elasticsearch 8.15.0__py3-none-any.whl → 8.16.0__py3-none-any.whl

elasticsearch/_sync/client/security.py

@@ -44,9 +44,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates or updates a user profile on behalf of another user.
+        Activate a user profile. Create or update a user profile on behalf of another
+        user.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-activate-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-activate-user-profile.html>`_
 
         :param grant_type:
         :param access_token:
@@ -97,14 +98,14 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Enables you to submit a request with a basic auth header to authenticate a user
-        and retrieve information about the authenticated user. A successful call returns
-        a JSON structure that shows user information such as their username, the roles
-        that are assigned to the user, any assigned metadata, and information about the
-        realms that authenticated and authorized the user. If the user cannot be authenticated,
-        this API returns a 401 status code.
+        Authenticate a user. Authenticates a user and returns information about the authenticated
+        user. Include the user information in a [basic auth header](https://en.wikipedia.org/wiki/Basic_access_authentication).
+        A successful call returns a JSON structure that shows user information such as
+        their username, the roles that are assigned to the user, any assigned metadata,
+        and information about the realms that authenticated and authorized the user.
+        If the user cannot be authenticated, this API returns a 401 status code.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-authenticate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-authenticate.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/_authenticate"
@@ -144,11 +145,11 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        The role management APIs are generally the preferred way to manage roles, rather
-        than using file-based role management. The bulk delete roles API cannot delete
-        roles that are defined in roles files.
+        Bulk delete roles. The role management APIs are generally the preferred way to
+        manage roles, rather than using file-based role management. The bulk delete roles
+        API cannot delete roles that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-bulk-delete-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-bulk-delete-role.html>`_
 
         :param names: An array of role names to delete
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -202,11 +203,11 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        The role management APIs are generally the preferred way to manage roles, rather
-        than using file-based role management. The bulk create or update roles API cannot
-        update roles that are defined in roles files.
+        Bulk create or update roles. The role management APIs are generally the preferred
+        way to manage roles, rather than using file-based role management. The bulk create
+        or update roles API cannot update roles that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-bulk-put-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-bulk-put-role.html>`_
 
         :param roles: A dictionary of role name to RoleDescriptor objects to add or update
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -262,9 +263,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Changes the passwords of users in the native realm and built-in users.
+        Change passwords. Change the passwords of users in the native realm and built-in
+        users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-change-password.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-change-password.html>`_
 
         :param username: The user whose password you want to change. If you do not specify
             this parameter, the password is changed for the current user.
@@ -324,10 +326,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Evicts a subset of all entries from the API key cache. The cache is also automatically
-        cleared on state changes of the security index.
+        Clear the API key cache. Evict a subset of all entries from the API key cache.
+        The cache is also automatically cleared on state changes of the security index.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-api-key-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-clear-api-key-cache.html>`_
 
         :param ids: Comma-separated list of API key IDs to evict from the API key cache.
             To evict all API keys, use `*`. Does not support other wildcard patterns.
@@ -366,9 +368,11 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Evicts application privileges from the native application privileges cache.
+        Clear the privileges cache. Evict privileges from the native application privilege
+        cache. The cache is also automatically cleared for applications that have their
+        privileges updated.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-privilege-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-clear-privilege-cache.html>`_
 
         :param application: A comma-separated list of application names
         """
@@ -407,10 +411,10 @@ class SecurityClient(NamespacedClient):
         usernames: t.Optional[t.Sequence[str]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Evicts users from the user cache. Can completely clear the cache or evict specific
-        users.
+        Clear the user cache. Evict users from the user cache. You can completely clear
+        the cache or evict specific users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-clear-cache.html>`_
 
         :param realms: Comma-separated list of realms to clear
         :param usernames: Comma-separated list of usernames to clear from the cache
@@ -451,9 +455,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Evicts roles from the native role cache.
+        Clear the roles cache. Evict roles from the native role cache.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-role-cache.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-clear-role-cache.html>`_
 
