
@@ -2688,10 +3155,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Invalidates an access token and a refresh token that were generated via the SAML
-        Authenticate API
+        Submits a request to invalidate an access token and refresh token.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-saml-logout.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-logout.html>`_
 
         :param token: The access token that was returned as a response to calling the
             SAML authenticate API. Alternatively, the most recent token that was received
@@ -2746,9 +3212,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a SAML authentication request
+        Creates a SAML authentication request (<AuthnRequest>) as a URL string, based
+        on the configuration of the respective SAML realm in Elasticsearch.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-saml-prepare-authentication.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-prepare-authentication.html>`_
 
         :param acs: The Assertion Consumer Service URL that matches the one of the SAML
             realms in Elasticsearch. The realm is used to generate the authentication
@@ -2801,9 +3268,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Generates SAML metadata for the Elastic stack SAML 2.0 Service Provider
+        Generate SAML metadata for a SAML 2.0 Service Provider.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-saml-sp-metadata.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-sp-metadata.html>`_
 
         :param realm_name: The name of the SAML realm in Elasticsearch.
         """
@@ -2849,7 +3316,7 @@ class SecurityClient(NamespacedClient):
         """
         Get suggestions for user profiles that match specified search criteria.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-suggest-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-suggest-user-profile.html>`_
 
         :param data: List of filters for the `data` field of the profile document. To
             return all content use `data=*`. To return a subset of content use `data=<key>`
@@ -2907,7 +3374,7 @@ class SecurityClient(NamespacedClient):
         *,
         id: str,
         error_trace: t.Optional[bool] = None,
-        expiration: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None,
+        expiration: t.Optional[t.Union[str, t.Literal[-1], t.Literal[0]]] = None,
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         human: t.Optional[bool] = None,
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
@@ -2916,9 +3383,24 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Updates attributes of an existing API key.
-
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-update-api-key.html>`_
+        Updates attributes of an existing API key. Users can only update API keys that
+        they created or that were granted to them. Use this API to update API keys created
+        by the create API Key or grant API Key APIs. If you need to apply the same update
+        to many API keys, you can use bulk update API Keys to reduce overhead. It’s not
+        possible to update expired API keys, or API keys that have been invalidated by
+        invalidate API Key. This API supports updates to an API key’s access scope and
+        metadata. The access scope of an API key is derived from the `role_descriptors`
+        you specify in the request, and a snapshot of the owner user’s permissions at
+        the time of the request. The snapshot of the owner’s permissions is updated automatically
+        on every call. If you don’t specify `role_descriptors` in the request, a call
+        to this API might still change the API key’s access scope. This change can occur
+        if the owner user’s permissions have changed since the API key was created or
+        last modified. To update another user’s API key, use the `run_as` feature to
+        submit a request on behalf of another user. IMPORTANT: It’s not possible to use
+        an API key as the authentication credential for this API. To update an API key,
+        the owner user’s credentials are required.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-update-api-key.html>`_
 
         :param id: The ID of the API key to update.
         :param expiration: Expiration time for the API key.
@@ -2986,14 +3468,15 @@ class SecurityClient(NamespacedClient):
         labels: t.Optional[t.Mapping[str, t.Any]] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Update application specific data for the user profile of the given unique ID.
+        Updates specific data for the user profile that's associated with the specified
+        unique ID.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.13/security-api-update-user-profile-data.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-update-user-profile-data.html>`_
 
         :param uid: A unique identifier for the user profile.
         :param data: Non-searchable data that you want to associate with the user profile.