elasticsearch 8.14.0__py3-none-any.whl → 8.15.0__py3-none-any.whl

elasticsearch/_sync/client/security.py

@@ -32,7 +32,7 @@ class SecurityClient(NamespacedClient):
         self,
         *,
         grant_type: t.Optional[
-            t.Union["t.Literal['access_token', 'password']", str]
+            t.Union[str, t.Literal["access_token", "password"]]
         ] = None,
         access_token: t.Optional[str] = None,
         error_trace: t.Optional[bool] = None,
@@ -44,9 +44,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates or updates the user profile on behalf of another user.
+        Creates or updates a user profile on behalf of another user.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-activate-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-activate-user-profile.html>`_
 
         :param grant_type:
         :param access_token:
@@ -97,10 +97,14 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Enables authentication as a user and retrieve information about the authenticated
-        user.
+        Enables you to submit a request with a basic auth header to authenticate a user
+        and retrieve information about the authenticated user. A successful call returns
+        a JSON structure that shows user information such as their username, the roles
+        that are assigned to the user, any assigned metadata, and information about the
+        realms that authenticated and authorized the user. If the user cannot be authenticated,
+        this API returns a 401 status code.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-authenticate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-authenticate.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/_authenticate"
@@ -123,6 +127,122 @@ class SecurityClient(NamespacedClient):
             path_parts=__path_parts,
         )
 
+    @_rewrite_parameters(
+        body_fields=("names",),
+    )
+    def bulk_delete_role(
+        self,
+        *,
+        names: t.Optional[t.Sequence[str]] = None,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        refresh: t.Optional[
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
+        ] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The bulk delete roles API cannot delete
+        roles that are defined in roles files.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-bulk-delete-role.html>`_
+
+        :param names: An array of role names to delete
+        :param refresh: If `true` (the default) then refresh the affected shards to make
+            this operation visible to search, if `wait_for` then wait for a refresh to
+            make this operation visible to search, if `false` then do nothing with refreshes.
+        """
+        if names is None and body is None:
+            raise ValueError("Empty value passed for parameter 'names'")
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/role"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if refresh is not None:
+            __query["refresh"] = refresh
+        if not __body:
+            if names is not None:
+                __body["names"] = names
+        __headers = {"accept": "application/json", "content-type": "application/json"}
+        return self.perform_request(  # type: ignore[return-value]
+            "DELETE",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.bulk_delete_role",
+            path_parts=__path_parts,
+        )
+
+    @_rewrite_parameters(
+        body_fields=("roles",),
+    )
+    def bulk_put_role(
+        self,
+        *,
+        roles: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        refresh: t.Optional[
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
+        ] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The bulk create or update roles API cannot
+        update roles that are defined in roles files.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-bulk-put-role.html>`_
+
+        :param roles: A dictionary of role name to RoleDescriptor objects to add or update
+        :param refresh: If `true` (the default) then refresh the affected shards to make
+            this operation visible to search, if `wait_for` then wait for a refresh to
+            make this operation visible to search, if `false` then do nothing with refreshes.
+        """
+        if roles is None and body is None:
+            raise ValueError("Empty value passed for parameter 'roles'")
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/role"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if refresh is not None:
+            __query["refresh"] = refresh
+        if not __body:
+            if roles is not None:
+                __body["roles"] = roles
+        __headers = {"accept": "application/json", "content-type": "application/json"}
+        return self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.bulk_put_role",
+            path_parts=__path_parts,
+        )
+
     @_rewrite_parameters(
         body_fields=("password", "password_hash"),
     )
@@ -137,14 +257,14 @@ class SecurityClient(NamespacedClient):
         password_hash: t.Optional[str] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Changes the passwords of users in the native realm and built-in users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-change-password.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-change-password.html>`_
 
         :param username: The user whose password you want to change. If you do not specify
             this parameter, the password is changed for the current user.
@@ -204,9 +324,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Clear a subset or all entries from the API key cache.
+        Evicts a subset of all entries from the API key cache. The cache is also automatically
+        cleared on state changes of the security index.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-api-key-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-api-key-cache.html>`_
 
         :param ids: Comma-separated list of API key IDs to evict from the API key cache.
             To evict all API keys, use `*`. Does not support other wildcard patterns.
@@ -247,7 +368,7 @@ class SecurityClient(NamespacedClient):
         """
         Evicts application privileges from the native application privileges cache.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-privilege-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-privilege-cache.html>`_
 