         :param name: Role name
         """
@@ -493,9 +497,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Evicts tokens from the service account token caches.
+        Clear service account token caches. Evict a subset of all entries from the service
+        account token caches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-clear-service-token-caches.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-clear-service-token-caches.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -552,13 +557,13 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates an API key for access without requiring basic authentication. A successful
-        request returns a JSON structure that contains the API key, its unique id, and
-        its name. If applicable, it also returns expiration information for the API key
-        in milliseconds. NOTE: By default, API keys never expire. You can specify expiration
-        information when you create the API keys.
+        Create an API key. Create an API key for access without requiring basic authentication.
+        A successful request returns a JSON structure that contains the API key, its
+        unique id, and its name. If applicable, it also returns expiration information
+        for the API key in milliseconds. NOTE: By default, API keys never expire. You
+        can specify expiration information when you create the API keys.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-create-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-create-api-key.html>`_
 
         :param expiration: Expiration time for the API key. By default, API keys never
             expire.
@@ -612,6 +617,90 @@ class SecurityClient(NamespacedClient):
             path_parts=__path_parts,
         )
 
+    @_rewrite_parameters(
+        body_fields=("access", "name", "expiration", "metadata"),
+    )
+    def create_cross_cluster_api_key(
+        self,
+        *,
+        access: t.Optional[t.Mapping[str, t.Any]] = None,
+        name: t.Optional[str] = None,
+        error_trace: t.Optional[bool] = None,
+        expiration: t.Optional[t.Union[str, t.Literal[-1], t.Literal[0]]] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        human: t.Optional[bool] = None,
+        metadata: t.Optional[t.Mapping[str, t.Any]] = None,
+        pretty: t.Optional[bool] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        Create a cross-cluster API key. Create an API key of the `cross_cluster` type
+        for the API key based remote cluster access. A `cross_cluster` API key cannot
+        be used to authenticate through the REST interface. IMPORTANT: To authenticate
+        this request you must use a credential that is not an API key. Even if you use
+        an API key that has the required privilege, the API returns an error. Cross-cluster
+        API keys are created by the Elasticsearch API key service, which is automatically
+        enabled. NOTE: Unlike REST API keys, a cross-cluster API key does not capture
+        permissions of the authenticated user. The API key’s effective permission is
+        exactly as specified with the `access` property. A successful request returns
+        a JSON structure that contains the API key, its unique ID, and its name. If applicable,
+        it also returns expiration information for the API key in milliseconds. By default,
+        API keys never expire. You can specify expiration information when you create
+        the API keys. Cross-cluster API keys can only be updated with the update cross-cluster
+        API key API. Attempting to update them with the update REST API key API or the
+        bulk update REST API keys API will result in an error.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-create-cross-cluster-api-key.html>`_
+
+        :param access: The access to be granted to this API key. The access is composed
+            of permissions for cross-cluster search and cross-cluster replication. At
+            least one of them must be specified. NOTE: No explicit privileges should
+            be specified for either search or replication access. The creation process
+            automatically converts the access specification to a role descriptor which
+            has relevant privileges assigned accordingly.
+        :param name: Specifies the name for this API key.
+        :param expiration: Expiration time for the API key. By default, API keys never
+            expire.
+        :param metadata: Arbitrary metadata that you want to associate with the API key.
+            It supports nested data structure. Within the metadata object, keys beginning
+            with `_` are reserved for system usage.
+        """
+        if access is None and body is None:
+            raise ValueError("Empty value passed for parameter 'access'")
+        if name is None and body is None:
+            raise ValueError("Empty value passed for parameter 'name'")
+        __path_parts: t.Dict[str, str] = {}
+        __path = "/_security/cross_cluster/api_key"
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if not __body:
+            if access is not None:
+                __body["access"] = access
+            if name is not None:
+                __body["name"] = name
+            if expiration is not None:
+                __body["expiration"] = expiration
+            if metadata is not None:
+                __body["metadata"] = metadata
+        __headers = {"accept": "application/json", "content-type": "application/json"}
+        return self.perform_request(  # type: ignore[return-value]
+            "POST",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.create_cross_cluster_api_key",
+            path_parts=__path_parts,
+        )
+
     @_rewrite_parameters()
     def create_service_token(
         self,
@@ -628,9 +717,10 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a service accounts token for access without requiring basic authentication.
+        Create a service account token. Create a service accounts token for access without
+        requiring basic authentication.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-create-service-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-create-service-token.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -698,9 +788,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Removes application privileges.
+        Delete application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-privilege.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-delete-privilege.html>`_
 
