[MISC] Move UID to Identifier to match Harness Standards (#992)

app/api/auth/auth.go

@@ -76,8 +76,8 @@ func CheckChild(ctx context.Context, authorizer authz.Authorizer, session *auth.
 	}
 
 	resource := &types.Resource{
-		Type: resourceType,
+		Type:       resourceType,
-		Name: resourceName,
+		Identifier: resourceName,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/connector.go

@@ -32,13 +32,13 @@ func CheckConnector(
 	authorizer authz.Authorizer,
 	session *auth.Session,
 	parentPath,
-	uid string,
+	identifier string,
 	permission enum.Permission,
 ) error {
 	scope := &types.Scope{SpacePath: parentPath}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeConnector,
+		Type:       enum.ResourceTypeConnector,
-		Name: uid,
+		Identifier: identifier,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/pipeline.go

@@ -31,15 +31,15 @@ import (
 // Returns nil if the permission is granted, otherwise returns an error.
 // NotAuthenticated, NotAuthorized, or any underlying error.
 func CheckPipeline(ctx context.Context, authorizer authz.Authorizer, session *auth.Session,
-	repoPath string, pipelineUID string, permission enum.Permission) error {
+	repoPath string, pipelineIdentifier string, permission enum.Permission) error {
 	spacePath, repoName, err := paths.DisectLeaf(repoPath)
 	if err != nil {
 		return errors.Wrapf(err, "Failed to disect path '%s'", repoPath)
 	}
 	scope := &types.Scope{SpacePath: spacePath, Repo: repoName}
 	resource := &types.Resource{
-		Type: enum.ResourceTypePipeline,
+		Type:       enum.ResourceTypePipeline,
-		Name: pipelineUID,
+		Identifier: pipelineIdentifier,
 	}
 	return Check(ctx, authorizer, session, scope, resource, permission)
 }

app/api/auth/repo.go

@@ -50,8 +50,8 @@ func CheckRepo(
 
 	scope := &types.Scope{SpacePath: parentSpace}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeRepo,
+		Type:       enum.ResourceTypeRepo,
-		Name: name,
+		Identifier: name,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/secret.go

@@ -28,11 +28,11 @@ import (
 // Returns nil if the permission is granted, otherwise returns an error.
 // NotAuthenticated, NotAuthorized, or any underlying error.
 func CheckSecret(ctx context.Context, authorizer authz.Authorizer, session *auth.Session,
-	parentPath, uid string, permission enum.Permission) error {
+	parentPath, identifier string, permission enum.Permission) error {
 	scope := &types.Scope{SpacePath: parentPath}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeSecret,
+		Type:       enum.ResourceTypeSecret,
-		Name: uid,
+		Identifier: identifier,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/service.go

@@ -32,8 +32,8 @@ func CheckService(ctx context.Context, authorizer authz.Authorizer, session *aut
 	// a service exists outside any scope
 	scope := &types.Scope{}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeService,
+		Type:       enum.ResourceTypeService,
-		Name: svc.UID,
+		Identifier: svc.UID,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/space.go

@@ -44,8 +44,8 @@ func CheckSpace(ctx context.Context, authorizer authz.Authorizer, session *auth.
 
 	scope := &types.Scope{SpacePath: parentSpace}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeSpace,
+		Type:       enum.ResourceTypeSpace,
-		Name: name,
+		Identifier: name,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/template.go

@@ -28,11 +28,11 @@ import (
 // Returns nil if the permission is granted, otherwise returns an error.
 // NotAuthenticated, NotAuthorized, or any underlying error.
 func CheckTemplate(ctx context.Context, authorizer authz.Authorizer, session *auth.Session,
-	parentPath, uid string, permission enum.Permission) error {
+	parentPath, identifier string, permission enum.Permission) error {
 	scope := &types.Scope{SpacePath: parentPath}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeTemplate,
+		Type:       enum.ResourceTypeTemplate,
-		Name: uid,
+		Identifier: identifier,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/auth/user.go

@@ -32,8 +32,8 @@ func CheckUser(ctx context.Context, authorizer authz.Authorizer, session *auth.S
 	// a user exists outside any scope
 	scope := &types.Scope{}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeUser,
+		Type:       enum.ResourceTypeUser,
-		Name: user.UID,
+		Identifier: user.UID,
 	}
 
 	return Check(ctx, authorizer, session, scope, resource, permission)

app/api/controller/check/check_list.go

@@ -42,7 +42,7 @@ func (c *Controller) ListChecks(
 	err = c.tx.WithTx(ctx, func(ctx context.Context) (err error) {
 		checks, err = c.checkStore.List(ctx, repo.ID, commitSHA, opts)
 		if err != nil {
-			return fmt.Errorf("failed to list status check results for repo=%s: %w", repo.UID, err)
+			return fmt.Errorf("failed to list status check results for repo=%s: %w", repo.Identifier, err)
 		}
 
 		if opts.Page == 1 && len(checks) < opts.Size {
@@ -52,7 +52,7 @@ func (c *Controller) ListChecks(
 
 		count, err = c.checkStore.Count(ctx, repo.ID, commitSHA, opts)
 		if err != nil {
-			return fmt.Errorf("failed to count status check results for repo=%s: %w", repo.UID, err)
+			return fmt.Errorf("failed to count status check results for repo=%s: %w", repo.Identifier, err)
 		}
 
 		return nil

app/api/controller/check/check_recent.go

@@ -40,10 +40,10 @@ func (c *Controller) ListRecentChecks(
 		opts.Since = time.Now().Add(-30 * 24 * time.Hour).UnixMilli()
 	}
 
-	checkUIDs, err := c.checkStore.ListRecent(ctx, repo.ID, opts)
+	checkIdentifiers, err := c.checkStore.ListRecent(ctx, repo.ID, opts)
 	if err != nil {
-		return nil, fmt.Errorf("failed to list status check results for repo=%s: %w", repo.UID, err)
+		return nil, fmt.Errorf("failed to list status check results for repo=%s: %w", repo.Identifier, err)
 	}
 
-	return checkUIDs, nil
+	return checkIdentifiers, nil
 }

app/api/controller/check/check_report.go

@@ -32,29 +32,37 @@ import (
 )
 
 type ReportInput struct {
-	CheckUID string             `json:"check_uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Status   enum.CheckStatus   `json:"status"`
+	CheckUID   string             `json:"check_uid" deprecated:"true"`
-	Summary  string             `json:"summary"`
+	Identifier string             `json:"identifier"`
-	Link     string             `json:"link"`
+	Status     enum.CheckStatus   `json:"status"`
-	Payload  types.CheckPayload `json:"payload"`
+	Summary    string             `json:"summary"`
+	Link       string             `json:"link"`
+	Payload    types.CheckPayload `json:"payload"`
 
 	Started int64 `json:"started,omitempty"`
 	Ended   int64 `json:"ended,omitempty"`
 }
 
-var regexpCheckUID = "^[0-9a-zA-Z-_.$]{1,127}$"
+// TODO: Can we drop the '$' - depends on whether harness allows it.
-var matcherCheckUID = regexp.MustCompile(regexpCheckUID)
+var regexpCheckIdentifier = "^[0-9a-zA-Z-_.$]{1,127}$"
+var matcherCheckIdentifier = regexp.MustCompile(regexpCheckIdentifier)
 
-// Validate validates and sanitizes the ReportInput data.
+// Sanitize validates and sanitizes the ReportInput data.
-func (in *ReportInput) Validate(
+func (in *ReportInput) Sanitize(
 	sanitizers map[enum.CheckPayloadKind]func(in *ReportInput, session *auth.Session) error, session *auth.Session,
 ) error {
-	if in.CheckUID == "" {
+	// TODO [CODE-1363]: remove after identifier migration.
-		return usererror.BadRequest("Status check UID is missing")
+	if in.Identifier == "" {
+		in.Identifier = in.CheckUID
 	}
 
-	if !matcherCheckUID.MatchString(in.CheckUID) {
+	if in.Identifier == "" {
-		return usererror.BadRequestf("Status check UID must match the regular expression: %s", regexpCheckUID)
+		return usererror.BadRequest("Identifier is missing")
+	}
+
+	if !matcherCheckIdentifier.MatchString(in.Identifier) {
+		return usererror.BadRequestf("Identifier must match the regular expression: %s", regexpCheckIdentifier)
 	}
 
 	_, ok := in.Status.Sanitize()
@@ -123,7 +131,7 @@ func (c *Controller) Report(
 		return nil, fmt.Errorf("failed to acquire access access to repo: %w", err)
 	}
 
-	if errValidate := in.Validate(c.sanitizers, session); errValidate != nil {
+	if errValidate := in.Sanitize(c.sanitizers, session); errValidate != nil {
 		return nil, errValidate
 	}
 
@@ -143,10 +151,10 @@ func (c *Controller) Report(
 
 	metadataJSON, _ := json.Marshal(metadata)
 
-	existingCheck, err := c.checkStore.Find(ctx, repo.ID, commitSHA, in.CheckUID)
+	existingCheck, err := c.checkStore.FindByIdentifier(ctx, repo.ID, commitSHA, in.Identifier)
 
 	if err != nil && !errors.Is(err, store.ErrResourceNotFound) {
-		return nil, fmt.Errorf("failed to find existing check for UID=%q: %w", in.CheckUID, err)
+		return nil, fmt.Errorf("failed to find existing check for Identifier %q: %w", in.Identifier, err)
 	}
 
 	started := getStartTime(in, existingCheck, now)
@@ -158,7 +166,7 @@ func (c *Controller) Report(
 		Updated:    now,
 		RepoID:     repo.ID,
 		CommitSHA:  commitSHA,
-		UID:        in.CheckUID,
+		Identifier: in.Identifier,
 		Status:     in.Status,
 		Summary:    in.Summary,
 		Link:       in.Link,
@@ -171,7 +179,7 @@ func (c *Controller) Report(
 
 	err = c.checkStore.Upsert(ctx, statusCheckReport)
 	if err != nil {
-		return nil, fmt.Errorf("failed to upsert status check result for repo=%s: %w", repo.UID, err)
+		return nil, fmt.Errorf("failed to upsert status check result for repo=%s: %w", repo.Identifier, err)
 	}
 
 	return statusCheckReport, nil

app/api/controller/connector/controller.go

@@ -17,24 +17,20 @@ package connector
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 )
 
 type Controller struct {
-	uidCheck       check.PathUID
 	connectorStore store.ConnectorStore
 	authorizer     authz.Authorizer
 	spaceStore     store.SpaceStore
 }
 
 func NewController(
-	uidCheck check.PathUID,
 	authorizer authz.Authorizer,
 	connectorStore store.ConnectorStore,
 	spaceStore store.SpaceStore,
 ) *Controller {
 	return &Controller{
-		uidCheck:       uidCheck,
 		connectorStore: connectorStore,
 		authorizer:     authorizer,
 		spaceStore:     spaceStore,

app/api/controller/connector/create.go

@@ -38,9 +38,11 @@ var (
 type CreateInput struct {
 	Description string `json:"description"`
 	SpaceRef    string `json:"space_ref"` // Ref of the parent space
-	UID         string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Type        string `json:"type"`
+	UID        string `json:"uid" deprecated:"true"`
-	Data        string `json:"data"`
+	Identifier string `json:"identifier"`
+	Type       string `json:"type"`
+	Data       string `json:"data"`
 }
 
 func (c *Controller) Create(
@@ -51,12 +53,13 @@ func (c *Controller) Create(
 	if err := c.sanitizeCreateInput(in); err != nil {
 		return nil, fmt.Errorf("failed to sanitize input: %w", err)
 	}
+
 	parentSpace, err := c.spaceStore.FindByRef(ctx, in.SpaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find parent by ref: %w", err)
 	}
 
