Fix uniqueness of destination URL not scoped to namespace

The changes introduced in the merge request
!116909
accidentally removed the uniqueness constraint scoped to namespace_id
for destination_url of the
audit_events_external_audit_event_destinations table.
The database constraint
`index_external_audit_event_destinations_on_namespace_id`
is still present.

Changelog: fixed
EE: true

ee/app/models/audit_events/external_audit_event_destination.rb

@@ -15,6 +15,7 @@ class ExternalAuditEventDestination < ApplicationRecord
 
     validate :root_level_group?
     validates :name, uniqueness: { scope: :namespace_id }
+    validates :destination_url, uniqueness: { scope: :namespace_id }, length: { maximum: 255 }
 
     # TODO: Remove audit_operation.present? guard clause once we implement names for all the audit event types.
     # Epic: https://gitlab.com/groups/gitlab-org/-/epics/8497

ee/app/models/audit_events/instance_external_audit_event_destination.rb

@@ -13,6 +13,7 @@ class InstanceExternalAuditEventDestination < ApplicationRecord
     has_many :event_type_filters, class_name: 'AuditEvents::Streaming::InstanceEventTypeFilter'
 
     validates :name, uniqueness: true
+    validates :destination_url, uniqueness: true, length: { maximum: 255 }
 
     attr_encrypted :verification_token,
       mode: :per_attribute_iv,

ee/app/models/concerns/audit_events/externally_destinationable.rb

@@ -11,7 +11,6 @@ module ExternallyDestinationable
       before_validation :assign_default_name
 
       validates :destination_url, public_url: true, presence: true
-      validates :destination_url, uniqueness: true, length: { maximum: 255 }
       validates :verification_token, length: { in: 16..24 }, allow_nil: true
       validates :verification_token, presence: true, on: :update
       validate :no_more_than_20_headers?

ee/spec/models/audit_events/external_audit_event_destination_spec.rb

@@ -30,6 +30,25 @@
       expect(subject.errors.full_messages).to contain_exactly('Headers are limited to 20 per destination')
     end
 
+    context 'for destination_url' do
+      let_it_be(:group_2) { create(:group) }
+
+      it 'does not create destination with same url for a group' do
+        create(:external_audit_event_destination, destination_url: 'http://www.test.com', group: group)
+        destination = build(:external_audit_event_destination, destination_url: 'http://www.test.com', group: group)
+
+        expect(destination).not_to be_valid
+        expect(destination.errors.full_messages).to include('Destination url has already been taken')
+      end
+
+      it 'creates destination with same url for different groups' do
+        create(:external_audit_event_destination, destination_url: 'http://www.test.com', group: group)
+        destination = build(:external_audit_event_destination, destination_url: 'http://www.test.com', group: group_2)
+
+        expect(destination).to be_valid
+      end
+    end
+
     it 'validates uniqueness of name scoped to namespace' do
       create(:external_audit_event_destination, name: 'Test Destination', group: group)
       destination = build(:external_audit_event_destination, name: 'Test Destination', group: group)

ee/spec/models/audit_events/instance_external_audit_event_destination_spec.rb

@@ -29,6 +29,14 @@
       expect(subject.errors.full_messages).to contain_exactly('Headers are limited to 20 per destination')
     end
 
+    it 'validates uniqueness of destination_url' do
+      create(:instance_external_audit_event_destination, destination_url: 'https://www.test.com')
+      destination = build(:instance_external_audit_event_destination, destination_url: 'https://www.test.com')
+
+      expect(destination).not_to be_valid
+      expect(destination.errors.full_messages).to include('Destination url has already been taken')
+    end
+
     it 'validates uniqueness of name' do
       create(:instance_external_audit_event_destination, name: 'Test Destination')
       destination = build(:instance_external_audit_event_destination, name: 'Test Destination')