         :param application: Application name
         :param name: Privilege name
@@ -754,9 +844,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Removes roles in the native realm.
+        Delete roles. Delete roles in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-delete-role.html>`_
 
         :param name: Role name
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -802,9 +892,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Removes role mappings.
+        Delete role mappings.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-delete-role-mapping.html>`_
 
         :param name: Role-mapping name
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -852,9 +942,10 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Deletes a service account token.
+        Delete service account tokens. Delete service account tokens for a service in
+        a specified namespace.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-service-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-delete-service-token.html>`_
 
         :param namespace: An identifier for the namespace
         :param service: An identifier for the service name
@@ -910,9 +1001,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Deletes users from the native realm.
+        Delete users. Delete users from the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-delete-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-delete-user.html>`_
 
         :param username: username
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -958,9 +1049,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Disables users in the native realm.
+        Disable users. Disable users in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-disable-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-disable-user.html>`_
 
         :param username: The username of the user to disable
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -1006,9 +1097,10 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Disables a user profile so it's not visible in user profile searches.
+        Disable a user profile. Disable user profiles so that they are not visible in
+        user profile searches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-disable-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-disable-user-profile.html>`_
 
         :param uid: Unique identifier for the user profile.
         :param refresh: If 'true', Elasticsearch refreshes the affected shards to make
@@ -1054,9 +1146,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Enables users in the native realm.
+        Enable users. Enable users in the native realm.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-enable-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-enable-user.html>`_
 
         :param username: The username of the user to enable
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -1102,9 +1194,10 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Enables a user profile so it's visible in user profile searches.
+        Enable a user profile. Enable user profiles to make them visible in user profile
+        searches.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-enable-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-enable-user-profile.html>`_
 
         :param uid: Unique identifier for the user profile.
         :param refresh: If 'true', Elasticsearch refreshes the affected shards to make
@@ -1146,10 +1239,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Enables a Kibana instance to configure itself for communication with a secured
-        Elasticsearch cluster.
+        Enroll Kibana. Enable a Kibana instance to configure itself for communication
+        with a secured Elasticsearch cluster.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-kibana-enrollment.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-kibana-enrollment.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/enroll/kibana"
@@ -1182,9 +1275,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Allows a new node to join an existing cluster with security features enabled.
+        Enroll a node. Enroll a new node to allow it to join an existing cluster with
+        security features enabled.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-node-enrollment.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-node-enrollment.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/enroll/node"
@@ -1225,12 +1319,13 @@ class SecurityClient(NamespacedClient):
         with_profile_uid: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for one or more API keys. NOTE: If you have only the `manage_own_api_key`
-        privilege, this API returns only the API keys that you own. If you have `read_security`,
-        `manage_api_key` or greater privileges (including `manage_security`), this API
-        returns all API keys regardless of ownership.
+        Get API key information. Retrieves information for one or more API keys. NOTE:
+        If you have only the `manage_own_api_key` privilege, this API returns only the
+        API keys that you own. If you have `read_security`, `manage_api_key` or greater
+        privileges (including `manage_security`), this API returns all API keys regardless
+        of ownership.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-api-key.html>`_
 
         :param active_only: A boolean flag that can be used to query API keys that are
             currently active. An API key is considered active if it is neither invalidated,
@@ -1302,10 +1397,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves the list of cluster privileges and index privileges that are available
-        in this version of Elasticsearch.
+        Get builtin privileges. Get the list of cluster privileges and index privileges
+        that are available in this version of Elasticsearch.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-builtin-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-builtin-privileges.html>`_
         """
         __path_parts: t.Dict[str, str] = {}
         __path = "/_security/privilege/_builtin"
@@ -1340,9 +1435,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves application privileges.
+        Get application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-privileges.html>`_
 
         :param application: Application name
         :param name: Privilege name
@@ -1387,11 +1482,11 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        The role management APIs are generally the preferred way to manage roles, rather
-        than using file-based role management. The get roles API cannot retrieve roles
-        that are defined in roles files.
+        Get roles. Get roles in the native realm. The role management APIs are generally
+        the preferred way to manage roles, rather than using file-based role management.
+        The get roles API cannot retrieve roles that are defined in roles files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-role.html>`_
 
