Accessing blob storage using azure CLI with managed identity

asked 2020-09-08T11:25:14.593+00:00
Jan 101 Reputation points

I wanted to access blob storage with a managed system identity using the azure cli. Steps:

  • Create Ubuntu VM and assign managed system identity + roles
  • Log into VM
  • Install azure cli
  • Run: az login --identity (successful)
  • Run: az storage blob list -c <my_container_name> --account-name <my_account_name> --auth-mode login

Resulting error and stack trace are mentioned below. Is this a bug or am I doing something wrong?

The command failed with an unexpected error. Here is the traceback:

get_token() takes 1 positional argument but 2 were given
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/knack/", line 215, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/", line 654, in execute
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/", line 718, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/", line 709, in _run_job
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/", line 334, in new_handler
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/", line 688, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/", line 325, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/", line 782, in default_command_handler
return op(**command_args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/operations/", line 67, in list_blobs
result = list_generator(pages=pages, num_results=num_results)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/", line 67, in list_generator
page = list(next(pages))
File "/opt/az/lib/python3.6/site-packages/azure/core/", line 74, in next
self._response = self._get_next(self.continuation_token)
File "/opt/az/lib/python3.6/site-packages/azure/multiapi/storagev2/blob/v2019_12_12/", line 76, in _get_next_cb
File "/opt/az/lib/python3.6/site-packages/azure/multiapi/storagev2/blob/v2019_12_12/_generated/operations/", line 1211, in list_blob_flat_segment
pipeline_response =, stream=False, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/", line 211, in run
return first_node.send(pipeline_request) # type: ignore
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/", line 71, in send
response =
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/", line 71, in send
response =
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/", line 71, in send
response =
[Previous line repeated 3 more times]
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/", line 69, in send
_await_result(self._policy.on_request, request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/", line 29, in await_result
result = func(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/policies/", line 93, in on_request
self._token = self._credential.get_token(*self._scopes)
TypeError: get_token() takes 1 positional argument but 2 were given

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
1,387 questions
No comments
{count} votes

Accepted answer
  1. answered 2020-09-15T08:12:21.48+00:00
    Jan 101 Reputation points

    It's actually a bug in cli version 2.11.1. It works in version 2.10.1. This was suggested by a similar issue with keyvault: 14941

1 additional answer

Sort by: Most helpful
  1. answered 2020-09-08T21:00:17.69+00:00
    deherman-MSFT 23,446 Reputation points Microsoft Employee

    You need to set $spID after logging in. You can do this by using Azure Resource Manager and get the VM's service principal ID. Afterwards please try running your command minus the "--auth-mode login".

    Alternatively you can access the storage account directly by getting an access token.

    Hopefully this helps, if you are still having issues please let us know.


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.