This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 9%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I wanted to access blob storage with a managed system identity using the azure cli. Steps:
Resulting error and stack trace are mentioned below. Is this a bug or am I doing something wrong?
The command failed with an unexpected error. Here is the traceback:
get_token() takes 1 positional argument but 2 were given
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 215, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 654, in execute
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 718, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 709, in _run_job
cmd_copy.exception_handler(ex)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/init.py", line 334, in new_handler
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 688, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 325, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/init.py", line 782, in default_command_handler
return op(**command_args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/operations/blob.py", line 67, in list_blobs
result = list_generator(pages=pages, num_results=num_results)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/track2_util.py", line 67, in list_generator
page = list(next(pages))
File "/opt/az/lib/python3.6/site-packages/azure/core/paging.py", line 74, in next
self._response = self._get_next(self.continuation_token)
File "/opt/az/lib/python3.6/site-packages/azure/multiapi/storagev2/blob/v2019_12_12/_list_blobs_helper.py", line 76, in _get_next_cb
use_location=self.location_mode)
File "/opt/az/lib/python3.6/site-packages/azure/multiapi/storagev2/blob/v2019_12_12/_generated/operations/_container_operations.py", line 1211, in list_blob_flat_segment
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 211, in run
return first_node.send(pipeline_request) # type: ignore
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
[Previous line repeated 3 more times]
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 69, in send
_await_result(self._policy.on_request, request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_tools.py", line 29, in await_result
result = func(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/policies/_authentication.py", line 93, in on_request
self._token = self._credential.get_token(*self._scopes)
TypeError: get_token() takes 1 positional argument but 2 were given
It's actually a bug in cli version 2.11.1. It works in version 2.10.1. This was suggested by a similar issue with keyvault: 14941
@Jan Glad you were able to find the solution to your issue. If you could also please accept your answer this would certainly benefit other community members.
@Jan
You need to set $spID after logging in. You can do this by using Azure Resource Manager and get the VM's service principal ID. Afterwards please try running your command minus the "--auth-mode login".
Alternatively you can access the storage account directly by getting an access token.
Hopefully this helps, if you are still having issues please let us know.
-----------------
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
@deherman-MSFT
Some additional context: the managed identity had originally only the "storage blob data reader" role assigned.
I had to assign 2 additional roles to make the procedure as outlined in the references above, work:
2 Remarks:
Or am I missing something?