Describe the bug
Issue: unable to delete access policy using Azure CLI. Particularly Azure CLI is not deleting the access policies that were created through Azure portal.
The Azure CLI redisenterprise extension (v1.4.0) applies a client-side regex validation (^[A-Za-z0-9]{1,60}$) on the
--access-policy-assignment-name parameter that rejects GUID-format names containing hyphens. Access policy
assignments created through the Azure portal use GUID names (e.g., 76e670c5-eaf4-4674-8a48-2def9d37929c), making
them impossible to delete via CLI.
Steps To Reproduce
- Create an AMR (Azure Managed Redis) instance
- Create an access policy assignment via the Azure portal (generates a GUID name)
- List assignments: az redisenterprise database access-policy-assignment list
--resource-group --cluster-name --database-name default
- Attempt to delete: az redisenterprise database access-policy-assignment delete
--resource-group --cluster-name --database-name default
--access-policy-assignment-name "76e670c5-eaf4-4674-8a48-2def9d37929c" --yes
Expected Behavior
The DELETE request is sent to ARM and the assignment is removed.
Actual Behavior
ERROR: InvalidArgumentValue: -n: Invalid format: '76e670c5-eaf4-4674-8a48-2def9d37929c'
does not fully match regular expression pattern '^[A-Za-z0-9]{1,60}$'
The request never reaches ARM — it is blocked by client-side input validation.
Root Cause (did not validate from CoPilot but seems right)
The validation happens in the CLI's argument formatter (_arg_fmt.py) before any HTTP request is made to ARM. The
request never reaches the server — it's a client-side regex that rejects hyphens.
The regex in the extension's argument formatter (
azext_redisenterprise/aaz/latest/redisenterprise/database/access_policy_assignment/_delete.py) does not permit
hyphens. The pattern should be updated to accept GUID-format names, e.g.:
^[A-Za-z0-9-]{1,60}$
or a full UUID pattern:
^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$
Workaround
Use PowerShell:
Remove-AzRedisEnterpriseCacheAccessPolicyAssignment -ResourceGroupName <rg> -ClusterName <cluster> -DatabaseName default
-AccessPolicyAssignmentName "76e670c5-eaf4-4674-8a48-2def9d37929c"
Environment
- CLI version: Azure CLI with redisenterprise extension v1.4.0
- PowerShell module: Az.RedisEnterpriseCache v1.6.1 (works correctly)
- ARM API version: 2025-07-01
- OS: Windows
Related command
see description
Errors
File: azure/cli/core/aaz/_arg_fmt.py, line 56
AAZInvalidArgValueError: InvalidArgumentValue: -n: Invalid format:
'76e670c5-eaf4-4674-8a48-2def9d37929c' does not fully match regular
expression pattern '^[A-Za-z0-9]{1,60}$'
. Further details on the fix are in bug report but gist is regex for cli needs updating to accept hyphen
Issue script & Debug output
see description
Expected behavior
See description
Environment Summary
Environment
CLI version: Azure CLI with redisenterprise extension v1.4.0
PowerShell module: Az.RedisEnterpriseCache v1.6.1 (works correctly)
ARM API version: 2025-07-01
OS: Windows
Additional context
none
Describe the bug
Issue: unable to delete access policy using Azure CLI. Particularly Azure CLI is not deleting the access policies that were created through Azure portal.
The Azure CLI redisenterprise extension (v1.4.0) applies a client-side regex validation (^[A-Za-z0-9]{1,60}$) on the
--access-policy-assignment-name parameter that rejects GUID-format names containing hyphens. Access policy
assignments created through the Azure portal use GUID names (e.g., 76e670c5-eaf4-4674-8a48-2def9d37929c), making
them impossible to delete via CLI.
Steps To Reproduce
--resource-group --cluster-name --database-name default
--resource-group --cluster-name --database-name default
--access-policy-assignment-name "76e670c5-eaf4-4674-8a48-2def9d37929c" --yes
Expected Behavior
The DELETE request is sent to ARM and the assignment is removed.
Actual Behavior
ERROR: InvalidArgumentValue: -n: Invalid format: '76e670c5-eaf4-4674-8a48-2def9d37929c'
does not fully match regular expression pattern '^[A-Za-z0-9]{1,60}$'
The request never reaches ARM — it is blocked by client-side input validation.
Root Cause (did not validate from CoPilot but seems right)
The validation happens in the CLI's argument formatter (_arg_fmt.py) before any HTTP request is made to ARM. The
request never reaches the server — it's a client-side regex that rejects hyphens.
The regex in the extension's argument formatter (
azext_redisenterprise/aaz/latest/redisenterprise/database/access_policy_assignment/_delete.py) does not permit
hyphens. The pattern should be updated to accept GUID-format names, e.g.:
^[A-Za-z0-9-]{1,60}$
or a full UUID pattern:
^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$
Workaround
Use PowerShell:
Remove-AzRedisEnterpriseCacheAccessPolicyAssignment
-ResourceGroupName <rg> -ClusterName <cluster> -DatabaseName default-AccessPolicyAssignmentName "76e670c5-eaf4-4674-8a48-2def9d37929c"
Environment
Related command
see description
Errors
File: azure/cli/core/aaz/_arg_fmt.py, line 56
AAZInvalidArgValueError: InvalidArgumentValue: -n: Invalid format:
'76e670c5-eaf4-4674-8a48-2def9d37929c' does not fully match regular
expression pattern '^[A-Za-z0-9]{1,60}$'
. Further details on the fix are in bug report but gist is regex for cli needs updating to accept hyphen
Issue script & Debug output
see description
Expected behavior
See description
Environment Summary
Environment
CLI version: Azure CLI with redisenterprise extension v1.4.0
PowerShell module: Az.RedisEnterpriseCache v1.6.1 (works correctly)
ARM API version: 2025-07-01
OS: Windows
Additional context
none