Zookeeper ACL用户权限覆盖

Question

尝试使用“摘要”方案设置Zookeeper ACL时，第二个用户的权限也将覆盖第一个用户。

我们尝试创建用户并分别为admin和只读用户设置权限，并且也可以在一个步骤中一起创建。在这两种情况下，第二个用户的权限都将覆盖第一个用户。

分别为两个用户设置的setAcl：

[zk: localhost:2181(CONNECTED) 0]  addauth digest user1:password1
[zk: localhost:2181(CONNECTED) 1] setAcl /newznode
auth:user1:password1:crdwa
cZxid = 0xe
ctime = Thu Nov 07 13:29:43 IST 2019
mZxid = 0xe
mtime = Thu Nov 07 13:29:43 IST 2019
pZxid = 0xe
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
[zk: localhost:2181(CONNECTED) 2] getAcl /newznode
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: cdrwa
[zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
[zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r
cZxid = 0xe
ctime = Thu Nov 07 13:29:43 IST 2019
mZxid = 0xe
mtime = Thu Nov 07 13:29:43 IST 2019
pZxid = 0xe
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
zk: localhost:2181(CONNECTED) 5] getAcl /newznode
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: r
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: r

两个用户的setAcl：

'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 2]  addauth digest user1:password1
[zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
[zk: localhost:2181(CONNECTED) 4] setAcl /newznode
auth:user2:password2:r,auth:user1:password1:cdrwa
Node does not exist: /newznode
[zk: localhost:2181(CONNECTED) 5] setAcl /zk_test
auth:user2:password2:r,auth:user1:password1:cdrwa  
cZxid = 0x2
ctime = Wed Nov 13 20:14:08 IST 2019
mZxid = 0x2
mtime = Wed Nov 13 20:14:08 IST 2019
pZxid = 0x2
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 7
numChildren = 0
[zk: localhost:2181(CONNECTED) 6] getAcl                                                            
[zk: localhost:2181(CONNECTED) 7] getAcl /zk_test
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: r
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: r
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: cdrwa
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: cdrwa
[zk: localhost:2181(CONNECTED) 8]

尝试的Zookeeper版本是3.4.9和3.5.5。通过Zookeeper创建了一张票，其所有步骤均如下所示

http://zookeeper-user.578899.n2.nabble.com/zk-digest-ACL-permissions-gets-overridden-td7584490.html

https://issues.apache.org/jira/browse/ZOOKEEPER-3617

您能否检查并确认这是一个错误还是我们遗漏了任何东西？