Hi all!
I hope someone can help me because I can’t get my head around this 
So we have Nomad Cluster with ACL enabled. Currently, we use terraform to deploy our apps to Nomad, but we are searching for a better solution for the dev team to make local deployments and the application support team to run the same code for releases.
So I’m trying Waypoint. I created a waypoint.hcl that can build the application and store it in our registry. I also have a job.hcl file for this app. So my idea is to use stanza use "nomad-jobspec", because we have hcl files for all our apps, so there is no need to rewrite all deployments.
But after I run waypoint run on deploy, I get Unexpected response code: 403 (Permission denied). I have NOMAD_TOKEN env var is set in the runner and in project settings on the Waypoint project.
My waypoint.hcl
project = "echo-test-poject"
variable server_address {
type = string
default = ""
description = "address of docker registry"
}
variable contour {
type = string
description = "what contour use to deploy"
}
variable namespace {
type = string
description = "namespace for job"
}
variable datacenters {
type = string
description = "in what datacenter deploy will go"
}
variable region {
type = string
description = "region for job"
}
variable "sleep" {
default = 30
type = number
description = "time to sleep in seconds"
}
variable "print" {
default = "LOUD"
type = string
description = "time to sleep in seconds"
}
runner {
enabled = true
data_source "git" {
url = ""
username = ""
password = ""
}
}
app "echo-app" {
labels = {
"service" = "example-shell",
"env" = "dev"
}
build {
use "docker" {
disable_entrypoint = false
buildkit = false
dockerfile = "Dockerfile_echo"
}
registry {
use "docker" {
encoded_auth = filebase64("${path.app}/dockerAuth.json")
image = "${var.server_address}/devops/documentation/waypoint/echo-app"
tag = gitrefpretty()
local = false
}
}
}
deploy {
use "nomad-jobspec" {
jobspec = "${path.app}/echo.hcl"
}
}
}
My echo.hcl
variable server_address {
type = string
default = ""
description = "address of docker registry"
}
variable contour {
type = string
description = "what contour use to deploy"
}
variable namespace {
type = string
description = "namespace for job"
}
variable datacenters {
type = string
description = "in what datacenter deploy will go"
}
variable region {
type = string
description = "region for job"
}
variable username {
type = string
default = ""
description = "username of deploy token"
}
variable password {
type = string
default = ""
description = "deploy token"
}
job "echo-app" {
namespace = "${var.namespace}"
region = "${var.region}"
datacenters = ["${var.datacenters}"]
type = "service"
update {
max_parallel = 1
min_healthy_time = "1m"
health_check = "task_states"
auto_revert = false
}
group "echo-test-apps" {
}
reschedule {
attempts = 5
interval = "1h"
delay = "50s"
delay_function = "exponential"
max_delay = "120s"
unlimited = false
}
constraint {
attribute = "class"
value = "${var.contour}"
}
restart {
attempts = 5
delay = "15s"
interval = "10m"
mode = "fail"
}
count = 1
task "app" {
driver = "docker"
resources {
cpu = 50
memory = 50
}
logs {
max_files = 1
max_file_size = 1
}
config {
auth {
username = "${var.username}"
password = "${var.password}"
server_address = "${var.server_address}"
}
image = "${artifact.image}:${artifact.tag}"
}
}
}
Workflow of what I’m doing
- Make local changes in the code
- Push them to repo
- Run
waypoint up -local=false -var "contour=dev" -var "namespace=dev" -var "datacenters=DC1" -var "region=global" - Get
Unexpected response code: 403 (Permission denied)
I hope someone had a similar problem and maybe can point me in the right direction 
Thanks in advance, and have a nice day!