         :param application: A comma-separated list of application names
         """
@@ -289,7 +410,7 @@ class SecurityClient(NamespacedClient):
         Evicts users from the user cache. Can completely clear the cache or evict specific
         users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-cache.html>`_
 
         :param realms: Comma-separated list of realms to clear
         :param usernames: Comma-separated list of usernames to clear from the cache
@@ -332,7 +453,7 @@ class SecurityClient(NamespacedClient):
         """
         Evicts roles from the native role cache.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-role-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-role-cache.html>`_
 
         :param name: Role name
         """
@@ -374,7 +495,7 @@ class SecurityClient(NamespacedClient):
         """
         Evicts tokens from the service account token caches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-service-token-caches.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-service-token-caches.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -418,22 +539,26 @@ class SecurityClient(NamespacedClient):
         self,
         *,
         error_trace: t.Optional[bool] = None,
-        expiration: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None,
+        expiration: t.Optional[t.Union[str, t.Literal[-1], t.Literal[0]]] = None,
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         human: t.Optional[bool] = None,
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         name: t.Optional[str] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         role_descriptors: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates an API key for access without requiring basic authentication.
+        Creates an API key for access without requiring basic authentication. A successful
+        request returns a JSON structure that contains the API key, its unique id, and
+        its name. If applicable, it also returns expiration information for the API key
+        in milliseconds. NOTE: By default, API keys never expire. You can specify expiration
+        information when you create the API keys.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-create-api-key.html>`_
 
         :param expiration: Expiration time for the API key. By default, API keys never
             expire.
@@ -499,13 +624,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a service account token for access without requiring basic authentication.
+        Creates a service accounts token for access without requiring basic authentication.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-service-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-create-service-token.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -569,13 +694,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Removes application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-privilege.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-privilege.html>`_
 
         :param application: Application name
         :param name: Privilege name
@@ -625,13 +750,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Removes roles in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-role.html>`_
 
         :param name: Role name
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -673,13 +798,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Removes role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-role-mapping.html>`_
 
         :param name: Role-mapping name
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -723,13 +848,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Deletes a service account token.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-service-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-service-token.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -781,13 +906,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Deletes users from the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-user.html>`_
 
         :param username: username
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -829,13 +954,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Disables users in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-disable-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-disable-user.html>`_
 
         :param username: The username of the user to disable
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -877,13 +1002,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Disables a user profile so it's not visible in user profile searches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-disable-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-disable-user-profile.html>`_
 
         :param uid: Unique identifier for the user profile.
         :param refresh: If 'true', Elasticsearch refreshes the affected shards to make
@@ -925,13 +1050,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Enables users in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-enable-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-enable-user.html>`_
 
         :param username: The username of the user to enable
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -973,13 +1098,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Enables a user profile so it's visible in user profile searches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-enable-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-enable-user-profile.html>`_
 
         :param uid: Unique identifier for the user profile.
         :param refresh: If 'true', Elasticsearch refreshes the affected shards to make
@@ -1021,10 +1146,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Allows a kibana instance to configure itself to communicate with a secured elasticsearch
-        cluster.
+        Enables a Kibana instance to configure itself for communication with a secured
+        Elasticsearch cluster.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-kibana-enrollment.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-kibana-enrollment.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/enroll/kibana"
@@ -1057,9 +1182,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Allows a new node to enroll to an existing cluster with security enabled.
+        Allows a new node to join an existing cluster with security features enabled.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-node-enrollment.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-node-enrollment.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/enroll/node"
@@ -1100,9 +1225,12 @@ class SecurityClient(NamespacedClient):
         with_profile_uid: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for one or more API keys.
+        Retrieves information for one or more API keys. NOTE: If you have only the `manage_own_api_key`
+        privilege, this API returns only the API keys that you own. If you have `read_security`,
+        `manage_api_key` or greater privileges (including `manage_security`), this API
+        returns all API keys regardless of ownership.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-api-key.html>`_
 
