I recently added an ACL Provider to the curator framework instance I pass to the ZkDelegationTokenSecretManager, and notice some strangeness around ACLs.
I set: "zk-dt-secret-manager.znodeWorkingPath" to:
and notice that
do not have ACLs
but all the znodes under /solr/zkdtsm/ZKDTSMRoot have ACLs. From adding some logging, it looks like the ACLProvider is never called for /solr/zkdtsm and /solr/zkdtsm/ZKDTSMRoot. I don't know if that's a Curator or ZkDelegationTokenSecretManager issue.