Remove too-strict validation of role names

When parsing the privileges, we now no longer throw an exception if
there haven't been any names parsed out. This is not an issue though,
because we validate that the `names` array is not empty when we parse
it, and that it's not `null` before returning from the function.

Adds a rest test that sends things out of order to test this still
works.

Resolves elastic/elasticsearch#2606

Original commit: elastic/x-pack-elasticsearch@62a38bea8f

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/RoleDescriptor.java

@@ -235,10 +235,6 @@ public class RoleDescriptor implements ToXContent {
                 }
             } else if (ParseFieldMatcher.STRICT.match(currentFieldName, Fields.PRIVILEGES)) {
                 privileges = readStringArray(roleName, parser, true);
-                if (names.length == 0) {
-                    throw new ElasticsearchParseException("failed to parse indices privileges for role [{}]. [{}] cannot be an empty " +
-                            "array", roleName, currentFieldName);
-                }
             } else if (ParseFieldMatcher.STRICT.match(currentFieldName, Fields.FIELDS)) {
                 fields = readStringArray(roleName, parser, true);
             } else {

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml

@@ -22,6 +22,21 @@
             }
   - match: { role: { created: true } }
 
+  - do:
+      xpack.security.put_role:
+        name: "backwards_role"
+        body:  >
+            {
+              "cluster": ["all"],
+              "indices": [
+                {
+                  "privileges": ["all"],
+                  "names": "*"
+                }
+              ]
+            }
+  - match: { role: { created: true } }
+
   - do:
       xpack.security.put_user:
         username: "joe"