         :param active_only: A boolean flag that can be used to query API keys that are
             currently active. An API key is considered active if it is neither invalidated,
@@ -1177,7 +1305,7 @@ class SecurityClient(NamespacedClient):
         Retrieves the list of cluster privileges and index privileges that are available
         in this version of Elasticsearch.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-builtin-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-builtin-privileges.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/privilege/_builtin"
@@ -1214,7 +1342,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-privileges.html>`_
 
         :param application: Application name
         :param name: Privilege name
@@ -1259,9 +1387,11 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves roles in the native realm.
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The get roles API cannot retrieve roles
+        that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-role.html>`_
 
         :param name: The name of the role. You can specify multiple roles as a comma-separated
             list. If you do not specify this parameter, the API returns information about
@@ -1306,7 +1436,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-role-mapping.html>`_
 
         :param name: The distinct name that identifies the role mapping. The name is
             used solely as an identifier to facilitate interaction via the API; it does
@@ -1352,9 +1482,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information about service accounts.
+        This API returns a list of service accounts that match the provided path parameter(s).
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-service-accounts.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-service-accounts.html>`_
 
         :param namespace: Name of the namespace. Omit this parameter to retrieve information
             about all service accounts. If you omit this parameter, you must also omit
@@ -1405,7 +1535,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves information of all service credentials for a service account.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-service-credentials.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-service-credentials.html>`_
 
         :param namespace: Name of the namespace.
         :param service: Name of the service name.
@@ -1455,8 +1585,10 @@ class SecurityClient(NamespacedClient):
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         grant_type: t.Optional[
             t.Union[
-                "t.Literal['_kerberos', 'client_credentials', 'password', 'refresh_token']",
                 str,
+                t.Literal[
+                    "_kerberos", "client_credentials", "password", "refresh_token"
+                ],
             ]
         ] = None,
         human: t.Optional[bool] = None,
@@ -1471,7 +1603,7 @@ class SecurityClient(NamespacedClient):
         """
         Creates a bearer token for access without requiring basic authentication.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-token.html>`_
 
         :param grant_type:
         :param kerberos_ticket:
@@ -1530,7 +1662,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves information about users in the native realm and built-in users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user.html>`_
 
         :param username: An identifier for the user. You can specify multiple usernames
             as a comma-separated list. If you omit this parameter, the API retrieves
@@ -1581,7 +1713,7 @@ class SecurityClient(NamespacedClient):
         """
         Retrieves security privileges for the logged in user.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-user-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user-privileges.html>`_
 
         :param application: The name of the application. Application privileges are always
             associated with exactly one application. If you do not specify this parameter,
@@ -1629,9 +1761,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves user profiles for the given unique ID(s).
+        Retrieves a user's profile using the unique profile ID.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user-profile.html>`_
 
         :param uid: A unique identifier for the user profile.
         :param data: List of filters for the `data` field of the profile document. To
@@ -1680,7 +1812,7 @@ class SecurityClient(NamespacedClient):
         *,
         api_key: t.Optional[t.Mapping[str, t.Any]] = None,
         grant_type: t.Optional[
-            t.Union["t.Literal['access_token', 'password']", str]
+            t.Union[str, t.Literal["access_token", "password"]]
         ] = None,
         access_token: t.Optional[str] = None,
         error_trace: t.Optional[bool] = None,
@@ -1693,9 +1825,23 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates an API key on behalf of another user.
-
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-grant-api-key.html>`_
+        Creates an API key on behalf of another user. This API is similar to Create API
+        keys, however it creates the API key for a user that is different than the user
+        that runs the API. The caller must have authentication credentials (either an
+        access token, or a username and password) for the user on whose behalf the API
+        key will be created. It is not possible to use this API to create an API key
+        without that user’s credentials. The user, for whom the authentication credentials
+        is provided, can optionally "run as" (impersonate) another user. In this case,
+        the API key will be created on behalf of the impersonated user. This API is intended
+        be used by applications that need to create and manage API keys for end users,
+        but cannot guarantee that those users have permission to create API keys on their
+        own behalf. A successful grant API key API call returns a JSON structure that
+        contains the API key, its unique id, and its name. If applicable, it also returns
+        expiration information for the API key in milliseconds. By default, API keys
+        never expire. You can specify expiration information when you create the API
+        keys.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-grant-api-key.html>`_
 
