I wanted to access blob storage with a managed system identity using the azure cli. Steps:

Resulting error and stack trace are mentioned below. Is this a bug or am I doing something wrong?

The command failed with an unexpected error. Here is the traceback:

get_token() takes 1 positional argument but 2 were given
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 215, in invoke
cmd_result = self.invocation.execute(args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/ init .py", line 654, in execute
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/ init .py", line 718, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/ init .py", line 709, in _run_job
cmd_copy.exception_handler(ex)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/ init .py", line 334, in new_handler
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/ init .py", line 688, in _run_job
result = cmd_copy(params)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/ init .py", line 325, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/ init .py", line 782, in default_command_handler
return op(**command_args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/operations/blob.py", line 67, in list_blobs
result = list_generator(pages=pages, num_results=num_results)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/storage/track2_util.py", line 67, in list_generator
page = list(next(pages))
File "/opt/az/lib/python3.6/site-packages/azure/core/paging.py", line 74, in next
self._response = self._get_next(self.continuation_token)
File "/opt/az/lib/python3.6/site-packages/azure/multiapi/storagev2/blob/v2019_12_12/_list_blobs_helper.py", line 76, in _get_next_cb
use_location=self.location_mode)
File "/opt/az/lib/python3.6/site-packages/azure/multiapi/storagev2/blob/v2019_12_12/_generated/operations/_container_operations.py", line 1211, in list_blob_flat_segment
pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 211, in run
return first_node.send(pipeline_request) # type: ignore
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 71, in send
response = self.next.send(request)
[Previous line repeated 3 more times]
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_base.py", line 69, in send
_await_result(self._policy.on_request, request)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/_tools.py", line 29, in await_result
result = func(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/core/pipeline/policies/_authentication.py", line 93, in on_request
self._token = self._credential.get_token(*self._scopes)
TypeError: get_token() takes 1 positional argument but 2 were given

Alternatively you can access the storage account directly by getting an access token.

Hopefully this helps, if you are still having issues please let us know.

-----------------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

@deherman-MSFT
Some additional context: the managed identity had originally only the "storage blob data reader" role assigned.

I had to assign 2 additional roles to make the procedure as outlined in the references above, work:

2 Remarks:

Or am I missing something?