-	err = apiauth.CheckConnector(ctx, c.authorizer, session, parentSpace.Path, in.UID, enum.PermissionConnectorEdit)
+	err = apiauth.CheckConnector(ctx, c.authorizer, session, parentSpace.Path, in.Identifier, enum.PermissionConnectorEdit)
 	if err != nil {
 		return nil, err
 	}
@@ -67,7 +70,7 @@ func (c *Controller) Create(
 		Data:        in.Data,
 		Type:        in.Type,
 		SpaceID:     parentSpace.ID,
-		UID:         in.UID,
+		Identifier:  in.Identifier,
 		Created:     now,
 		Updated:     now,
 		Version:     0,
@@ -81,13 +84,18 @@ func (c *Controller) Create(
 }
 
 func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	parentRefAsID, _ := strconv.ParseInt(in.SpaceRef, 10, 64)
 
 	if parentRefAsID <= 0 || len(strings.TrimSpace(in.SpaceRef)) == 0 {
 		return errConnectorRequiresParent
 	}
 
-	if err := c.uidCheck(in.UID, false); err != nil {
+	if err := check.Identifier(in.Identifier); err != nil {
 		return err
 	}
 

app/api/controller/connector/delete.go

@@ -23,17 +23,22 @@ import (
 	"github.com/harness/gitness/types/enum"
 )
 
-func (c *Controller) Delete(ctx context.Context, session *auth.Session, spaceRef string, uid string) error {
+func (c *Controller) Delete(
+	ctx context.Context,
+	session *auth.Session,
+	spaceRef string,
+	identifier string,
+) error {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return fmt.Errorf("failed to find space: %w", err)
 	}
 
-	err = apiauth.CheckConnector(ctx, c.authorizer, session, space.Path, uid, enum.PermissionConnectorDelete)
+	err = apiauth.CheckConnector(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionConnectorDelete)
 	if err != nil {
 		return fmt.Errorf("failed to authorize: %w", err)
 	}
-	err = c.connectorStore.DeleteByUID(ctx, space.ID, uid)
+	err = c.connectorStore.DeleteByIdentifier(ctx, space.ID, identifier)
 	if err != nil {
 		return fmt.Errorf("could not delete connector: %w", err)
 	}

app/api/controller/connector/find.go

@@ -28,17 +28,17 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 ) (*types.Connector, error) {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find space: %w", err)
 	}
-	err = apiauth.CheckConnector(ctx, c.authorizer, session, space.Path, uid, enum.PermissionConnectorView)
+	err = apiauth.CheckConnector(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionConnectorView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
-	connector, err := c.connectorStore.FindByUID(ctx, space.ID, uid)
+	connector, err := c.connectorStore.FindByIdentifier(ctx, space.ID, identifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find connector: %w", err)
 	}

app/api/controller/connector/update.go

@@ -28,7 +28,9 @@ import (
 
 // UpdateInput is used for updating a connector.
 type UpdateInput struct {
-	UID         *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         *string `json:"uid" deprecated:"true"`
+	Identifier  *string `json:"identifier"`
 	Description *string `json:"description"`
 	Data        *string `json:"data"`
 }
@@ -37,31 +39,31 @@ func (c *Controller) Update(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 	in *UpdateInput,
 ) (*types.Connector, error) {
+	if err := c.sanitizeUpdateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find space: %w", err)
 	}
 
-	err = apiauth.CheckConnector(ctx, c.authorizer, session, space.Path, uid, enum.PermissionConnectorEdit)
+	err = apiauth.CheckConnector(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionConnectorEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	if err = c.sanitizeUpdateInput(in); err != nil {
+	connector, err := c.connectorStore.FindByIdentifier(ctx, space.ID, identifier)
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
-	connector, err := c.connectorStore.FindByUID(ctx, space.ID, uid)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find connector: %w", err)
 	}
 
 	return c.connectorStore.UpdateOptLock(ctx, connector, func(original *types.Connector) error {
-		if in.UID != nil {
+		if in.Identifier != nil {
-			original.UID = *in.UID
+			original.Identifier = *in.Identifier
 		}
 		if in.Description != nil {
 			original.Description = *in.Description
@@ -75,8 +77,13 @@ func (c *Controller) Update(
 }
 
 func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := c.uidCheck(*in.UID, false); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/controller/connector/wire.go

@@ -17,7 +17,6 @@ package connector
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 
 	"github.com/google/wire"
 )
@@ -28,10 +27,9 @@ var WireSet = wire.NewSet(
 )
 
 func ProvideController(
-	uidCheck check.PathUID,
 	connectorStore store.ConnectorStore,
 	authorizer authz.Authorizer,
 	spaceStore store.SpaceStore,
 ) *Controller {
-	return NewController(uidCheck, authorizer, connectorStore, spaceStore)
+	return NewController(authorizer, connectorStore, spaceStore)
 }

app/api/controller/execution/cancel.go

@@ -31,19 +31,19 @@ func (c *Controller) Cancel(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	executionNum int64,
 ) (*types.Execution, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineExecute)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineExecute)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/execution/create.go

@@ -31,7 +31,7 @@ func (c *Controller) Create(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	branch string,
 ) (*types.Execution, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
@@ -39,12 +39,12 @@ func (c *Controller) Create(
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
 	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path,
-		pipelineUID, enum.PermissionPipelineExecute)
+		pipelineIdentifier, enum.PermissionPipelineExecute)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/execution/delete.go

@@ -27,19 +27,19 @@ func (c *Controller) Delete(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	executionNum int64,
 ) error {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineDelete)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineDelete)
 	if err != nil {
 		return fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/execution/find.go

@@ -28,19 +28,19 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	executionNum int64,
 ) (*types.Execution, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/execution/list.go

@@ -29,7 +29,7 @@ func (c *Controller) List(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	pagination types.Pagination,
 ) ([]*types.Execution, int64, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
@@ -37,12 +37,12 @@ func (c *Controller) List(
 		return nil, 0, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
 
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/githook/pre_receive.go

@@ -155,7 +155,7 @@ func (c *Controller) checkProtectionRules(
 	for _, ruleViolation := range ruleViolations {
 		criticalViolation = criticalViolation || ruleViolation.IsCritical()
 		for _, violation := range ruleViolation.Violations {
-			message := fmt.Sprintf("Rule %q violation: %s", ruleViolation.Rule.UID, violation.Message)
+			message := fmt.Sprintf("Rule %q violation: %s", ruleViolation.Rule.Identifier, violation.Message)
 			output.Messages = append(output.Messages, message)
 		}
 	}

app/api/controller/logs/find.go

@@ -30,7 +30,7 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	executionNum int64,
 	stageNum int,
 	stepNum int,
@@ -39,12 +39,12 @@ func (c *Controller) Find(
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/logs/tail.go

@@ -28,7 +28,7 @@ func (c *Controller) Tail(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	executionNum int64,
 	stageNum int,
 	stepNum int,
@@ -37,11 +37,11 @@ func (c *Controller) Tail(
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/pipeline/controller.go

@@ -17,12 +17,10 @@ package pipeline
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 )
 
 type Controller struct {
 	defaultBranch string
-	uidCheck      check.PathUID
 	repoStore     store.RepoStore
 	triggerStore  store.TriggerStore
 	authorizer    authz.Authorizer
@@ -30,14 +28,12 @@ type Controller struct {
 }
 
 func NewController(
-	uidCheck check.PathUID,
 	authorizer authz.Authorizer,
 	repoStore store.RepoStore,
 	triggerStore store.TriggerStore,
 	pipelineStore store.PipelineStore,
 ) *Controller {
 	return &Controller{
-		uidCheck:      uidCheck,
 		repoStore:     repoStore,
 		triggerStore:  triggerStore,
 		authorizer:    authorizer,

app/api/controller/pipeline/create.go

@@ -37,8 +37,10 @@ var (
 )
 
 type CreateInput struct {
-	Description   string `json:"description"`
+	Description string `json:"description"`
-	UID           string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID           string `json:"uid" deprecated:"true"`
+	Identifier    string `json:"identifier"`
 	Disabled      bool   `json:"disabled"`
 	DefaultBranch string `json:"default_branch"`
 	ConfigPath    string `json:"config_path"`
@@ -50,6 +52,10 @@ func (c *Controller) Create(
 	repoRef string,
 	in *CreateInput,
 ) (*types.Pipeline, error) {
+	if err := c.sanitizeCreateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
@@ -60,16 +66,12 @@ func (c *Controller) Create(
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	if err := c.sanitizeCreateInput(in); err != nil {
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
 	var pipeline *types.Pipeline
 	now := time.Now().UnixMilli()
 	pipeline = &types.Pipeline{
 		Description:   in.Description,
 		RepoID:        repo.ID,
-		UID:           in.UID,
+		Identifier:    in.Identifier,
 		Disabled:      in.Disabled,
 		CreatedBy:     session.Principal.ID,
 		Seq:           0,
@@ -94,7 +96,7 @@ func (c *Controller) Create(
 		PipelineID:  pipeline.ID,
 		RepoID:      pipeline.RepoID,
 		CreatedBy:   session.Principal.ID,
-		UID:         "default",
+		Identifier:  "default",
 		Actions: []enum.TriggerAction{enum.TriggerActionPullReqCreated,
 			enum.TriggerActionPullReqReopened, enum.TriggerActionPullReqBranchUpdated},
 		Disabled: false,
@@ -109,7 +111,12 @@ func (c *Controller) Create(
 }
 
 func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
-	if err := c.uidCheck(in.UID, false); err != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
+	if err := check.Identifier(in.Identifier); err != nil {
 		return err
 	}
 

app/api/controller/pipeline/delete.go

@@ -23,18 +23,23 @@ import (
 	"github.com/harness/gitness/types/enum"
 )
 
-func (c *Controller) Delete(ctx context.Context, session *auth.Session, repoRef string, uid string) error {
+func (c *Controller) Delete(
+	ctx context.Context,
+	session *auth.Session,
+	repoRef string,
+	identifier string,
+) error {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return fmt.Errorf("failed to find repo by ref: %w", err)
 	}
 
