[cvl] Enforce mandatory field validation for OP_CREATE operations

[Sumalatha-G-ML]

Issue: CVL's ValidateEditConfig() does not enforce YANG mandatory true fields on OP_CREATE operations, allowing invalid configurations to be written to CONFIG_DB.

Root Cause:
CVL performs mandatory field validation only for OP_DELETE operations but skips this critical check for OP_CREATE operations. This allows entries to be created without required mandatory fields defined in YANG models.

Solution:

• Added checkMandatoryFieldsForCreate() function to validate mandatory fields
• Function iterates through YANG leaf nodes and checks if mandatory fields exist
• Returns CVL_SEMANTIC_ERROR with clear error message if mandatory field is missing
• Called during OP_CREATE case in ValidateEditConfig()

Impact:

• Prevents invalid configurations from being written to CONFIG_DB
• Provides clear error messages indicating which mandatory field is missing
• Consistent with existing OP_DELETE mandatory field validation
• No hardware dependency - pure software validation

Testing:

• CREATE operations with missing mandatory fields will now fail with proper error
• CREATE operations with all mandatory fields will continue to work normally
• Error includes table name, key, field name, and descriptive message

Fixes: sonic-net/SONiC#2283

[mssonicbld]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[MrSa3dola]

Hi, faraazbrcm replied to me with the following fix

"Mandatory validation is a syntax validation, CVL relies on libyang for this. Ygot does not support such validation.
Are you using latest version of code?. In Latest I see mandatory check is enabled"

And I added the following fix

grep -n 'lyd_check_mandatory_tree' /sonic/src/libyang/libyang/src/tree_data.c | head -5

If you see `int lyd_check_mandatory_tree` (no API prefix), then the patch is NOT applied.
You need to apply the fix to the source:

sed -i 's/^int$/API int/' /sonic/src/libyang/libyang/src/tree_data.c

Then verify:

grep -B1 'lyd_check_mandatory_tree' /sonic/src/libyang/libyang/src/tree_data.c | head -3

It must show `API int` on the line before `lyd_check_mandatory_tree`.

Apply the above fix right after the relevant comment in the source file.

I tried it, and it’s working now — it checks both the mandatory fields and the when conditions as well.

[Sumalatha-G-ML]

Thank you for sharing @faraazbrcm's feedback about using libyang's lyd_check_mandatory_tree instead.

But I have below questions

1. Does the libyang fix already exist in master branch?
2. Should I close this PR if the issue is already fixed?
3. Or should I update this PR to apply the libyang patch instead of CVL code changes?

@faraazbrcm - Which approach do you prefer?

[MrSa3dola]

@Sumalatha-G-ML You can mention your issue in the main repo here for faster reply.