         :param api_key: Defines the API key.
         :param grant_type: The type of grant. Supported grant types are: `access_token`,
@@ -1761,8 +1907,68 @@ class SecurityClient(NamespacedClient):
         cluster: t.Optional[
             t.Sequence[
                 t.Union[
-                    "t.Literal['all', 'cancel_task', 'create_snapshot', 'cross_cluster_replication', 'cross_cluster_search', 'delegate_pki', 'grant_api_key', 'manage', 'manage_api_key', 'manage_autoscaling', 'manage_behavioral_analytics', 'manage_ccr', 'manage_data_frame_transforms', 'manage_data_stream_global_retention', 'manage_enrich', 'manage_ilm', 'manage_index_templates', 'manage_inference', 'manage_ingest_pipelines', 'manage_logstash_pipelines', 'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml', 'manage_search_application', 'manage_search_query_rules', 'manage_search_synonyms', 'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform', 'manage_user_profile', 'manage_watcher', 'monitor', 'monitor_data_frame_transforms', 'monitor_data_stream_global_retention', 'monitor_enrich', 'monitor_inference', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure', 'monitor_transform', 'monitor_watcher', 'none', 'post_behavioral_analytics_event', 'read_ccr', 'read_connector_secrets', 'read_fleet_secrets', 'read_ilm', 'read_pipeline', 'read_security', 'read_slm', 'transport_client', 'write_connector_secrets', 'write_fleet_secrets']",
                     str,
+                    t.Literal[
+                        "all",
+                        "cancel_task",
+                        "create_snapshot",
+                        "cross_cluster_replication",
+                        "cross_cluster_search",
+                        "delegate_pki",
+                        "grant_api_key",
+                        "manage",
+                        "manage_api_key",
+                        "manage_autoscaling",
+                        "manage_behavioral_analytics",
+                        "manage_ccr",
+                        "manage_data_frame_transforms",
+                        "manage_data_stream_global_retention",
+                        "manage_enrich",
+                        "manage_ilm",
+                        "manage_index_templates",
+                        "manage_inference",
+                        "manage_ingest_pipelines",
+                        "manage_logstash_pipelines",
+                        "manage_ml",
+                        "manage_oidc",
+                        "manage_own_api_key",
+                        "manage_pipeline",
+                        "manage_rollup",
+                        "manage_saml",
+                        "manage_search_application",
+                        "manage_search_query_rules",
+                        "manage_search_synonyms",
+                        "manage_security",
+                        "manage_service_account",
+                        "manage_slm",
+                        "manage_token",
+                        "manage_transform",
+                        "manage_user_profile",
+                        "manage_watcher",
+                        "monitor",
+                        "monitor_data_frame_transforms",
+                        "monitor_data_stream_global_retention",
+                        "monitor_enrich",
+                        "monitor_inference",
+                        "monitor_ml",
+                        "monitor_rollup",
+                        "monitor_snapshot",
+                        "monitor_text_structure",
+                        "monitor_transform",
+                        "monitor_watcher",
+                        "none",
+                        "post_behavioral_analytics_event",
+                        "read_ccr",
+                        "read_connector_secrets",
+                        "read_fleet_secrets",
+                        "read_ilm",
+                        "read_pipeline",
+                        "read_security",
+                        "read_slm",
+                        "transport_client",
+                        "write_connector_secrets",
+                        "write_fleet_secrets",
+                    ],
                 ]
             ]
         ] = None,
@@ -1776,7 +1982,7 @@ class SecurityClient(NamespacedClient):
         """
         Determines whether the specified user has a specified list of privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-has-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-has-privileges.html>`_
 
         :param user: Username
         :param application:
@@ -1836,7 +2042,7 @@ class SecurityClient(NamespacedClient):
         Determines whether the users associated with the specified profile IDs have all
         the requested privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-has-privileges-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-has-privileges-user-profile.html>`_
 
         :param privileges:
         :param uids: A list of profile IDs. The privileges are checked for associated
@@ -1893,9 +2099,15 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Invalidates one or more API keys.
+        Invalidates one or more API keys. The `manage_api_key` privilege allows deleting
+        any API keys. The `manage_own_api_key` only allows deleting API keys that are
+        owned by the user. In addition, with the `manage_own_api_key` privilege, an invalidation
+        request must be issued in one of the three formats: - Set the parameter `owner=true`.
+        - Or, set both `username` and `realm_name` to match the user’s identity. - Or,
+        if the request is issued by an API key, i.e. an API key invalidates itself, specify
+        its ID in the `ids` field.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-invalidate-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-invalidate-api-key.html>`_
 