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, uid, enum.PermissionPipelineDelete)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, identifier, enum.PermissionPipelineDelete)
 	if err != nil {
 		return fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	err = c.pipelineStore.DeleteByUID(ctx, repo.ID, uid)
+	err = c.pipelineStore.DeleteByIdentifier(ctx, repo.ID, identifier)
 	if err != nil {
 		return fmt.Errorf("could not delete pipeline: %w", err)
 	}

app/api/controller/pipeline/find.go

@@ -28,15 +28,15 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	uid string,
+	identifier string,
 ) (*types.Pipeline, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, uid, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, identifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
-	return c.pipelineStore.FindByUID(ctx, repo.ID, uid)
+	return c.pipelineStore.FindByIdentifier(ctx, repo.ID, identifier)
 }

app/api/controller/pipeline/update.go

@@ -27,7 +27,9 @@ import (
 )
 
 type UpdateInput struct {
-	UID         *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         *string `json:"uid" deprecated:"true"`
+	Identifier  *string `json:"identifier"`
 	Description *string `json:"description"`
 	Disabled    *bool   `json:"disabled"`
 	ConfigPath  *string `json:"config_path"`
@@ -37,14 +39,14 @@ func (c *Controller) Update(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	uid string,
+	identifier string,
 	in *UpdateInput,
 ) (*types.Pipeline, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, uid, enum.PermissionPipelineEdit)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, identifier, enum.PermissionPipelineEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
@@ -53,14 +55,14 @@ func (c *Controller) Update(
 		return nil, fmt.Errorf("failed to sanitize input: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, uid)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, identifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}
 
 	return c.pipelineStore.UpdateOptLock(ctx, pipeline, func(pipeline *types.Pipeline) error {
-		if in.UID != nil {
+		if in.Identifier != nil {
-			pipeline.UID = *in.UID
+			pipeline.Identifier = *in.Identifier
 		}
 		if in.Description != nil {
 			pipeline.Description = *in.Description
@@ -77,8 +79,13 @@ func (c *Controller) Update(
 }
 
 func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := c.uidCheck(*in.UID, false); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/controller/pipeline/wire.go

@@ -17,7 +17,6 @@ package pipeline
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 
 	"github.com/google/wire"
 )
@@ -28,12 +27,15 @@ var WireSet = wire.NewSet(
 )
 
 func ProvideController(
-	uidCheck check.PathUID,
 	repoStore store.RepoStore,
 	triggerStore store.TriggerStore,
 	authorizer authz.Authorizer,
 	pipelineStore store.PipelineStore,
 ) *Controller {
-	return NewController(uidCheck, authorizer,
+	return NewController(
-		repoStore, triggerStore, pipelineStore)
+		authorizer,
+		repoStore,
+		triggerStore,
+		pipelineStore,
+	)
 }

app/api/controller/pullreq/codeowner.go

@@ -73,7 +73,7 @@ func mapCodeOwnerEvaluation(ownerEvaluation *codeowners.Evaluation) []types.Code
 				userGroupEvaluations[k] = mapOwner(userGroupOwner)
 			}
 			userGroupOwnerEvaluations[j] = types.UserGroupOwnerEvaluation{
-				ID:          userGroupOwnerEvaluation.ID,
+				ID:          userGroupOwnerEvaluation.Identifier,
 				Name:        userGroupOwnerEvaluation.Name,
 				Evaluations: userGroupEvaluations,
 			}

app/api/controller/pullreq/controller.go

@@ -126,12 +126,12 @@ func (c *Controller) verifyBranchExistence(ctx context.Context,
 		})
 	if errors.AsStatus(err) == errors.StatusNotFound {
 		return "", usererror.BadRequest(
-			fmt.Sprintf("branch %s does not exist in the repository %s", branch, repo.UID))
+			fmt.Sprintf("branch %q does not exist in the repository %q", branch, repo.Identifier))
 	}
 	if err != nil {
 		return "", fmt.Errorf(
-			"failed to check existence of the branch %s in the repository %s: %w",
+			"failed to check existence of the branch %q in the repository %q: %w",
-			branch, repo.UID, err)
+			branch, repo.Identifier, err)
 	}
 
 	return ref.SHA, nil

app/api/controller/pullreq/locks.go

@@ -30,11 +30,11 @@ import (
 
 func (c *Controller) lockPR(
 	ctx context.Context,
-	repoUID string,
+	repoID int64,
 	prNum int64,
 	expiry time.Duration,
 ) (func(), error) {
-	key := repoUID + "/pulls"
+	key := fmt.Sprintf("%d/pulls", repoID)
 	if prNum != 0 {
 		key += "/" + strconv.FormatInt(prNum, 10)
 	}
@@ -44,7 +44,7 @@ func (c *Controller) lockPR(
 	ctx = logging.NewContext(ctx, func(c zerolog.Context) zerolog.Context {
 		return c.
 			Str("pullreq_lock", key).
-			Str("repo_uid", repoUID)
+			Int64("repo_id", repoID)
 	})
 
 	mutex, err := c.mtxManager.NewMutex(
@@ -54,11 +54,11 @@ func (c *Controller) lockPR(
 		lock.WithTimeoutFactor(4/expiry.Seconds()), // 4s
 	)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create new mutex for pr %d in repo %q: %w", prNum, repoUID, err)
+		return nil, fmt.Errorf("failed to create new mutex for pr %d in repo %q: %w", prNum, repoID, err)
 	}
 	err = mutex.Lock(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("failed to lock mutex for pr %d in repo %q: %w", prNum, repoUID, err)
+		return nil, fmt.Errorf("failed to lock mutex for pr %d in repo %q: %w", prNum, repoID, err)
 	}
 
 	log.Ctx(ctx).Debug().Msgf("successfully locked PR (expiry: %s)", expiry)

app/api/controller/pullreq/merge.go

@@ -106,7 +106,7 @@ func (c *Controller) Merge(
 	// pr is already merged.
 	unlock, err := c.lockPR(
 		ctx,
-		targetRepo.GitUID,
+		targetRepo.ID,
 		0,                      // 0 means locks all PRs for this repo
 		timeout+30*time.Second, // add 30s to the lock to give enough time for pre + post merge
 	)

app/api/controller/repo/controller.go

@@ -36,7 +36,6 @@ import (
 	"github.com/harness/gitness/lock"
 	"github.com/harness/gitness/store/database/dbtx"
 	"github.com/harness/gitness/types"
-	"github.com/harness/gitness/types/check"
 	"github.com/harness/gitness/types/enum"
 )
 
@@ -50,7 +49,6 @@ type Controller struct {
 
 	tx                 dbtx.Transactor
 	urlProvider        url.Provider
-	uidCheck           check.PathUID
 	authorizer         authz.Authorizer
 	repoStore          store.RepoStore
 	spaceStore         store.SpaceStore
@@ -72,7 +70,6 @@ func NewController(
 	config *types.Config,
 	tx dbtx.Transactor,
 	urlProvider url.Provider,
-	uidCheck check.PathUID,
 	authorizer authz.Authorizer,
 	repoStore store.RepoStore,
 	spaceStore store.SpaceStore,
@@ -94,7 +91,6 @@ func NewController(
 		publicResourceCreationEnabled: config.PublicResourceCreationEnabled,
 		tx:                            tx,
 		urlProvider:                   urlProvider,
-		uidCheck:                      uidCheck,
 		authorizer:                    authorizer,
 		repoStore:                     repoStore,
 		spaceStore:                    spaceStore,

app/api/controller/repo/create.go

@@ -44,8 +44,10 @@ var (
 )
 
 type CreateInput struct {
-	ParentRef     string `json:"parent_ref"`
+	ParentRef string `json:"parent_ref"`
-	UID           string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID           string `json:"uid" deprecated:"true"`
+	Identifier    string `json:"identifier"`
 	DefaultBranch string `json:"default_branch"`
 	Description   string `json:"description"`
 	IsPublic      bool   `json:"is_public"`
@@ -59,15 +61,15 @@ type CreateInput struct {
 //
 //nolint:gocognit
 func (c *Controller) Create(ctx context.Context, session *auth.Session, in *CreateInput) (*types.Repository, error) {
+	if err := c.sanitizeCreateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	parentSpace, err := c.getSpaceCheckAuthRepoCreation(ctx, session, in.ParentRef)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := c.sanitizeCreateInput(in); err != nil {
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
 	var repo *types.Repository
 	err = c.tx.WithTx(ctx, func(ctx context.Context) error {
 		if err := c.resourceLimiter.RepoCount(ctx, parentSpace.ID, 1); err != nil {
@@ -83,7 +85,7 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 		repo = &types.Repository{
 			Version:       0,
 			ParentID:      parentSpace.ID,
-			UID:           in.UID,
+			Identifier:    in.Identifier,
 			GitUID:        gitResp.UID,
 			Description:   in.Description,
 			IsPublic:      in.IsPublic,
@@ -134,8 +136,8 @@ func (c *Controller) getSpaceCheckAuthRepoCreation(
 	// create is a special case - check permission without specific resource
 	scope := &types.Scope{SpacePath: space.Path}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeRepo,
+		Type:       enum.ResourceTypeRepo,
-		Name: "",
+		Identifier: "",
 	}
 
 	err = apiauth.Check(ctx, c.authorizer, session, scope, resource, enum.PermissionRepoEdit)
@@ -147,6 +149,11 @@ func (c *Controller) getSpaceCheckAuthRepoCreation(
 }
 
 func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	if in.IsPublic && !c.publicResourceCreationEnabled {
 		return errPublicRepoCreationDisabled
 	}
@@ -155,7 +162,7 @@ func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
 		return err
 	}
 
-	if err := c.uidCheck(in.UID, false); err != nil {
+	if err := check.RepoIdentifier(in.Identifier); err != nil {
 		return err
 	}
 
@@ -179,7 +186,7 @@ func (c *Controller) createGitRepository(ctx context.Context, session *auth.Sess
 	)
 	files := make([]git.File, 0, 3) // readme, gitignore, licence
 	if in.Readme {
-		content = createReadme(in.UID, in.Description)
+		content = createReadme(in.Identifier, in.Description)
 		files = append(files, git.File{
 			Path:    "README.md",
 			Content: content,

app/api/controller/repo/import.go

@@ -22,11 +22,14 @@ import (
 	"github.com/harness/gitness/app/auth"
 	"github.com/harness/gitness/app/services/importer"
 	"github.com/harness/gitness/types"
+	"github.com/harness/gitness/types/check"
 )
 
 type ImportInput struct {
-	ParentRef   string `json:"parent_ref"`
+	ParentRef string `json:"parent_ref"`
-	UID         string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         string `json:"uid" deprecated:"true"`
+	Identifier  string `json:"identifier"`
 	Description string `json:"description"`
 
 	Provider     importer.Provider `json:"provider"`
@@ -37,16 +40,15 @@ type ImportInput struct {
 
 // Import creates a new empty repository and starts git import to it from a remote repository.
 func (c *Controller) Import(ctx context.Context, session *auth.Session, in *ImportInput) (*types.Repository, error) {
+	if err := c.sanitizeImportInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	parentSpace, err := c.getSpaceCheckAuthRepoCreation(ctx, session, in.ParentRef)
 	if err != nil {
 		return nil, err
 	}
 