         :param name: The name of the role. You can specify multiple roles as a comma-separated
             list. If you do not specify this parameter, the API returns information about
@@ -1434,9 +1529,12 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves role mappings.
+        Get role mappings. Role mappings define which roles are assigned to each user.
+        The role mapping APIs are generally the preferred way to manage role mappings
+        rather than using role mapping files. The get role mappings API cannot retrieve
+        role mappings that are defined in role mapping files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-role-mapping.html>`_
 
         :param name: The distinct name that identifies the role mapping. The name is
             used solely as an identifier to facilitate interaction via the API; it does
@@ -1482,9 +1580,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        This API returns a list of service accounts that match the provided path parameter(s).
+        Get service accounts. Get a list of service accounts that match the provided
+        path parameters.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-service-accounts.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-service-accounts.html>`_
 
         :param namespace: Name of the namespace. Omit this parameter to retrieve information
             about all service accounts. If you omit this parameter, you must also omit
@@ -1533,9 +1632,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information of all service credentials for a service account.
+        Get service account credentials.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-service-credentials.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-service-credentials.html>`_
 
         :param namespace: Name of the namespace.
         :param service: Name of the service name.
@@ -1601,9 +1700,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a bearer token for access without requiring basic authentication.
+        Get a token. Create a bearer token for access without requiring basic authentication.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-token.html>`_
 
         :param grant_type:
         :param kerberos_ticket:
@@ -1660,9 +1759,9 @@ class SecurityClient(NamespacedClient):
         with_profile_uid: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information about users in the native realm and built-in users.
+        Get users. Get information about users in the native realm and built-in users.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-user.html>`_
 
         :param username: An identifier for the user. You can specify multiple usernames
             as a comma-separated list. If you omit this parameter, the API retrieves
@@ -1711,9 +1810,9 @@ class SecurityClient(NamespacedClient):
         username: t.Optional[t.Union[None, str]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves security privileges for the logged in user.
+        Get user privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-user-privileges.html>`_
 
         :param application: The name of the application. Application privileges are always
             associated with exactly one application. If you do not specify this parameter,
@@ -1761,9 +1860,9 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves a user's profile using the unique profile ID.
+        Get a user profile. Get a user's profile using the unique profile ID.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-get-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-get-user-profile.html>`_
 
         :param uid: A unique identifier for the user profile.
         :param data: List of filters for the `data` field of the profile document. To
@@ -1825,23 +1924,23 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates an API key on behalf of another user. This API is similar to Create API
-        keys, however it creates the API key for a user that is different than the user
-        that runs the API. The caller must have authentication credentials (either an
-        access token, or a username and password) for the user on whose behalf the API
-        key will be created. It is not possible to use this API to create an API key
-        without that user’s credentials. The user, for whom the authentication credentials
-        is provided, can optionally "run as" (impersonate) another user. In this case,
-        the API key will be created on behalf of the impersonated user. This API is intended
-        be used by applications that need to create and manage API keys for end users,
-        but cannot guarantee that those users have permission to create API keys on their
-        own behalf. A successful grant API key API call returns a JSON structure that
-        contains the API key, its unique id, and its name. If applicable, it also returns
-        expiration information for the API key in milliseconds. By default, API keys
-        never expire. You can specify expiration information when you create the API
-        keys.
-
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-grant-api-key.html>`_
+        Grant an API key. Create an API key on behalf of another user. This API is similar
+        to the create API keys API, however it creates the API key for a user that is
+        different than the user that runs the API. The caller must have authentication
+        credentials (either an access token, or a username and password) for the user
+        on whose behalf the API key will be created. It is not possible to use this API
+        to create an API key without that user’s credentials. The user, for whom the
+        authentication credentials is provided, can optionally "run as" (impersonate)
+        another user. In this case, the API key will be created on behalf of the impersonated
+        user. This API is intended be used by applications that need to create and manage
+        API keys for end users, but cannot guarantee that those users have permission
+        to create API keys on their own behalf. A successful grant API key API call returns
+        a JSON structure that contains the API key, its unique id, and its name. If applicable,
+        it also returns expiration information for the API key in milliseconds. By default,
+        API keys never expire. You can specify expiration information when you create
+        the API keys.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-grant-api-key.html>`_
 
