I recently have done alot of work on building Golden Config and using NQE queries to find Actual Config on devices and compare to Golden Config and then building the remediation config so actual config will match Golden Config. I did this so Operations engineers can utilize the remediation config to implement on device either manually or through an Ansible playbook that utilizes the NQE Query and then build a workspace on devices being worked on to verify that Golden Config was implemented correctly on device(s). Below is a sample Query for a small section of config to ensure NTP configuration is correct on a Juniper device:

 

goldenConfig_ntp_list =
   "set system ntp server 10.10.10.10",
   "set system time-zone UTC"
  ];


foreach device in network.devices
where device.platform.os == OS.JUNOS
let outputs = device.outputs
foreach command in outputs.commands
  where command.commandText == "show configuration | display set"
  let text = parseConfigBlocks(OS.JUNOS, command.response)

let configList = (foreach line in text where (matches(line.text, "set system time-zone*") || matches(line.text, "set system ntp*")) select line.text)
let missingList = (foreach item in goldenConfig_ntp_list select if item not in configList then item else "")
let extraList = (foreach item in configList select if item not in goldenConfig_ntp_list then item else "")
let violationList = missingList + extraList
let deleteList = (foreach item in extraList where matches(item, "set*") select replace(item, "set", "delete"))

select {
  deviceName: device.name,
  intendedConfig: goldenConfig_ntp_list,
  actualConfig: configList,
  missingConfig: missingList,
  extraConfig: extraList,
  remediation: deleteList + missingList,
  violation: if length(join("", violationList)) > 0 then true else false
}