-	err = c.sanitizeImportInput(in)
-	if err != nil {
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
 	var repo *types.Repository
 	err = c.tx.WithTx(ctx, func(ctx context.Context) error {
 		if err := c.resourceLimiter.RepoCount(ctx, parentSpace.ID, 1); err != nil {
@@ -59,7 +61,7 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 		}
 		repo = remoteRepository.ToRepo(
 			parentSpace.ID,
-			in.UID,
+			in.Identifier,
 			in.Description,
 			&session.Principal,
 			c.publicResourceCreationEnabled,
@@ -87,11 +89,16 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 }
 
 func (c *Controller) sanitizeImportInput(in *ImportInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	if err := c.validateParentRef(in.ParentRef); err != nil {
 		return err
 	}
 
-	if err := c.uidCheck(in.UID, false); err != nil {
+	if err := check.RepoIdentifier(in.Identifier); err != nil {
 		return err
 	}
 

app/api/controller/repo/move.go

@@ -22,23 +22,26 @@ import (
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/auth"
 	"github.com/harness/gitness/types"
+	"github.com/harness/gitness/types/check"
 	"github.com/harness/gitness/types/enum"
 )
 
 // MoveInput is used for moving a repo.
 type MoveInput struct {
-	UID *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID        *string `json:"uid" deprecated:"true"`
+	Identifier *string `json:"identifier"`
 }
 
 func (i *MoveInput) hasChanges(repo *types.Repository) bool {
-	if i.UID != nil && *i.UID != repo.UID {
+	if i.Identifier != nil && *i.Identifier != repo.Identifier {
 		return true
 	}
 
 	return false
 }
 
-// Move moves a repository to a new space uid.
+// Move moves a repository to a new identifier.
 // TODO: Add support for moving to other parents and aliases.
 //
 //nolint:gocognit // refactor if needed
@@ -47,6 +50,10 @@ func (c *Controller) Move(ctx context.Context,
 	repoRef string,
 	in *MoveInput,
 ) (*types.Repository, error) {
+	if err := c.sanitizeMoveInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, err
@@ -64,13 +71,9 @@ func (c *Controller) Move(ctx context.Context,
 		return repo, nil
 	}
 
-	if err = c.sanitizeMoveInput(in); err != nil {
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
 	repo, err = c.repoStore.UpdateOptLock(ctx, repo, func(r *types.Repository) error {
-		if in.UID != nil {
+		if in.Identifier != nil {
-			r.UID = *in.UID
+			r.Identifier = *in.Identifier
 		}
 		return nil
 	})
@@ -84,8 +87,13 @@ func (c *Controller) Move(ctx context.Context,
 }
 
 func (c *Controller) sanitizeMoveInput(in *MoveInput) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := c.uidCheck(*in.UID, false); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.RepoIdentifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/controller/repo/rule_create.go

@@ -29,9 +29,11 @@ import (
 )
 
 type RuleCreateInput struct {
-	Type        types.RuleType     `json:"type"`
+	Type  types.RuleType `json:"type"`
-	State       enum.RuleState     `json:"state"`
+	State enum.RuleState `json:"state"`
-	UID         string             `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         string             `json:"uid" deprecated:"true"`
+	Identifier  string             `json:"identifier"`
 	Description string             `json:"description"`
 	Pattern     protection.Pattern `json:"pattern"`
 	Definition  json.RawMessage    `json:"definition"`
@@ -39,7 +41,12 @@ type RuleCreateInput struct {
 
 // sanitize validates and sanitizes the create rule input data.
 func (in *RuleCreateInput) sanitize() error {
-	if err := check.UID(in.UID); err != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
+	if err := check.Identifier(in.Identifier); err != nil {
 		return err
 	}
 
@@ -70,12 +77,11 @@ func (c *Controller) RuleCreate(ctx context.Context,
 	repoRef string,
 	in *RuleCreateInput,
 ) (*types.Rule, error) {
-	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit, false)
+	if err := in.sanitize(); err != nil {
-	if err != nil {
 		return nil, err
 	}
 
-	err = in.sanitize()
+	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit, false)
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +100,7 @@ func (c *Controller) RuleCreate(ctx context.Context,
 		SpaceID:       nil,
 		Type:          in.Type,
 		State:         in.State,
-		UID:           in.UID,
+		Identifier:    in.Identifier,
 		Description:   in.Description,
 		Pattern:       in.Pattern.JSON(),
 		Definition:    in.Definition,

app/api/controller/repo/rule_delete.go

@@ -22,20 +22,20 @@ import (
 	"github.com/harness/gitness/types/enum"
 )
 
-// RuleDelete deletes a protection rule by UID.
+// RuleDelete deletes a protection rule by identifier.
 func (c *Controller) RuleDelete(ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	uid string,
+	identifier string,
 ) error {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit, false)
 	if err != nil {
 		return err
 	}
 
-	r, err := c.ruleStore.FindByUID(ctx, nil, &repo.ID, uid)
+	r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.ID, identifier)
 	if err != nil {
-		return fmt.Errorf("failed to find repository-level protection rule by uid: %w", err)
+		return fmt.Errorf("failed to find repository-level protection rule by identifier: %w", err)
 	}
 
 	err = c.ruleStore.Delete(ctx, r.ID)

app/api/controller/repo/rule_find.go

@@ -23,20 +23,20 @@ import (
 	"github.com/harness/gitness/types/enum"
 )
 
-// RuleFind returns the protection rule by UID.
+// RuleFind returns the protection rule by identifier.
 func (c *Controller) RuleFind(ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	uid string,
+	identifier string,
 ) (*types.Rule, error) {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView, true)
 	if err != nil {
 		return nil, err
 	}
 
-	r, err := c.ruleStore.FindByUID(ctx, nil, &repo.ID, uid)
+	r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.ID, identifier)
 	if err != nil {
-		return nil, fmt.Errorf("failed to find repository-level protection rule by uid: %w", err)
+		return nil, fmt.Errorf("failed to find repository-level protection rule by identifier: %w", err)
 	}
 
 	r.Users, err = c.getRuleUsers(ctx, r)

app/api/controller/repo/rule_update.go

@@ -28,7 +28,9 @@ import (
 )
 
 type RuleUpdateInput struct {
-	UID         string              `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         *string             `json:"uid" deprecated:"true"`
+	Identifier  *string             `json:"identifier"`
 	State       *enum.RuleState     `json:"state"`
 	Description *string             `json:"description"`
 	Pattern     *protection.Pattern `json:"pattern"`
@@ -37,8 +39,13 @@ type RuleUpdateInput struct {
 
 // sanitize validates and sanitizes the update rule input data.
 func (in *RuleUpdateInput) sanitize() error {
-	if in.UID != "" {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := check.UID(in.UID); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}
@@ -66,29 +73,28 @@ func (in *RuleUpdateInput) sanitize() error {
 }
 
 func (in *RuleUpdateInput) isEmpty() bool {
-	return in.UID == "" && in.State == nil && in.Description == nil && in.Pattern == nil && in.Definition == nil
+	return in.Identifier == nil && in.State == nil && in.Description == nil && in.Pattern == nil && in.Definition == nil
 }
 
 // RuleUpdate updates an existing protection rule for a repository.
 func (c *Controller) RuleUpdate(ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	uid string,
+	identifier string,
 	in *RuleUpdateInput,
 ) (*types.Rule, error) {
+	if err := in.sanitize(); err != nil {
+		return nil, err
+	}
+
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit, false)
 	if err != nil {
 		return nil, err
 	}
 
-	err = in.sanitize()
+	r, err := c.ruleStore.FindByIdentifier(ctx, nil, &repo.ID, identifier)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get a repository rule by its identifier: %w", err)
-	}
-
-	r, err := c.ruleStore.FindByUID(ctx, nil, &repo.ID, uid)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get a repository rule by its uid: %w", err)
 	}
 
 	if in.isEmpty() {
@@ -99,8 +105,8 @@ func (c *Controller) RuleUpdate(ctx context.Context,
 		return r, nil
 	}
 
-	if in.UID != "" {
+	if in.Identifier != nil {
-		r.UID = in.UID
+		r.Identifier = *in.Identifier
 	}
 	if in.State != nil {
 		r.State = *in.State

app/api/controller/repo/wire.go

@@ -28,7 +28,6 @@ import (
 	"github.com/harness/gitness/lock"
 	"github.com/harness/gitness/store/database/dbtx"
 	"github.com/harness/gitness/types"
-	"github.com/harness/gitness/types/check"
 
 	"github.com/google/wire"
 )
@@ -42,7 +41,6 @@ func ProvideController(
 	config *types.Config,
 	tx dbtx.Transactor,
 	urlProvider url.Provider,
-	uidCheck check.PathUID,
 	authorizer authz.Authorizer,
 	repoStore store.RepoStore,
 	spaceStore store.SpaceStore,
@@ -60,7 +58,7 @@ func ProvideController(
 	mtxManager lock.MutexManager,
 ) *Controller {
 	return NewController(config, tx, urlProvider,
-		uidCheck, authorizer, repoStore,
+		authorizer, repoStore,
 		spaceStore, pipelineStore,
 		principalStore, ruleStore, principalInfoCache, protectionManager,
 		rpcClient, importer, codeOwners, reporeporter, indexer, limiter, mtxManager)

app/api/controller/secret/controller.go

@@ -18,11 +18,9 @@ import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
 	"github.com/harness/gitness/encrypt"
-	"github.com/harness/gitness/types/check"
 )
 
 type Controller struct {
-	uidCheck    check.PathUID
 	encrypter   encrypt.Encrypter
 	secretStore store.SecretStore
 	authorizer  authz.Authorizer
@@ -30,14 +28,12 @@ type Controller struct {
 }
 
 func NewController(
-	uidCheck check.PathUID,
 	authorizer authz.Authorizer,
 	encrypter encrypt.Encrypter,
 	secretStore store.SecretStore,
 	spaceStore store.SpaceStore,
 ) *Controller {
 	return &Controller{
-		uidCheck:    uidCheck,
 		encrypter:   encrypter,
 		secretStore: secretStore,
 		authorizer:  authorizer,

app/api/controller/secret/create.go

@@ -39,25 +39,27 @@ var (
 type CreateInput struct {
 	Description string `json:"description"`
 	SpaceRef    string `json:"space_ref"` // Ref of the parent space
-	UID         string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Data        string `json:"data"`
+	UID        string `json:"uid" deprecated:"true"`
+	Identifier string `json:"identifier"`
+	Data       string `json:"data"`
 }
 
 func (c *Controller) Create(ctx context.Context, session *auth.Session, in *CreateInput) (*types.Secret, error) {
+	if err := c.sanitizeCreateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	parentSpace, err := c.spaceStore.FindByRef(ctx, in.SpaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find parent by ref: %w", err)
 	}
 