         :param api_key: Defines the API key.
         :param grant_type: The type of grant. Supported grant types are: `access_token`,
@@ -1959,7 +2058,6 @@ class SecurityClient(NamespacedClient):
                         "none",
                         "post_behavioral_analytics_event",
                         "read_ccr",
-                        "read_connector_secrets",
                         "read_fleet_secrets",
                         "read_ilm",
                         "read_pipeline",
@@ -1980,9 +2078,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Determines whether the specified user has a specified list of privileges.
+        Check user privileges. Determine whether the specified user has a specified list
+        of privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-has-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-has-privileges.html>`_
 
         :param user: Username
         :param application:
@@ -2039,10 +2138,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Determines whether the users associated with the specified profile IDs have all
-        the requested privileges.
+        Check user profile privileges. Determine whether the users associated with the
+        specified user profile IDs have all the requested privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-has-privileges-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-has-privileges-user-profile.html>`_
 
         :param privileges:
         :param uids: A list of profile IDs. The privileges are checked for associated
@@ -2099,15 +2198,19 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Invalidates one or more API keys. The `manage_api_key` privilege allows deleting
-        any API keys. The `manage_own_api_key` only allows deleting API keys that are
-        owned by the user. In addition, with the `manage_own_api_key` privilege, an invalidation
-        request must be issued in one of the three formats: - Set the parameter `owner=true`.
-        - Or, set both `username` and `realm_name` to match the user’s identity. - Or,
-        if the request is issued by an API key, i.e. an API key invalidates itself, specify
-        its ID in the `ids` field.
+        Invalidate API keys. This API invalidates API keys created by the create API
+        key or grant API key APIs. Invalidated API keys fail authentication, but they
+        can still be viewed using the get API key information and query API key information
+        APIs, for at least the configured retention period, until they are automatically
+        deleted. The `manage_api_key` privilege allows deleting any API keys. The `manage_own_api_key`
+        only allows deleting API keys that are owned by the user. In addition, with the
+        `manage_own_api_key` privilege, an invalidation request must be issued in one
+        of the three formats: - Set the parameter `owner=true`. - Or, set both `username`
+        and `realm_name` to match the user’s identity. - Or, if the request is issued
+        by an API key, that is to say an API key invalidates itself, specify its ID in
+        the `ids` field.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-invalidate-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-invalidate-api-key.html>`_
 
         :param id:
         :param ids: A list of API key ids. This parameter cannot be used with any of
@@ -2176,9 +2279,14 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Invalidates one or more access tokens or refresh tokens.
+        Invalidate a token. The access tokens returned by the get token API have a finite
+        period of time for which they are valid. After that time period, they can no
+        longer be used. The time period is defined by the `xpack.security.authc.token.timeout`
+        setting. The refresh tokens returned by the get token API are only valid for
+        24 hours. They can also be used exactly once. If you want to invalidate one or
+        more access or refresh tokens immediately, use this invalidate token API.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-invalidate-token.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-invalidate-token.html>`_
 
         :param realm_name:
         :param refresh_token:
@@ -2236,9 +2344,9 @@ class SecurityClient(NamespacedClient):
         ] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Adds or updates application privileges.
+        Create or update application privileges.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-privileges.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-put-privileges.html>`_
 