         :param id:
         :param ids: A list of API key ids. This parameter cannot be used with any of
@@ -1966,7 +2178,7 @@ class SecurityClient(NamespacedClient):
         """
         Invalidates one or more access tokens or refresh tokens.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-invalidate-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-invalidate-token.html>`_
 
         :param realm_name:
         :param refresh_token:
@@ -2020,13 +2232,13 @@ class SecurityClient(NamespacedClient):
         human: t.Optional[bool] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
         Adds or updates application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-privileges.html>`_
 
         :param privileges:
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -2068,6 +2280,7 @@ class SecurityClient(NamespacedClient):
         body_fields=(
             "applications",
             "cluster",
+            "description",
             "global_",
             "indices",
             "metadata",
@@ -2084,11 +2297,72 @@ class SecurityClient(NamespacedClient):
         cluster: t.Optional[
             t.Sequence[
                 t.Union[
-                    "t.Literal['all', 'cancel_task', 'create_snapshot', 'cross_cluster_replication', 'cross_cluster_search', 'delegate_pki', 'grant_api_key', 'manage', 'manage_api_key', 'manage_autoscaling', 'manage_behavioral_analytics', 'manage_ccr', 'manage_data_frame_transforms', 'manage_data_stream_global_retention', 'manage_enrich', 'manage_ilm', 'manage_index_templates', 'manage_inference', 'manage_ingest_pipelines', 'manage_logstash_pipelines', 'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml', 'manage_search_application', 'manage_search_query_rules', 'manage_search_synonyms', 'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform', 'manage_user_profile', 'manage_watcher', 'monitor', 'monitor_data_frame_transforms', 'monitor_data_stream_global_retention', 'monitor_enrich', 'monitor_inference', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure', 'monitor_transform', 'monitor_watcher', 'none', 'post_behavioral_analytics_event', 'read_ccr', 'read_connector_secrets', 'read_fleet_secrets', 'read_ilm', 'read_pipeline', 'read_security', 'read_slm', 'transport_client', 'write_connector_secrets', 'write_fleet_secrets']",
                     str,
+                    t.Literal[
+                        "all",
+                        "cancel_task",
+                        "create_snapshot",
+                        "cross_cluster_replication",
+                        "cross_cluster_search",
+                        "delegate_pki",
+                        "grant_api_key",
+                        "manage",
+                        "manage_api_key",
+                        "manage_autoscaling",
+                        "manage_behavioral_analytics",
+                        "manage_ccr",
+                        "manage_data_frame_transforms",
+                        "manage_data_stream_global_retention",
+                        "manage_enrich",
+                        "manage_ilm",
+                        "manage_index_templates",
+                        "manage_inference",
+                        "manage_ingest_pipelines",
+                        "manage_logstash_pipelines",
+                        "manage_ml",
+                        "manage_oidc",
+                        "manage_own_api_key",
+                        "manage_pipeline",
+                        "manage_rollup",
+                        "manage_saml",
+                        "manage_search_application",
+                        "manage_search_query_rules",
+                        "manage_search_synonyms",
+                        "manage_security",
+                        "manage_service_account",
+                        "manage_slm",
+                        "manage_token",
+                        "manage_transform",
+                        "manage_user_profile",
+                        "manage_watcher",
+                        "monitor",
+                        "monitor_data_frame_transforms",
+                        "monitor_data_stream_global_retention",
+                        "monitor_enrich",
+                        "monitor_inference",
+                        "monitor_ml",
+                        "monitor_rollup",
+                        "monitor_snapshot",
+                        "monitor_text_structure",
+                        "monitor_transform",
+                        "monitor_watcher",
+                        "none",
+                        "post_behavioral_analytics_event",
+                        "read_ccr",
+                        "read_connector_secrets",
+                        "read_fleet_secrets",
+                        "read_ilm",
+                        "read_pipeline",
+                        "read_security",
+                        "read_slm",
+                        "transport_client",
+                        "write_connector_secrets",
+                        "write_fleet_secrets",
+                    ],
                 ]
             ]
         ] = None,
+        description: t.Optional[str] = None,
         error_trace: t.Optional[bool] = None,
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         global_: t.Optional[t.Mapping[str, t.Any]] = None,
@@ -2097,21 +2371,24 @@ class SecurityClient(NamespacedClient):
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         run_as: t.Optional[t.Sequence[str]] = None,
         transient_metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Adds and updates roles in the native realm.
+        The role management APIs are generally the preferred way to manage roles, rather
+        than using file-based role management. The create or update roles API cannot
+        update roles that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-role.html>`_
 
