config: apply lua_call privileges before bootstrap

This patch is a bugfix of the `lua_call` runtime access implemented in
commit 38c6b0d ("config: grant runtime access to lua_call from
config").

One of the main reason for runtime privileges is to allow granting guest
user `lua_call` access before the initial bootstrap. During the
implementation of the #10857 in terms of the new behavior of the
supervised failover with the supervised bootstrap strategy it turned out
runtime privileges haven't been added as a first-phase applier making it
impossible to executing some of the lua functions before the initial
bootstrap. This patch fixes it by adding a first-phase applier.

For instance, you might allow guest connection to fetch information on
instances before the bootstrap by configuring `credentials` section like
this.

```yaml
credentials:
  guest:
    privileges:
    - permissions: [ execute ]
      lua_call: [box.info]
```

NO_DOC=see tarantool/doc#4552, added a comment on it

Author: georgiy-belyanin

changelogs/unreleased/lua-call-runtime-priv-before-bootstrap.md

@@ -0,0 +1,5 @@
+## bugfix/config
+
+* Now runtime `lua_call` privileges are also applied before the initial
+  bootstrap, making it possible to permit some functions to be executed by the
+  guest user before setting up the cluster.

src/box/lua/config/init.lua

@@ -297,14 +297,15 @@ function methods._store(self, iconfig, cconfig, source_info)
     self._configdata = configdata.new(iconfig, cconfig, self._instance_name)
 end
 
--- Invoke lua, compat, mkdir, console and box_cfg appliers at the
--- first phase. Invoke all the other ones at the second phase.
+-- Invoke the appliers depending on the phase. The first phase
+-- might be long due to the long recovery process.
 function methods._apply_on_startup(self, opts)
     local first_phase_appliers = {
         lua = true,
         compat = true,
         mkdir = true,
         console = true,
+        runtime_priv = true,
         box_cfg = true,
     }
 
@@ -381,10 +382,10 @@ function methods._startup(self, instance_name, config_file)
 
     -- Startup phase 1/2.
     --
-    -- Start compat, mkdir, console and box_cfg appliers. The
-    -- latter may force the read-only mode on this phase.
+    -- Start first-phase appliers. The box_cfg applier may force
+    -- the read-only mode on this phase.
     --
-    -- This phase may take a long time.
+    -- This phase may take a long time due to recovery.
     self:_store(self:_collect({sync_source = 'all'}))
     local needs_retry = self:_apply_on_startup({phase = 1})
 

test/config-luatest/runtime_priv_test.lua

@@ -1,4 +1,5 @@
 local t = require('luatest')
+local net_box = require('net.box')
 local cbuilder = require('luatest.cbuilder')
 local cluster = require('test.config-luatest.cluster')
 
@@ -201,3 +202,46 @@ g.test_no_user_privileges_lua_call_ro_mode = function()
          end)
     end)
 end
+
+g.test_direct_lua_call_before_initial_bootstrap = function()
+    local config = cbuilder:new()
+        :set_global_option('replication.bootstrap_strategy', 'supervised')
+        :set_global_option('replication.failover', 'off')
+        :set_global_option('credentials.users.guest', {
+            privileges = {
+                lua_call_priv({'box.info', 'box.ctl.make_bootstrap_leader'}),
+            },
+        })
+        :add_instance('i-001', {database = {mode = 'rw'}})
+        :add_instance('i-002', {database = {mode = 'ro'}})
+        :config()
+
+    -- Don't wait for the startup since the cluster stays in
+    -- the initial `box.cfg{}` and waits for the leader appoint.
+    local cluster = cluster.new(g, config)
+    cluster:start({wait_until_ready = false})
+    local server = cluster['i-001']
+
+    -- Guest is the only user it's possible to connect as.
+    local conn
+    t.helpers.retrying({timeout = 60}, function()
+        -- The schema can't be fetched before the bootstrap.
+        conn = net_box.connect(server.net_box_uri, {fetch_schema = false})
+        t.assert_equals(conn.state, 'active')
+    end)
+
+    -- The user `guest` can't use the `loadstring()` function
+    -- because he has no such permissions.
+    local exp_err = access_error_msg('guest', 'loadstring')
+    t.assert_error_msg_equals(exp_err, conn.call, conn, 'loadstring')
+
+    -- Verify the guest might execute the configured functions
+    -- and may bootstrap cluster by calling the
+    -- `box.ctl.make_bootstrap_leader()` function.
+    t.assert_equals(conn:call('box.info').status, 'loading')
+
+    conn:call('box.ctl.make_bootstrap_leader')
+    t.helpers.retrying({timeout = 10}, function()
+        t.assert_equals(conn:call('box.info').status, 'running')
+    end)
+end