         :param privileges:
         :param refresh: If `true` (the default) then refresh the affected shards to make
@@ -2284,6 +2392,7 @@ class SecurityClient(NamespacedClient):
             "global_",
             "indices",
             "metadata",
+            "remote_indices",
             "run_as",
             "transient_metadata",
         ),
@@ -2349,7 +2458,6 @@ class SecurityClient(NamespacedClient):
                         "none",
                         "post_behavioral_analytics_event",
                         "read_ccr",
-                        "read_connector_secrets",
                         "read_fleet_secrets",
                         "read_ilm",
                         "read_pipeline",
@@ -2373,16 +2481,18 @@ class SecurityClient(NamespacedClient):
         refresh: t.Optional[
             t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
         ] = None,
+        remote_indices: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
         run_as: t.Optional[t.Sequence[str]] = None,
         transient_metadata: t.Optional[t.Mapping[str, t.Any]] = None,
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        The role management APIs are generally the preferred way to manage roles, rather
-        than using file-based role management. The create or update roles API cannot
-        update roles that are defined in roles files.
+        Create or update roles. The role management APIs are generally the preferred
+        way to manage roles in the native realm, rather than using file-based role management.
+        The create or update roles API cannot update roles that are defined in roles
+        files. File-based role management is not available in Elastic Serverless.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-put-role.html>`_
 
         :param name: The name of the role.
         :param applications: A list of application privilege entries.
@@ -2398,6 +2508,7 @@ class SecurityClient(NamespacedClient):
         :param refresh: If `true` (the default) then refresh the affected shards to make
             this operation visible to search, if `wait_for` then wait for a refresh to
             make this operation visible to search, if `false` then do nothing with refreshes.
+        :param remote_indices: A list of remote indices permissions entries.
         :param run_as: A list of users that the owners of this role can impersonate.
             *Note*: in Serverless, the run-as feature is disabled. For API compatibility,
             you can still specify an empty `run_as` field, but a non-empty list will
@@ -2438,6 +2549,8 @@ class SecurityClient(NamespacedClient):
                 __body["indices"] = indices
             if metadata is not None:
                 __body["metadata"] = metadata
+            if remote_indices is not None:
+                __body["remote_indices"] = remote_indices
             if run_as is not None:
                 __body["run_as"] = run_as
             if transient_metadata is not None:
@@ -2483,9 +2596,16 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates and updates role mappings.
+        Create or update role mappings. Role mappings define which roles are assigned
+        to each user. Each mapping has rules that identify users and a list of roles
+        that are granted to those users. The role mapping APIs are generally the preferred
+        way to manage role mappings rather than using role mapping files. The create
+        or update role mappings API cannot update role mappings that are defined in role
+        mapping files. This API does not create roles. Rather, it maps users to existing
+        roles. Roles can be created by using the create or update roles API or roles
+        files.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-role-mapping.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-put-role-mapping.html>`_
 
         :param name: Role-mapping name
         :param enabled:
@@ -2570,10 +2690,11 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Adds and updates users in the native realm. These users are commonly referred
-        to as native users.
+        Create or update users. A password is required for adding a new user but is optional
+        when updating an existing user. To change a user’s password without updating
+        any other fields, use the change password API.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-put-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-put-user.html>`_
 
         :param username: The username of the User
         :param email:
@@ -2668,10 +2789,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for API keys in a paginated manner. You can optionally
-        filter the results with a query.
+        Find API keys with a query. Get a paginated list of API keys and their information.
+        You can optionally filter the results with a query.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-api-key.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-query-api-key.html>`_
 
         :param aggregations: Any aggregations to run over the corpus of returned API
             keys. Aggregations and queries work together. Aggregations are computed only
@@ -2795,10 +2916,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves roles in a paginated manner. You can optionally filter the results
-        with a query.
+        Find roles with a query. Get roles in a paginated manner. You can optionally
+        filter the results with a query.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-role.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-query-role.html>`_
 
         :param from_: Starting document offset. By default, you cannot page through more
             than 10,000 hits using the from and size parameters. To page through more
@@ -2881,10 +3002,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Retrieves information for Users in a paginated manner. You can optionally filter
-        the results with a query.
+        Find users with a query. Get information for users in a paginated manner. You
+        can optionally filter the results with a query.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-query-user.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-query-user.html>`_
 
         :param from_: Starting document offset. By default, you cannot page through more
             than 10,000 hits using the from and size parameters. To page through more
@@ -2960,9 +3081,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Submits a SAML Response message to Elasticsearch for consumption.
+        Authenticate SAML. Submits a SAML response message to Elasticsearch for consumption.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-authenticate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-saml-authenticate.html>`_
 
