On clusters where NN HA is enabled zookeper ACLs need to be handled consistently when enabling security.
The current behavior is as follows:
- if HA is enabled before the cluster is made secure, proper ACLs are only set on the leaf znodes, while there's no ACLs set on the path (eg.:/hadoop-ha/mycluster/ActiveStandbyElectorLock)
- if HA is enabled after the cluster is made secure ACLs are set on the root znode as well