         :param name: The name of the role.
         :param applications: A list of application privilege entries.
         :param cluster: A list of cluster privileges. These privileges define the cluster-level
             actions for users with this role.
+        :param description: Optional description of the role descriptor
         :param global_: An object defining global privileges. A global privilege is a
             form of cluster privilege that is request-aware. Support for global privileges
             is currently limited to the management of application privileges.
@@ -2122,6 +2399,9 @@ class SecurityClient(NamespacedClient):
             this operation visible to search, if `wait_for` then wait for a refresh to
             make this operation visible to search, if `false` then do nothing with refreshes.
         :param run_as: A list of users that the owners of this role can impersonate.
+            *Note*: in Serverless, the run-as feature is disabled. For API compatibility,
+            you can still specify an empty `run_as` field, but a non-empty list will
+            be rejected.
         :param transient_metadata: Indicates roles that might be incompatible with the
             current cluster license, specifically roles with document and field level
             security. When the cluster license doesn’t allow certain features for a given
@@ -2150,6 +2430,8 @@ class SecurityClient(NamespacedClient):
                 __body["applications"] = applications
             if cluster is not None:
                 __body["cluster"] = cluster
+            if description is not None:
+                __body["description"] = description
             if global_ is not None:
                 __body["global"] = global_
             if indices is not None:
@@ -2192,7 +2474,7 @@ class SecurityClient(NamespacedClient):
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         role_templates: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
         roles: t.Optional[t.Sequence[str]] = None,
@@ -2203,7 +2485,7 @@ class SecurityClient(NamespacedClient):
         """
         Creates and updates role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-role-mapping.html>`_
 
         :param name: Role-mapping name
         :param enabled:
@@ -2282,7 +2564,7 @@ class SecurityClient(NamespacedClient):
         password_hash: t.Optional[str] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         roles: t.Optional[t.Sequence[str]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
@@ -2291,7 +2573,7 @@ class SecurityClient(NamespacedClient):
         Adds and updates users in the native realm. These users are commonly referred
         to as native users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-user.html>`_
 
         :param username: The username of the User
         :param email:
@@ -2386,9 +2668,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for API keys using a subset of query DSL
+        Retrieves information for API keys in a paginated manner. You can optionally
+        filter the results with a query.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-query-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-api-key.html>`_
 
         :param aggregations: Any aggregations to run over the corpus of returned API
             keys. Aggregations and queries work together. Aggregations are computed only
@@ -2486,6 +2769,181 @@ class SecurityClient(NamespacedClient):
             path_parts=__path_parts,
         )
 