         :param content: The SAML response as it was sent by the user’s browser, usually
             a Base64 encoded XML document.
@@ -3022,9 +3143,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Verifies the logout response sent from the SAML IdP.
+        Logout of SAML completely. Verifies the logout response sent from the SAML IdP.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-complete-logout.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-saml-complete-logout.html>`_
 
         :param ids: A json array with all the valid SAML Request Ids that the caller
             of the API has for the current user.
@@ -3088,9 +3209,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Submits a SAML LogoutRequest message to Elasticsearch for consumption.
+        Invalidate SAML. Submits a SAML LogoutRequest message to Elasticsearch for consumption.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-invalidate.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-saml-invalidate.html>`_
 
         :param query_string: The query part of the URL that the user was redirected to
             by the SAML IdP to initiate the Single Logout. This query should include
@@ -3155,9 +3276,9 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Submits a request to invalidate an access token and refresh token.
+        Logout of SAML. Submits a request to invalidate an access token and refresh token.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-logout.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-saml-logout.html>`_
 
         :param token: The access token that was returned as a response to calling the
             SAML authenticate API. Alternatively, the most recent token that was received
@@ -3212,10 +3333,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Creates a SAML authentication request (<AuthnRequest>) as a URL string, based
-        on the configuration of the respective SAML realm in Elasticsearch.
+        Prepare SAML authentication. Creates a SAML authentication request (`<AuthnRequest>`)
+        as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-prepare-authentication.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-saml-prepare-authentication.html>`_
 
         :param acs: The Assertion Consumer Service URL that matches the one of the SAML
             realms in Elasticsearch. The realm is used to generate the authentication
@@ -3268,9 +3389,10 @@ class SecurityClient(NamespacedClient):
         pretty: t.Optional[bool] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Generate SAML metadata for a SAML 2.0 Service Provider.
+        Create SAML service provider metadata. Generate SAML metadata for a SAML 2.0
+        Service Provider.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-saml-sp-metadata.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-saml-sp-metadata.html>`_
 
         :param realm_name: The name of the SAML realm in Elasticsearch.
         """
@@ -3314,9 +3436,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Get suggestions for user profiles that match specified search criteria.
+        Suggest a user profile. Get suggestions for user profiles that match specified
+        search criteria.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-suggest-user-profile.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-suggest-user-profile.html>`_
 
         :param data: List of filters for the `data` field of the profile document. To
             return all content use `data=*`. To return a subset of content use `data=<key>`
@@ -3383,24 +3506,24 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Updates attributes of an existing API key. Users can only update API keys that
-        they created or that were granted to them. Use this API to update API keys created
-        by the create API Key or grant API Key APIs. If you need to apply the same update
-        to many API keys, you can use bulk update API Keys to reduce overhead. It’s not
-        possible to update expired API keys, or API keys that have been invalidated by
-        invalidate API Key. This API supports updates to an API key’s access scope and
-        metadata. The access scope of an API key is derived from the `role_descriptors`
-        you specify in the request, and a snapshot of the owner user’s permissions at
-        the time of the request. The snapshot of the owner’s permissions is updated automatically
-        on every call. If you don’t specify `role_descriptors` in the request, a call
-        to this API might still change the API key’s access scope. This change can occur
-        if the owner user’s permissions have changed since the API key was created or
-        last modified. To update another user’s API key, use the `run_as` feature to
-        submit a request on behalf of another user. IMPORTANT: It’s not possible to use
-        an API key as the authentication credential for this API. To update an API key,
-        the owner user’s credentials are required.
-
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-update-api-key.html>`_
+        Update an API key. Updates attributes of an existing API key. Users can only
+        update API keys that they created or that were granted to them. Use this API
+        to update API keys created by the create API Key or grant API Key APIs. If you
+        need to apply the same update to many API keys, you can use bulk update API Keys
+        to reduce overhead. It’s not possible to update expired API keys, or API keys
+        that have been invalidated by invalidate API Key. This API supports updates to
+        an API key’s access scope and metadata. The access scope of an API key is derived
+        from the `role_descriptors` you specify in the request, and a snapshot of the
+        owner user’s permissions at the time of the request. The snapshot of the owner’s
+        permissions is updated automatically on every call. If you don’t specify `role_descriptors`
+        in the request, a call to this API might still change the API key’s access scope.
+        This change can occur if the owner user’s permissions have changed since the
+        API key was created or last modified. To update another user’s API key, use the
+        `run_as` feature to submit a request on behalf of another user. IMPORTANT: It’s
+        not possible to use an API key as the authentication credential for this API.
+        To update an API key, the owner user’s credentials are required.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-update-api-key.html>`_
 