-	err = apiauth.CheckSecret(ctx, c.authorizer, session, parentSpace.Path, in.UID, enum.PermissionSecretEdit)
+	err = apiauth.CheckSecret(ctx, c.authorizer, session, parentSpace.Path, in.Identifier, enum.PermissionSecretEdit)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := c.sanitizeCreateInput(in); err != nil {
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
 	var secret *types.Secret
 	now := time.Now().UnixMilli()
 	secret = &types.Secret{
@@ -65,7 +67,7 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 		Description: in.Description,
 		Data:        in.Data,
 		SpaceID:     parentSpace.ID,
-		UID:         in.UID,
+		Identifier:  in.Identifier,
 		Created:     now,
 		Updated:     now,
 		Version:     0,
@@ -83,13 +85,18 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 }
 
 func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	parentRefAsID, err := strconv.ParseInt(in.SpaceRef, 10, 64)
 
 	if (err == nil && parentRefAsID <= 0) || (len(strings.TrimSpace(in.SpaceRef)) == 0) {
 		return errSecretRequiresParent
 	}
 
-	if err := c.uidCheck(in.UID, false); err != nil {
+	if err := check.Identifier(in.Identifier); err != nil {
 		return err
 	}
 

app/api/controller/secret/delete.go

@@ -23,17 +23,18 @@ import (
 	"github.com/harness/gitness/types/enum"
 )
 
-func (c *Controller) Delete(ctx context.Context, session *auth.Session, spaceRef string, uid string) error {
+func (c *Controller) Delete(ctx context.Context, session *auth.Session, spaceRef string, identifier string) error {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return fmt.Errorf("failed to find space: %w", err)
 	}
 
-	err = apiauth.CheckSecret(ctx, c.authorizer, session, space.Path, uid, enum.PermissionSecretDelete)
+	err = apiauth.CheckSecret(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionSecretDelete)
 	if err != nil {
 		return fmt.Errorf("failed to authorize: %w", err)
 	}
-	err = c.secretStore.DeleteByUID(ctx, space.ID, uid)
+
+	err = c.secretStore.DeleteByIdentifier(ctx, space.ID, identifier)
 	if err != nil {
 		return fmt.Errorf("could not delete secret: %w", err)
 	}

app/api/controller/secret/find.go

@@ -28,17 +28,17 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 ) (*types.Secret, error) {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find space: %w", err)
 	}
-	err = apiauth.CheckSecret(ctx, c.authorizer, session, space.Path, uid, enum.PermissionSecretView)
+	err = apiauth.CheckSecret(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionSecretView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
-	secret, err := c.secretStore.FindByUID(ctx, space.ID, uid)
+	secret, err := c.secretStore.FindByIdentifier(ctx, space.ID, identifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find secret: %w", err)
 	}

app/api/controller/secret/update.go

@@ -28,7 +28,9 @@ import (
 
 // UpdateInput is used for updating a repo.
 type UpdateInput struct {
-	UID         *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         *string `json:"uid" deprecated:"true"`
+	Identifier  *string `json:"identifier"`
 	Description *string `json:"description"`
 	Data        *string `json:"data"`
 }
@@ -37,31 +39,31 @@ func (c *Controller) Update(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 	in *UpdateInput,
 ) (*types.Secret, error) {
+	if err := c.sanitizeUpdateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find space: %w", err)
 	}
 
-	err = apiauth.CheckSecret(ctx, c.authorizer, session, space.Path, uid, enum.PermissionSecretEdit)
+	err = apiauth.CheckSecret(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionSecretEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	if err = c.sanitizeUpdateInput(in); err != nil {
+	secret, err := c.secretStore.FindByIdentifier(ctx, space.ID, identifier)
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
-	secret, err := c.secretStore.FindByUID(ctx, space.ID, uid)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find secret: %w", err)
 	}
 
 	return c.secretStore.UpdateOptLock(ctx, secret, func(original *types.Secret) error {
-		if in.UID != nil {
+		if in.Identifier != nil {
-			original.UID = *in.UID
+			original.Identifier = *in.Identifier
 		}
 		if in.Description != nil {
 			original.Description = *in.Description
@@ -79,8 +81,13 @@ func (c *Controller) Update(
 }
 
 func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := c.uidCheck(*in.UID, false); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/controller/secret/wire.go

@@ -18,7 +18,6 @@ import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
 	"github.com/harness/gitness/encrypt"
-	"github.com/harness/gitness/types/check"
 
 	"github.com/google/wire"
 )
@@ -29,11 +28,10 @@ var WireSet = wire.NewSet(
 )
 
 func ProvideController(
-	uidCheck check.PathUID,
 	encrypter encrypt.Encrypter,
 	secretStore store.SecretStore,
 	authorizer authz.Authorizer,
 	spaceStore store.SpaceStore,
 ) *Controller {
-	return NewController(uidCheck, authorizer, encrypter, secretStore, spaceStore)
+	return NewController(authorizer, encrypter, secretStore, spaceStore)
 }

app/api/controller/serviceaccount/create_token.go

@@ -16,6 +16,7 @@ package serviceaccount
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	apiauth "github.com/harness/gitness/app/api/auth"
@@ -27,8 +28,10 @@ import (
 )
 
 type CreateTokenInput struct {
-	UID      string         `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Lifetime *time.Duration `json:"lifetime"`
+	UID        string         `json:"uid" deprecated:"true"`
+	Identifier string         `json:"identifier"`
+	Lifetime   *time.Duration `json:"lifetime"`
 }
 
 // CreateToken creates a new service account access token.
@@ -38,15 +41,12 @@ func (c *Controller) CreateToken(
 	saUID string,
 	in *CreateTokenInput,
 ) (*types.TokenResponse, error) {
-	sa, err := findServiceAccountFromUID(ctx, c.principalStore, saUID)
+	if err := c.sanitizeCreateTokenInput(in); err != nil {
-	if err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-		return nil, err
 	}
 
-	if err = check.UID(in.UID); err != nil {
+	sa, err := findServiceAccountFromUID(ctx, c.principalStore, saUID)
-		return nil, err
+	if err != nil {
-	}
-	if err = check.TokenLifetime(in.Lifetime, true); err != nil {
 		return nil, err
 	}
 
@@ -55,12 +55,13 @@ func (c *Controller) CreateToken(
 		sa.ParentType, sa.ParentID, sa.UID, enum.PermissionServiceAccountEdit); err != nil {
 		return nil, err
 	}
+
 	token, jwtToken, err := token.CreateSAT(
 		ctx,
 		c.tokenStore,
 		&session.Principal,
 		sa,
-		in.UID,
+		in.Identifier,
 		in.Lifetime,
 	)
 	if err != nil {
@@ -69,3 +70,21 @@ func (c *Controller) CreateToken(
 
 	return &types.TokenResponse{Token: *token, AccessToken: jwtToken}, nil
 }
+
+func (c *Controller) sanitizeCreateTokenInput(in *CreateTokenInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
+	if err := check.Identifier(in.Identifier); err != nil {
+		return err
+	}
+
+	//nolint:revive
+	if err := check.TokenLifetime(in.Lifetime, true); err != nil {
+		return err
+	}
+
+	return nil
+}

app/api/controller/serviceaccount/delete_token.go

@@ -26,8 +26,12 @@ import (
 )
 
 // DeleteToken deletes a token of a service account.
-func (c *Controller) DeleteToken(ctx context.Context, session *auth.Session,
+func (c *Controller) DeleteToken(
-	saUID string, tokenUID string) error {
+	ctx context.Context,
+	session *auth.Session,
+	saUID string,
+	identifier string,
+) error {
 	sa, err := findServiceAccountFromUID(ctx, c.principalStore, saUID)
 	if err != nil {
 		return err
@@ -39,7 +43,7 @@ func (c *Controller) DeleteToken(ctx context.Context, session *auth.Session,
 		return err
 	}
 
-	token, err := c.tokenStore.FindByUID(ctx, sa.ID, tokenUID)
+	token, err := c.tokenStore.FindByIdentifier(ctx, sa.ID, identifier)
 	if err != nil {
 		return err
 	}

app/api/controller/space/controller.go

@@ -42,7 +42,7 @@ type Controller struct {
 	tx              dbtx.Transactor
 	urlProvider     url.Provider
 	sseStreamer     sse.Streamer
-	uidCheck        check.PathUID
+	identifierCheck check.SpaceIdentifier
 	authorizer      authz.Authorizer
 	spacePathStore  store.SpacePathStore
 	pipelineStore   store.PipelineStore
@@ -60,7 +60,7 @@ type Controller struct {
 }
 
 func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Provider,
-	sseStreamer sse.Streamer, uidCheck check.PathUID, authorizer authz.Authorizer,
+	sseStreamer sse.Streamer, identifierCheck check.SpaceIdentifier, authorizer authz.Authorizer,
 	spacePathStore store.SpacePathStore, pipelineStore store.PipelineStore, secretStore store.SecretStore,
 	connectorStore store.ConnectorStore, templateStore store.TemplateStore, spaceStore store.SpaceStore,
 	repoStore store.RepoStore, principalStore store.PrincipalStore, repoCtrl *repo.Controller,
@@ -73,7 +73,7 @@ func NewController(config *types.Config, tx dbtx.Transactor, urlProvider url.Pro
 		tx:                            tx,
 		urlProvider:                   urlProvider,
 		sseStreamer:                   sseStreamer,
-		uidCheck:                      uidCheck,
+		identifierCheck:               identifierCheck,
 		authorizer:                    authorizer,
 		spacePathStore:                spacePathStore,
 		pipelineStore:                 pipelineStore,

app/api/controller/space/create.go

@@ -37,8 +37,10 @@ var (
 )
 
 type CreateInput struct {
-	ParentRef   string `json:"parent_ref"`
+	ParentRef string `json:"parent_ref"`
-	UID         string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         string `json:"uid" deprecated:"true"`
+	Identifier  string `json:"identifier"`
 	Description string `json:"description"`
 	IsPublic    bool   `json:"is_public"`
 }
@@ -51,14 +53,15 @@ func (c *Controller) Create(
 	session *auth.Session,
 	in *CreateInput,
 ) (*types.Space, error) {
+	if err := c.sanitizeCreateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	parentSpace, err := c.getSpaceCheckAuthSpaceCreation(ctx, session, in.ParentRef)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := c.sanitizeCreateInput(in); err != nil {
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
 	var space *types.Space
 	err = c.tx.WithTx(ctx, func(ctx context.Context) error {
 		space, err = c.createSpaceInnerInTX(ctx, session, parentSpace.ID, in)
@@ -77,14 +80,14 @@ func (c *Controller) createSpaceInnerInTX(
 	parentID int64,
 	in *CreateInput,
 ) (*types.Space, error) {
-	spacePath := in.UID
+	spacePath := in.Identifier
 	if parentID > 0 {
 		// (re-)read parent path in transaction to ensure correctness
 		parentPath, err := c.spacePathStore.FindPrimaryBySpaceID(ctx, parentID)
 		if err != nil {
 			return nil, fmt.Errorf("failed to find primary path for parent '%d': %w", parentID, err)
 		}
-		spacePath = paths.Concatinate(parentPath.Value, in.UID)
+		spacePath = paths.Concatinate(parentPath.Value, in.Identifier)
 