+    @_rewrite_parameters(
+        body_fields=("from_", "query", "search_after", "size", "sort"),
+        parameter_aliases={"from": "from_"},
+    )
+    def query_role(
+        self,
+        *,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        from_: t.Optional[int] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        query: t.Optional[t.Mapping[str, t.Any]] = None,
+        search_after: t.Optional[
+            t.Sequence[t.Union[None, bool, float, int, str, t.Any]]
+        ] = None,
+        size: t.Optional[int] = None,
+        sort: t.Optional[
+            t.Union[
+                t.Sequence[t.Union[str, t.Mapping[str, t.Any]]],
+                t.Union[str, t.Mapping[str, t.Any]],
+            ]
+        ] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        Retrieves roles in a paginated manner. You can optionally filter the results
+        with a query.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-role.html>`_
+
+        :param from_: Starting document offset. By default, you cannot page through more
+            than 10,000 hits using the from and size parameters. To page through more
+            hits, use the `search_after` parameter.
+        :param query: A query to filter which roles to return. If the query parameter
+            is missing, it is equivalent to a `match_all` query. The query supports a
+            subset of query types, including `match_all`, `bool`, `term`, `terms`, `match`,
+            `ids`, `prefix`, `wildcard`, `exists`, `range`, and `simple_query_string`.
+            You can query the following information associated with roles: `name`, `description`,
+            `metadata`, `applications.application`, `applications.privileges`, `applications.resources`.
+        :param search_after: Search after definition
+        :param size: The number of hits to return. By default, you cannot page through
+            more than 10,000 hits using the `from` and `size` parameters. To page through
+            more hits, use the `search_after` parameter.
+        :param sort: All public fields of a role are eligible for sorting. In addition,
+            sort can also be applied to the `_doc` field to sort by index order.
+        """
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/_query/role"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if not __body:
+            if from_ is not None:
+                __body["from"] = from_
+            if query is not None:
+                __body["query"] = query
+            if search_after is not None:
+                __body["search_after"] = search_after
+            if size is not None:
+                __body["size"] = size
+            if sort is not None:
+                __body["sort"] = sort
+        if not __body:
+            __body = None  # type: ignore[assignment]
+        __headers = {"accept": "application/json"}
+        if __body is not None:
+            __headers["content-type"] = "application/json"
+        return self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.query_role",
+            path_parts=__path_parts,
+        )
+
+    @_rewrite_parameters(
+        body_fields=("from_", "query", "search_after", "size", "sort"),
+        parameter_aliases={"from": "from_"},
+    )
+    def query_user(
+        self,
+        *,
+        error_trace: t.Optional[bool] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        from_: t.Optional[int] = None,
+        human: t.Optional[bool] = None,
+        pretty: t.Optional[bool] = None,
+        query: t.Optional[t.Mapping[str, t.Any]] = None,
+        search_after: t.Optional[
+            t.Sequence[t.Union[None, bool, float, int, str, t.Any]]
+        ] = None,
+        size: t.Optional[int] = None,
+        sort: t.Optional[
+            t.Union[
+                t.Sequence[t.Union[str, t.Mapping[str, t.Any]]],
+                t.Union[str, t.Mapping[str, t.Any]],
+            ]
+        ] = None,
+        with_profile_uid: t.Optional[bool] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        Retrieves information for Users in a paginated manner. You can optionally filter
+        the results with a query.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-user.html>`_
+
+        :param from_: Starting document offset. By default, you cannot page through more
+            than 10,000 hits using the from and size parameters. To page through more
+            hits, use the `search_after` parameter.
+        :param query: A query to filter which users to return. If the query parameter
+            is missing, it is equivalent to a `match_all` query. The query supports a
+            subset of query types, including `match_all`, `bool`, `term`, `terms`, `match`,
+            `ids`, `prefix`, `wildcard`, `exists`, `range`, and `simple_query_string`.
+            You can query the following information associated with user: `username`,
+            `roles`, `enabled`
+        :param search_after: Search after definition
+        :param size: The number of hits to return. By default, you cannot page through
+            more than 10,000 hits using the `from` and `size` parameters. To page through
+            more hits, use the `search_after` parameter.
+        :param sort: Fields eligible for sorting are: username, roles, enabled In addition,
+            sort can also be applied to the `_doc` field to sort by index order.
+        :param with_profile_uid: If true will return the User Profile ID for the users
+            in the query result, if any.
+        """
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/_query/user"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if with_profile_uid is not None:
+            __query["with_profile_uid"] = with_profile_uid
+        if not __body:
+            if from_ is not None:
+                __body["from"] = from_
+            if query is not None:
+                __body["query"] = query
+            if search_after is not None:
+                __body["search_after"] = search_after
+            if size is not None:
+                __body["size"] = size
+            if sort is not None:
+                __body["sort"] = sort
+        if not __body:
+            __body = None  # type: ignore[assignment]
+        __headers = {"accept": "application/json"}
+        if __body is not None:
+            __headers["content-type"] = "application/json"
+        return self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.query_user",
+            path_parts=__path_parts,
+        )
+
     @_rewrite_parameters(
         body_fields=("content", "ids", "realm"),
     )
@@ -2502,10 +2960,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Exchanges a SAML Response message for an Elasticsearch access token and refresh
-        token pair
+        Submits a SAML Response message to Elasticsearch for consumption.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-authenticate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-authenticate.html>`_
 