         :param id: The ID of the API key to update.
         :param expiration: Expiration time for the API key.
@@ -3452,6 +3575,74 @@ class SecurityClient(NamespacedClient):
             path_parts=__path_parts,
         )
 
+    @_rewrite_parameters(
+        body_fields=("access", "expiration", "metadata"),
+    )
+    def update_cross_cluster_api_key(
+        self,
+        *,
+        id: str,
+        access: t.Optional[t.Mapping[str, t.Any]] = None,
+        error_trace: t.Optional[bool] = None,
+        expiration: t.Optional[t.Union[str, t.Literal[-1], t.Literal[0]]] = None,
+        filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        human: t.Optional[bool] = None,
+        metadata: t.Optional[t.Mapping[str, t.Any]] = None,
+        pretty: t.Optional[bool] = None,
+        body: t.Optional[t.Dict[str, t.Any]] = None,
+    ) -> ObjectApiResponse[t.Any]:
+        """
+        Update a cross-cluster API key. Update the attributes of an existing cross-cluster
+        API key, which is used for API key based remote cluster access.
+
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-update-cross-cluster-api-key.html>`_
+
+        :param id: The ID of the cross-cluster API key to update.
+        :param access: The access to be granted to this API key. The access is composed
+            of permissions for cross cluster search and cross cluster replication. At
+            least one of them must be specified. When specified, the new access assignment
+            fully replaces the previously assigned access.
+        :param expiration: Expiration time for the API key. By default, API keys never
+            expire. This property can be omitted to leave the value unchanged.
+        :param metadata: Arbitrary metadata that you want to associate with the API key.
+            It supports nested data structure. Within the metadata object, keys beginning
+            with `_` are reserved for system usage. When specified, this information
+            fully replaces metadata previously associated with the API key.
+        """
+        if id in SKIP_IN_PATH:
+            raise ValueError("Empty value passed for parameter 'id'")
+        if access is None and body is None:
+            raise ValueError("Empty value passed for parameter 'access'")
+        __path_parts: t.Dict[str, str] = {"id": _quote(id)}
+        __path = f'/_security/cross_cluster/api_key/{__path_parts["id"]}'
+        __query: t.Dict[str, t.Any] = {}
+        __body: t.Dict[str, t.Any] = body if body is not None else {}
+        if error_trace is not None:
+            __query["error_trace"] = error_trace
+        if filter_path is not None:
+            __query["filter_path"] = filter_path
+        if human is not None:
+            __query["human"] = human
+        if pretty is not None:
+            __query["pretty"] = pretty
+        if not __body:
+            if access is not None:
+                __body["access"] = access
+            if expiration is not None:
+                __body["expiration"] = expiration
+            if metadata is not None:
+                __body["metadata"] = metadata
+        __headers = {"accept": "application/json", "content-type": "application/json"}
+        return self.perform_request(  # type: ignore[return-value]
+            "PUT",
+            __path,
+            params=__query,
+            headers=__headers,
+            body=__body,
+            endpoint_id="security.update_cross_cluster_api_key",
+            path_parts=__path_parts,
+        )
+
     @_rewrite_parameters(
         body_fields=("data", "labels"),
     )
@@ -3473,10 +3664,10 @@ class SecurityClient(NamespacedClient):
         body: t.Optional[t.Dict[str, t.Any]] = None,
     ) -> ObjectApiResponse[t.Any]:
         """
-        Updates specific data for the user profile that's associated with the specified
-        unique ID.
+        Update user profile data. Update specific data for the user profile that is associated
+        with a unique ID.
 
-        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.15/security-api-update-user-profile-data.html>`_
+        `<https://www.elastic.co/guide/en/elasticsearch/reference/8.16/security-api-update-user-profile-data.html>`_
 
         :param uid: A unique identifier for the user profile.
         :param data: Non-searchable data that you want to associate with the user profile.