R12.3-2026Apr21

Built-in Functions for Follow-up Remediation

Two built-in functions are provided to support the auto remediation for violations from golden config check:

Function SpecDescriptionReturn Description
int VerifyGoldenConfig(
string FullPath_Of_Golden_Rule,
string DeviceName,
bool RefreshConfigFile=true)		This function calls the Golden Config service to validate the config file of a specified device against the specified golden config rule. If 'RefreshConfigFile' is set to true, the function uses the config file retrieved in the current intent command section. Otherwise, it uses the config file from the current baseline.

The return value is an integer, which can be one of the following three values:

0: Failed to verify the golden config rule due to reasons such as:

  • No such golden rule
  • Invalid device
  • Device and rule do not match
  • Not used in a configuration command diagnosis and 'RefreshConfigFile' is set to true
  • Failed to retrieve the config file and 'RefreshConfigFile' is set to true

1: Violation / Alert – if any configuration instance violates the golden rule

2: Compliance / Success – all configuration instances comply with the golden rule

Table GetGoldenConfigCheckResult(string FullPath_Of_Golden_Rule, string DeviceName, bool OnlyInstanceWithAlert=True)  

This function is used to get the result of the latest golden config check result (against golden config rule) of the specified golden config rule for the specified device.

  • string FullPath_Of_Golden_Rule: The full path of a golden config rule defined in GES, including the rule name.
  • string DeviceName: The hostname of the device for which the configlet is expected to be retrieved.
  • bool OnlyInstanceWithAlert: If set to True, only the check results of config instances that violate the golden rule will be returned. If set to False, the check results of all config instances will be returned. Note: This parameter is set to True by default.

The result is a table, and each row of the table represents a check result of a config instance.

The return value can be assigned to a global variable in the type of table or local variable within the intent.

If the specified golden rule or device does not exist, or if they do not match, an empty table with no data rows is returned.

If the specified golden config rule is in the type of the single instance, the returned table will contain only one row of data or no data.

You can specify the entire config change command in NI, ignoring the change command template defined in the Define Change node of the CM template.

In NI, there are two sources of the change commands used for defining devices: one is to directly define change commands within NI, and some of the texts are constructed using variable values from NI; The other (in use case #1) is to get the configlet with golden config violation from the golden config, and then modify the configlet to generate change commands. Therefore, you can use the Function GetDeviceConfig here.


Create CM Task and Open for Users Remediation by Template