 		// ensure path is within accepted depth!
 		err = check.PathDepth(spacePath, true)
@@ -97,7 +100,7 @@ func (c *Controller) createSpaceInnerInTX(
 	space := &types.Space{
 		Version:     0,
 		ParentID:    parentID,
-		UID:         in.UID,
+		Identifier:  in.Identifier,
 		Description: in.Description,
 		IsPublic:    in.IsPublic,
 		Path:        spacePath,
@@ -111,13 +114,13 @@ func (c *Controller) createSpaceInnerInTX(
 	}
 
 	pathSegment := &types.SpacePathSegment{
-		UID:       space.UID,
+		Identifier: space.Identifier,
-		IsPrimary: true,
+		IsPrimary:  true,
-		SpaceID:   space.ID,
+		SpaceID:    space.ID,
-		ParentID:  parentID,
+		ParentID:   parentID,
-		CreatedBy: space.CreatedBy,
+		CreatedBy:  space.CreatedBy,
-		Created:   now,
+		Created:    now,
-		Updated:   now,
+		Updated:    now,
 	}
 	err = c.spacePathStore.InsertSegment(ctx, pathSegment)
 	if err != nil {
@@ -170,8 +173,8 @@ func (c *Controller) getSpaceCheckAuthSpaceCreation(
 	// create is a special case - check permission without specific resource
 	scope := &types.Scope{SpacePath: parentSpace.Path}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeSpace,
+		Type:       enum.ResourceTypeSpace,
-		Name: "",
+		Identifier: "",
 	}
 	if err = apiauth.Check(ctx, c.authorizer, session, scope, resource, enum.PermissionSpaceCreate); err != nil {
 		return nil, fmt.Errorf("authorization failed: %w", err)
@@ -181,6 +184,11 @@ func (c *Controller) getSpaceCheckAuthSpaceCreation(
 }
 
 func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	if len(in.ParentRef) > 0 && !c.nestedSpacesEnabled {
 		// TODO (Nested Spaces): Remove once support is added
 		return errNestedSpacesNotSupported
@@ -200,7 +208,7 @@ func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
 		isRoot = true
 	}
 
-	if err := c.uidCheck(in.UID, isRoot); err != nil {
+	if err := c.identifierCheck(in.Identifier, isRoot); err != nil {
 		return err
 	}
 

app/api/controller/space/import.go

@@ -43,8 +43,8 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 		return nil, err
 	}
 
-	if in.UID == "" {
+	if in.Identifier == "" && in.UID == "" {
-		in.UID = in.ProviderSpace
+		in.Identifier = in.ProviderSpace
 	}
 
 	err = c.sanitizeImportInput(in)
@@ -80,7 +80,7 @@ func (c *Controller) Import(ctx context.Context, session *auth.Session, in *Impo
 		for i, remoteRepository := range remoteRepositories {
 			repo := remoteRepository.ToRepo(
 				space.ID,
-				remoteRepository.UID,
+				remoteRepository.Identifier,
 				"",
 				&session.Principal,
 				c.publicResourceCreationEnabled,

app/api/controller/space/import_repositories.go

@@ -55,8 +55,8 @@ func (c *Controller) getSpaceCheckAuthRepoCreation(
 	// create is a special case - check permission without specific resource
 	scope := &types.Scope{SpacePath: space.Path}
 	resource := &types.Resource{
-		Type: enum.ResourceTypeRepo,
+		Type:       enum.ResourceTypeRepo,
-		Name: "",
+		Identifier: "",
 	}
 
 	err = apiauth.Check(ctx, c.authorizer, session, scope, resource, enum.PermissionRepoEdit)
@@ -104,7 +104,7 @@ func (c *Controller) ImportRepositories(
 		for _, remoteRepository := range remoteRepositories {
 			repo := remoteRepository.ToRepo(
 				space.ID,
-				remoteRepository.UID,
+				remoteRepository.Identifier,
 				"",
 				&session.Principal,
 				c.publicResourceCreationEnabled,

app/api/controller/space/move.go

@@ -27,18 +27,20 @@ import (
 
 // MoveInput is used for moving a space.
 type MoveInput struct {
-	UID *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID        *string `json:"uid" deprecated:"true"`
+	Identifier *string `json:"identifier"`
 }
 
 func (i *MoveInput) hasChanges(space *types.Space) bool {
-	if i.UID != nil && *i.UID != space.UID {
+	if i.Identifier != nil && *i.Identifier != space.Identifier {
 		return true
 	}
 
 	return false
 }
 
-// Move moves a space to a new UID.
+// Move moves a space to a new identifier.
 // TODO: Add support for moving to other parents and alias.
 //
 //nolint:gocognit // refactor if needed
@@ -70,7 +72,7 @@ func (c *Controller) Move(
 		ctx,
 		session,
 		space,
-		in.UID,
+		in.Identifier,
 	); err != nil {
 		return nil, err
 	}
@@ -79,8 +81,12 @@ func (c *Controller) Move(
 }
 
 func (c *Controller) sanitizeMoveInput(in *MoveInput, isRoot bool) error {
-	if in.UID != nil {
+	if in.Identifier == nil {
-		if err := c.uidCheck(*in.UID, isRoot); err != nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := c.identifierCheck(*in.Identifier, isRoot); err != nil {
 			return err
 		}
 	}
@@ -92,7 +98,7 @@ func (c *Controller) moveInner(
 	ctx context.Context,
 	session *auth.Session,
 	space *types.Space,
-	inUID *string,
+	inIdentifier *string,
 ) error {
 	return c.tx.WithTx(ctx, func(ctx context.Context) error {
 		// delete old primary segment
@@ -102,20 +108,20 @@ func (c *Controller) moveInner(
 		}
 
 		// update space with move inputs
-		if inUID != nil {
+		if inIdentifier != nil {
-			space.UID = *inUID
+			space.Identifier = *inIdentifier
 		}
 
 		// add new primary segment using updated space data
 		now := time.Now().UnixMilli()
 		newPrimarySegment := &types.SpacePathSegment{
-			ParentID:  space.ParentID,
+			ParentID:   space.ParentID,
-			UID:       space.UID,
+			Identifier: space.Identifier,
-			SpaceID:   space.ID,
+			SpaceID:    space.ID,
-			IsPrimary: true,
+			IsPrimary:  true,
-			CreatedBy: session.Principal.ID,
+			CreatedBy:  session.Principal.ID,
-			Created:   now,
+			Created:    now,
-			Updated:   now,
+			Updated:    now,
 		}
 		err = c.spacePathStore.InsertSegment(ctx, newPrimarySegment)
 		if err != nil {

app/api/controller/space/wire.go

@@ -36,14 +36,14 @@ var WireSet = wire.NewSet(
 )
 
 func ProvideController(config *types.Config, tx dbtx.Transactor, urlProvider url.Provider, sseStreamer sse.Streamer,
-	uidCheck check.PathUID, authorizer authz.Authorizer, spacePathStore store.SpacePathStore,
+	identifierCheck check.SpaceIdentifier, authorizer authz.Authorizer, spacePathStore store.SpacePathStore,
 	pipelineStore store.PipelineStore, secretStore store.SecretStore,
 	connectorStore store.ConnectorStore, templateStore store.TemplateStore,
 	spaceStore store.SpaceStore, repoStore store.RepoStore, principalStore store.PrincipalStore,
 	repoCtrl *repo.Controller, membershipStore store.MembershipStore, importer *importer.Repository,
 	exporter *exporter.Repository, limiter limiter.ResourceLimiter,
 ) *Controller {
-	return NewController(config, tx, urlProvider, sseStreamer, uidCheck, authorizer,
+	return NewController(config, tx, urlProvider, sseStreamer, identifierCheck, authorizer,
 		spacePathStore, pipelineStore, secretStore,
 		connectorStore, templateStore,
 		spaceStore, repoStore, principalStore,

app/api/controller/template/controller.go

@@ -17,24 +17,20 @@ package template
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 )
 
 type Controller struct {
-	uidCheck      check.PathUID
 	templateStore store.TemplateStore
 	authorizer    authz.Authorizer
 	spaceStore    store.SpaceStore
 }
 
 func NewController(
-	uidCheck check.PathUID,
 	authorizer authz.Authorizer,
 	templateStore store.TemplateStore,
 	spaceStore store.SpaceStore,
 ) *Controller {
 	return &Controller{
-		uidCheck:      uidCheck,
 		templateStore: templateStore,
 		authorizer:    authorizer,
 		spaceStore:    spaceStore,

app/api/controller/template/create.go

@@ -38,8 +38,10 @@ var (
 type CreateInput struct {
 	Description string `json:"description"`
 	SpaceRef    string `json:"space_ref"` // Ref of the parent space
-	UID         string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Data        string `json:"data"`
+	UID        string `json:"uid" deprecated:"true"`
+	Identifier string `json:"identifier"`
+	Data       string `json:"data"`
 }
 
 func (c *Controller) Create(ctx context.Context, session *auth.Session, in *CreateInput) (*types.Template, error) {
@@ -52,7 +54,7 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 		return nil, fmt.Errorf("failed to find parent by ref: %w", err)
 	}
 
-	err = apiauth.CheckTemplate(ctx, c.authorizer, session, parentSpace.Path, in.UID, enum.PermissionTemplateEdit)
+	err = apiauth.CheckTemplate(ctx, c.authorizer, session, parentSpace.Path, in.Identifier, enum.PermissionTemplateEdit)
 	if err != nil {
 		return nil, err
 	}
@@ -67,7 +69,7 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 		Description: in.Description,
 		Data:        in.Data,
 		SpaceID:     parentSpace.ID,
-		UID:         in.UID,
+		Identifier:  in.Identifier,
 		Type:        resolverType,
 		Created:     now,
 		Updated:     now,
@@ -82,13 +84,18 @@ func (c *Controller) Create(ctx context.Context, session *auth.Session, in *Crea
 }
 
 func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	parentRefAsID, err := strconv.ParseInt(in.SpaceRef, 10, 64)
 
 	if (err == nil && parentRefAsID <= 0) || (len(strings.TrimSpace(in.SpaceRef)) == 0) {
 		return errTemplateRequiresParent
 	}
 
-	if err := c.uidCheck(in.UID, false); err != nil {
+	if err := check.Identifier(in.Identifier); err != nil {
 		return err
 	}
 

app/api/controller/template/delete.go

@@ -27,7 +27,7 @@ func (c *Controller) Delete(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 	resolverType enum.ResolverType,
 ) error {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
@@ -35,11 +35,11 @@ func (c *Controller) Delete(
 		return fmt.Errorf("failed to find space: %w", err)
 	}
 