         :param content: The SAML response as it was sent by the user’s browser, usually
             a Base64 encoded XML document.
@@ -2565,9 +3022,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Verifies the logout response sent from the SAML IdP
+        Verifies the logout response sent from the SAML IdP.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-complete-logout.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-complete-logout.html>`_
 
         :param ids: A json array with all the valid SAML Request Ids that the caller
             of the API has for the current user.
@@ -2631,9 +3088,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Consumes a SAML LogoutRequest
+        Submits a SAML LogoutRequest message to Elasticsearch for consumption.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-invalidate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-invalidate.html>`_
 
         :param query_string: The query part of the URL that the user was redirected to
             by the SAML IdP to initiate the Single Logout. This query should include
@@ -2698,10 +3155,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Invalidates an access token and a refresh token that were generated via the SAML
-        Authenticate API
+        Submits a request to invalidate an access token and refresh token.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-logout.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-logout.html>`_
 
         :param token: The access token that was returned as a response to calling the
             SAML authenticate API. Alternatively, the most recent token that was received
@@ -2756,9 +3212,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a SAML authentication request
+        Creates a SAML authentication request (<AuthnRequest>) as a URL string, based
+        on the configuration of the respective SAML realm in Elasticsearch.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-prepare-authentication.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-prepare-authentication.html>`_
 
         :param acs: The Assertion Consumer Service URL that matches the one of the SAML
             realms in Elasticsearch. The realm is used to generate the authentication
@@ -2811,9 +3268,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Generates SAML metadata for the Elastic stack SAML 2.0 Service Provider
+        Generate SAML metadata for a SAML 2.0 Service Provider.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-sp-metadata.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-sp-metadata.html>`_
 
         :param realm_name: The name of the SAML realm in Elasticsearch.
         """
@@ -2859,7 +3316,7 @@ class SecurityClient(NamespacedClient):
         """
         Get suggestions for user profiles that match specified search criteria.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-suggest-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-suggest-user-profile.html>`_
 
         :param data: List of filters for the `data` field of the profile document. To
             return all content use `data=*`. To return a subset of content use `data=<key>`
@@ -2917,7 +3374,7 @@ class SecurityClient(NamespacedClient):
         *,
         id: str,
         error_trace: t.Optional[bool] = None,
-        expiration: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None,
+        expiration: t.Optional[t.Union[str, t.Literal[-1], t.Literal[0]]] = None,
         filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
         human: t.Optional[bool] = None,
         metadata: t.Optional[t.Mapping[str, t.Any]] = None,
@@ -2926,9 +3383,24 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Updates attributes of an existing API key.
-
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-update-api-key.html>`_
+        Updates attributes of an existing API key. Users can only update API keys that
+        they created or that were granted to them. Use this API to update API keys created
+        by the create API Key or grant API Key APIs. If you need to apply the same update
+        to many API keys, you can use bulk update API Keys to reduce overhead. It’s not
+        possible to update expired API keys, or API keys that have been invalidated by
+        invalidate API Key. This API supports updates to an API key’s access scope and
+        metadata. The access scope of an API key is derived from the `role_descriptors`
+        you specify in the request, and a snapshot of the owner user’s permissions at
+        the time of the request. The snapshot of the owner’s permissions is updated automatically
+        on every call. If you don’t specify `role_descriptors` in the request, a call
+        to this API might still change the API key’s access scope. This change can occur
+        if the owner user’s permissions have changed since the API key was created or
+        last modified. To update another user’s API key, use the `run_as` feature to
+        submit a request on behalf of another user. IMPORTANT: It’s not possible to use
+        an API key as the authentication credential for this API. To update an API key,
+        the owner user’s credentials are required.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-update-api-key.html>`_
 
         :param id: The ID of the API key to update.
         :param expiration: Expiration time for the API key.
@@ -2996,14 +3468,15 @@ class SecurityClient(NamespacedClient):
         labels: t.Optional[t.Mapping[str, t.Any]] = None,
         pretty: t.Optional[bool] = None,
         refresh: t.Optional[
-            t.Union["t.Literal['false', 'true', 'wait_for']", bool, str]
+            t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Update application specific data for the user profile of the given unique ID.
+        Updates specific data for the user profile that's associated with the specified
+        unique ID.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-update-user-profile-data.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-update-user-profile-data.html>`_
 
         :param uid: A unique identifier for the user profile.
         :param data: Non-searchable data that you want to associate with the user profile.