-	err = apiauth.CheckTemplate(ctx, c.authorizer, session, space.Path, uid, enum.PermissionTemplateDelete)
+	err = apiauth.CheckTemplate(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionTemplateDelete)
 	if err != nil {
 		return fmt.Errorf("failed to authorize: %w", err)
 	}
-	err = c.templateStore.DeleteByUIDAndType(ctx, space.ID, uid, resolverType)
+	err = c.templateStore.DeleteByIdentifierAndType(ctx, space.ID, identifier, resolverType)
 	if err != nil {
 		return fmt.Errorf("could not delete template: %w", err)
 	}

app/api/controller/template/find.go

@@ -28,18 +28,18 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 	resolverType enum.ResolverType,
 ) (*types.Template, error) {
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find space: %w", err)
 	}
-	err = apiauth.CheckTemplate(ctx, c.authorizer, session, space.Path, uid, enum.PermissionTemplateView)
+	err = apiauth.CheckTemplate(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionTemplateView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
-	template, err := c.templateStore.FindByUIDAndType(ctx, space.ID, uid, resolverType)
+	template, err := c.templateStore.FindByIdentifierAndType(ctx, space.ID, identifier, resolverType)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find template: %w", err)
 	}

app/api/controller/template/update.go

@@ -28,7 +28,9 @@ import (
 
 // UpdateInput is used for updating a template.
 type UpdateInput struct {
-	UID         *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
+	UID         *string `json:"uid" deprecated:"true"`
+	Identifier  *string `json:"identifier"`
 	Description *string `json:"description"`
 	Data        *string `json:"data"`
 }
@@ -37,32 +39,32 @@ func (c *Controller) Update(
 	ctx context.Context,
 	session *auth.Session,
 	spaceRef string,
-	uid string,
+	identifier string,
 	resolverType enum.ResolverType,
 	in *UpdateInput,
 ) (*types.Template, error) {
+	if err := c.sanitizeUpdateInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	space, err := c.spaceStore.FindByRef(ctx, spaceRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find space: %w", err)
 	}
 
-	err = apiauth.CheckTemplate(ctx, c.authorizer, session, space.Path, uid, enum.PermissionTemplateEdit)
+	err = apiauth.CheckTemplate(ctx, c.authorizer, session, space.Path, identifier, enum.PermissionTemplateEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize: %w", err)
 	}
 
-	if err = c.sanitizeUpdateInput(in); err != nil {
+	template, err := c.templateStore.FindByIdentifierAndType(ctx, space.ID, identifier, resolverType)
-		return nil, fmt.Errorf("failed to sanitize input: %w", err)
-	}
-
-	template, err := c.templateStore.FindByUIDAndType(ctx, space.ID, uid, resolverType)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find template: %w", err)
 	}
 
 	return c.templateStore.UpdateOptLock(ctx, template, func(original *types.Template) error {
-		if in.UID != nil {
+		if in.Identifier != nil {
-			original.UID = *in.UID
+			original.Identifier = *in.Identifier
 		}
 		if in.Description != nil {
 			original.Description = *in.Description
@@ -79,8 +81,13 @@ func (c *Controller) Update(
 }
 
 func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := c.uidCheck(*in.UID, false); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/controller/template/wire.go

@@ -17,7 +17,6 @@ package template
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 
 	"github.com/google/wire"
 )
@@ -28,10 +27,9 @@ var WireSet = wire.NewSet(
 )
 
 func ProvideController(
-	uidCheck check.PathUID,
 	templateStore store.TemplateStore,
 	authorizer authz.Authorizer,
 	spaceStore store.SpaceStore,
 ) *Controller {
-	return NewController(uidCheck, authorizer, templateStore, spaceStore)
+	return NewController(authorizer, templateStore, spaceStore)
 }

app/api/controller/trigger/controller.go

@@ -17,13 +17,11 @@ package trigger
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 )
 
 type Controller struct {
 	authorizer    authz.Authorizer
 	triggerStore  store.TriggerStore
-	uidCheck      check.PathUID
 	pipelineStore store.PipelineStore
 	repoStore     store.RepoStore
 }
@@ -31,14 +29,12 @@ type Controller struct {
 func NewController(
 	authorizer authz.Authorizer,
 	triggerStore store.TriggerStore,
-	uidCheck check.PathUID,
 	pipelineStore store.PipelineStore,
 	repoStore store.RepoStore,
 ) *Controller {
 	return &Controller{
 		authorizer:    authorizer,
 		triggerStore:  triggerStore,
-		uidCheck:      uidCheck,
 		pipelineStore: pipelineStore,
 		repoStore:     repoStore,
 	}

app/api/controller/trigger/create.go

@@ -28,37 +28,38 @@ import (
 
 // TODO: Add more as needed.
 type CreateInput struct {
-	Description string               `json:"description"`
+	Description string `json:"description"`
-	UID         string               `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Secret      string               `json:"secret"`
+	UID        string               `json:"uid" deprecated:"true"`
-	Disabled    bool                 `json:"disabled"`
+	Identifier string               `json:"identifier"`
-	Actions     []enum.TriggerAction `json:"actions"`
+	Secret     string               `json:"secret"`
+	Disabled   bool                 `json:"disabled"`
+	Actions    []enum.TriggerAction `json:"actions"`
 }
 
 func (c *Controller) Create(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	in *CreateInput,
 ) (*types.Trigger, error) {
+	if err := c.sanitizeCreateInput(in); err != nil {
+		return nil, fmt.Errorf("invalid input: %w", err)
+	}
+
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
 	// Trigger permissions are associated with pipeline permissions. If a user has permissions
 	// to edit the pipeline, they will have permissions to create a trigger as well.
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineEdit)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	err = c.checkCreateInput(in)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
-	if err != nil {
-		return nil, fmt.Errorf("invalid input: %w", err)
-	}
-
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}
@@ -71,7 +72,7 @@ func (c *Controller) Create(
 		CreatedBy:   session.Principal.ID,
 		RepoID:      repo.ID,
 		Actions:     deduplicateActions(in.Actions),
-		UID:         in.UID,
+		Identifier:  in.Identifier,
 		PipelineID:  pipeline.ID,
 		Created:     now,
 		Updated:     now,
@@ -85,7 +86,12 @@ func (c *Controller) Create(
 	return trigger, nil
 }
 
-func (c *Controller) checkCreateInput(in *CreateInput) error {
+func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
 	if err := check.Description(in.Description); err != nil {
 		return err
 	}
@@ -95,7 +101,7 @@ func (c *Controller) checkCreateInput(in *CreateInput) error {
 	if err := checkActions(in.Actions); err != nil {
 		return err
 	}
-	if err := c.uidCheck(in.UID, false); err != nil { //nolint:revive
+	if err := check.Identifier(in.Identifier); err != nil { //nolint:revive
 		return err
 	}
 

app/api/controller/trigger/delete.go

@@ -27,8 +27,8 @@ func (c *Controller) Delete(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
-	triggerUID string,
+	triggerIdentifier string,
 ) error {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
@@ -36,17 +36,17 @@ func (c *Controller) Delete(
 	}
 	// Trigger permissions are associated with pipeline permissions. If a user has permissions
 	// to edit the pipeline, they will have permissions to remove a trigger as well.
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineEdit)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineEdit)
 	if err != nil {
 		return fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return fmt.Errorf("failed to find pipeline: %w", err)
 	}
 
-	err = c.triggerStore.DeleteByUID(ctx, pipeline.ID, triggerUID)
+	err = c.triggerStore.DeleteByIdentifier(ctx, pipeline.ID, triggerIdentifier)
 	if err != nil {
 		return fmt.Errorf("could not delete trigger: %w", err)
 	}

app/api/controller/trigger/find.go

@@ -28,26 +28,26 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
-	triggerUID string,
+	triggerIdentifier string,
 ) (*types.Trigger, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}
 
-	trigger, err := c.triggerStore.FindByUID(ctx, pipeline.ID, triggerUID)
+	trigger, err := c.triggerStore.FindByIdentifier(ctx, pipeline.ID, triggerIdentifier)
 	if err != nil {
-		return nil, fmt.Errorf("failed to find trigger %s: %w", triggerUID, err)
+		return nil, fmt.Errorf("failed to find trigger %s: %w", triggerIdentifier, err)
 	}
 
 	return trigger, nil

app/api/controller/trigger/list.go

@@ -28,7 +28,7 @@ func (c *Controller) List(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
 	filter types.ListQueryFilter,
 ) ([]*types.Trigger, int64, error) {
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
@@ -37,12 +37,12 @@ func (c *Controller) List(
 	}
 	// Trigger permissions are associated with pipeline permissions. If a user has permissions
 	// to view the pipeline, they will have permissions to list triggers as well.
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineView)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineView)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
 	if err != nil {
 		return nil, 0, fmt.Errorf("failed to find pipeline: %w", err)
 	}

app/api/controller/trigger/update.go

@@ -28,50 +28,52 @@ import (
 
 // UpdateInput is used for updating a trigger.
 type UpdateInput struct {
-	Description *string              `json:"description"`
+	Description *string `json:"description"`
-	UID         *string              `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Actions     []enum.TriggerAction `json:"actions"`
+	UID        *string              `json:"uid" deprecated:"true"`
-	Secret      *string              `json:"secret"`
+	Identifier *string              `json:"identifier"`
-	Disabled    *bool                `json:"disabled"` // can be nil, so keeping it a pointer
+	Actions    []enum.TriggerAction `json:"actions"`
+	Secret     *string              `json:"secret"`
+	Disabled   *bool                `json:"disabled"` // can be nil, so keeping it a pointer
 }
 
 func (c *Controller) Update(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	pipelineUID string,
+	pipelineIdentifier string,
-	triggerUID string,
+	triggerIdentifier string,
-	in *UpdateInput) (*types.Trigger, error) {
+	in *UpdateInput,
+) (*types.Trigger, error) {
+	if err := c.sanitizeUpdateInput(in); err != nil {
+		return nil, fmt.Errorf("invalid input: %w", err)
+	}
+
 	repo, err := c.repoStore.FindByRef(ctx, repoRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find repo by ref: %w", err)
 	}
 	// Trigger permissions are associated with pipeline permissions. If a user has permissions
 	// to edit the pipeline, they will have permissions to edit the trigger as well.
-	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineUID, enum.PermissionPipelineEdit)
+	err = apiauth.CheckPipeline(ctx, c.authorizer, session, repo.Path, pipelineIdentifier, enum.PermissionPipelineEdit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to authorize pipeline: %w", err)
 	}
 
-	err = c.checkUpdateInput(in)
+	pipeline, err := c.pipelineStore.FindByIdentifier(ctx, repo.ID, pipelineIdentifier)
-	if err != nil {
-		return nil, fmt.Errorf("invalid input: %w", err)
-	}
-
-	pipeline, err := c.pipelineStore.FindByUID(ctx, repo.ID, pipelineUID)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find pipeline: %w", err)
 	}
 
-	trigger, err := c.triggerStore.FindByUID(ctx, pipeline.ID, triggerUID)
+	trigger, err := c.triggerStore.FindByIdentifier(ctx, pipeline.ID, triggerIdentifier)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find trigger: %w", err)
 	}
 
 	return c.triggerStore.UpdateOptLock(ctx,
 		trigger, func(original *types.Trigger) error {
-			if in.UID != nil {
+			if in.Identifier != nil {
-				original.UID = *in.UID
+				original.Identifier = *in.Identifier
 			}
 			if in.Description != nil {
 				original.Description = *in.Description
@@ -90,9 +92,14 @@ func (c *Controller) Update(
 		})
 }
 
-func (c *Controller) checkUpdateInput(in *UpdateInput) error {
+func (c *Controller) sanitizeUpdateInput(in *UpdateInput) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := c.uidCheck(*in.UID, false); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/controller/trigger/wire.go

@@ -17,7 +17,6 @@ package trigger
 import (
 	"github.com/harness/gitness/app/auth/authz"
 	"github.com/harness/gitness/app/store"
-	"github.com/harness/gitness/types/check"
 
 	"github.com/google/wire"
 )
@@ -30,9 +29,8 @@ var WireSet = wire.NewSet(
 func ProvideController(
 	authorizer authz.Authorizer,
 	triggerStore store.TriggerStore,
-	uidCheck check.PathUID,
 	pipelineStore store.PipelineStore,
 	repoStore store.RepoStore,
 ) *Controller {
-	return NewController(authorizer, triggerStore, uidCheck, pipelineStore, repoStore)
+	return NewController(authorizer, triggerStore, pipelineStore, repoStore)
 }

app/api/controller/upload/upload.go

@@ -57,8 +57,8 @@ func (c *Controller) Upload(ctx context.Context,
 		return nil, fmt.Errorf("failed to determine file type: %w", err)
 	}
 
-	uid := uuid.New().String()
+	identifier := uuid.New().String()
-	fileName := fmt.Sprintf(fileNameFmt, uid, extn)
+	fileName := fmt.Sprintf(fileNameFmt, identifier, extn)
 
 	fileBucketPath := getFileBucketPath(repo.ID, fileName)
 	err = c.blobStore.Upload(ctx, bufReader, fileBucketPath)

app/api/controller/user/create.go

@@ -117,7 +117,8 @@ func (c *Controller) sanitizeCreateInput(in *CreateInput) error {
 		return err
 	}
 
-	if err := check.Password(in.Password); err != nil { //nolint:revive
+	//nolint:revive
+	if err := check.Password(in.Password); err != nil {
 		return err
 	}
 

app/api/controller/user/create_access_token.go

@@ -16,6 +16,7 @@ package user
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	apiauth "github.com/harness/gitness/app/api/auth"
@@ -27,8 +28,10 @@ import (
 )
 
 type CreateTokenInput struct {
-	UID      string         `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	Lifetime *time.Duration `json:"lifetime"`
+	UID        string         `json:"uid" deprecated:"true"`
+	Identifier string         `json:"identifier"`
+	Lifetime   *time.Duration `json:"lifetime"`
 }
 
 /*
@@ -40,6 +43,10 @@ func (c *Controller) CreateAccessToken(
 	userUID string,
 	in *CreateTokenInput,
 ) (*types.TokenResponse, error) {
+	if err := c.sanitizeCreateTokenInput(in); err != nil {
+		return nil, fmt.Errorf("failed to sanitize input: %w", err)
+	}
+
 	user, err := findUserFromUID(ctx, c.principalStore, userUID)
 	if err != nil {
 		return nil, err
@@ -50,19 +57,12 @@ func (c *Controller) CreateAccessToken(
 		return nil, err
 	}
 
-	if err = check.UID(in.UID); err != nil {
-		return nil, err
-	}
-	if err = check.TokenLifetime(in.Lifetime, true); err != nil {
-		return nil, err
-	}
-
 	token, jwtToken, err := token.CreatePAT(
 		ctx,
 		c.tokenStore,
 		&session.Principal,
 		user,
-		in.UID,
+		in.Identifier,
 		in.Lifetime,
 	)
 	if err != nil {
@@ -71,3 +71,21 @@ func (c *Controller) CreateAccessToken(
 
 	return &types.TokenResponse{Token: *token, AccessToken: jwtToken}, nil
 }
+
+func (c *Controller) sanitizeCreateTokenInput(in *CreateTokenInput) error {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
+	if err := check.Identifier(in.Identifier); err != nil {
+		return err
+	}
+
+	//nolint:revive
+	if err := check.TokenLifetime(in.Lifetime, true); err != nil {
+		return err
+	}
+
+	return nil
+}

app/api/controller/user/delete_token.go

@@ -28,8 +28,12 @@ import (
 /*
  * DeleteToken deletes a token of a user.
  */
-func (c *Controller) DeleteToken(ctx context.Context, session *auth.Session,
+func (c *Controller) DeleteToken(
-	userUID string, tokenType enum.TokenType, tokenUID string) error {
+	ctx context.Context,
+	session *auth.Session,
+	userUID string,
+	tokenType enum.TokenType,
+	tokenIdentifier string) error {
 	user, err := findUserFromUID(ctx, c.principalStore, userUID)
 	if err != nil {
 		return err
@@ -40,7 +44,7 @@ func (c *Controller) DeleteToken(ctx context.Context, session *auth.Session,
 		return err
 	}
 
-	token, err := c.tokenStore.FindByUID(ctx, user.ID, tokenUID)
+	token, err := c.tokenStore.FindByIdentifier(ctx, user.ID, tokenIdentifier)
 	if err != nil {
 		return err
 	}

app/api/controller/user/login.go

@@ -70,11 +70,11 @@ func (c *Controller) Login(
 		return nil, usererror.ErrNotFound
 	}
 
-	tokenUID, err := generateSessionTokenUID()
+	tokenIdentifier, err := generateSessionTokenIdentifier()
 	if err != nil {
 		return nil, err
 	}
-	token, jwtToken, err := token.CreateUserSession(ctx, c.tokenStore, user, tokenUID)
+	token, jwtToken, err := token.CreateUserSession(ctx, c.tokenStore, user, tokenIdentifier)
 	if err != nil {
 		return nil, err
 	}
@@ -82,7 +82,7 @@ func (c *Controller) Login(
 	return &types.TokenResponse{Token: *token, AccessToken: jwtToken}, nil
 }
 
-func generateSessionTokenUID() (string, error) {
+func generateSessionTokenIdentifier() (string, error) {
 	r, err := rand.Int(rand.Reader, big.NewInt(10000))
 	if err != nil {
 		return "", fmt.Errorf("failed to generate random number: %w", err)

app/api/controller/webhook/create.go

@@ -32,8 +32,10 @@ import (
 )
 
 type CreateInput struct {
-	UID string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	// TODO: Remove once UID migration is completed.
+	UID        string `json:"uid" deprecated:"true"`
+	Identifier string `json:"identifier"`
+	// TODO [CODE-1364]: Remove once UID/Identifier migration is completed.
 	DisplayName string                `json:"display_name"`
 	Description string                `json:"description"`
 	URL         string                `json:"url"`
@@ -53,27 +55,15 @@ func (c *Controller) Create(
 	in *CreateInput,
 	internal bool,
 ) (*types.Webhook, error) {
-	now := time.Now().UnixMilli()
+	// validate input
-
+	err := sanitizeCreateInput(in, c.allowLoopback, c.allowPrivateNetwork || internal)
-	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, err
 	}
 
-	// backfill required data - during migration period we have to accept both, displayname only and uid only
+	now := time.Now().UnixMilli()
-	// TODO: Remove once UID migration is completed
-	if in.DisplayName == "" && in.UID != "" {
-		in.DisplayName = in.UID
-	}
-	if in.UID == "" && in.DisplayName != "" {
-		in.UID, err = migrate.WebhookDisplayNameToUID(in.DisplayName, false)
-		if err != nil {
-			return nil, fmt.Errorf("failed to migrate webhook displayname %q to uid: %w", in.DisplayName, err)
-		}
-	}
 
-	// validate input
+	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
-	err = checkCreateInput(in, c.allowLoopback, c.allowPrivateNetwork || internal)
 	if err != nil {
 		return nil, err
 	}
@@ -95,7 +85,7 @@ func (c *Controller) Create(
 		Internal:   internal,
 
 		// user input
-		UID:                   in.UID,
+		Identifier:            in.Identifier,
 		DisplayName:           in.DisplayName,
 		Description:           in.Description,
 		URL:                   in.URL,
@@ -111,16 +101,16 @@ func (c *Controller) Create(
 	// internal hooks are hidden from non-internal read requests - properly communicate their existence on duplicate.
 	// This is best effort, any error we just ignore and fallback to original duplicate error.
 	if errors.Is(err, store.ErrDuplicate) && !internal {
-		existingHook, derr := c.webhookStore.FindByUID(ctx, enum.WebhookParentRepo, repo.ID, hook.UID)
+		existingHook, derr := c.webhookStore.FindByIdentifier(ctx, enum.WebhookParentRepo, repo.ID, hook.Identifier)
 		if derr != nil {
 			log.Ctx(ctx).Warn().Err(derr).Msgf(
-				"failed to retrieve webhook for repo %d with uid %q on duplicate error",
+				"failed to retrieve webhook for repo %d with identifier %q on duplicate error",
 				repo.ID,
-				hook.UID,
+				hook.Identifier,
 			)
 		}
 		if derr == nil && existingHook.Internal {
-			return nil, usererror.Conflict("The provided uid is reserved for internal purposes.")
+			return nil, usererror.Conflict("The provided identifier is reserved for internal purposes.")
 		}
 	}
 
@@ -131,8 +121,26 @@ func (c *Controller) Create(
 	return hook, nil
 }
 
-func checkCreateInput(in *CreateInput, allowLoopback bool, allowPrivateNetwork bool) error {
+func sanitizeCreateInput(in *CreateInput, allowLoopback bool, allowPrivateNetwork bool) error {
-	if err := check.UID(in.UID); err != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
+	if in.Identifier == "" {
+		in.Identifier = in.UID
+	}
+
+	// backfill required data - during migration period we have to accept both, displayname only and identifier only
+	// TODO [CODE-1364]: Remove once UID/Identifier migration is completed
+	if in.DisplayName == "" && in.Identifier != "" {
+		in.DisplayName = in.Identifier
+	}
+	if in.Identifier == "" && in.DisplayName != "" {
+		var err error
+		in.Identifier, err = migrate.WebhookDisplayNameToIdentifier(in.DisplayName, false)
+		if err != nil {
+			return fmt.Errorf("failed to migrate webhook displayname %q to identifier: %w", in.DisplayName, err)
+		}
+	}
+
+	if err := check.Identifier(in.Identifier); err != nil {
 		return err
 	}
 	if err := check.DisplayName(in.DisplayName); err != nil {

app/api/controller/webhook/delete.go

@@ -26,7 +26,7 @@ func (c *Controller) Delete(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	webhookUID string,
+	webhookIdentifier string,
 	allowDeletingInternal bool,
 ) error {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
@@ -35,7 +35,7 @@ func (c *Controller) Delete(
 	}
 
 	// get the webhook and ensure it belongs to us
-	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookUID)
+	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookIdentifier)
 	if err != nil {
 		return err
 	}

app/api/controller/webhook/find.go

@@ -31,32 +31,35 @@ func (c *Controller) Find(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	webhookUID string,
+	webhookIdentifier string,
 ) (*types.Webhook, error) {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
 	if err != nil {
 		return nil, err
 	}
 
-	return c.getWebhookVerifyOwnership(ctx, repo.ID, webhookUID)
+	return c.getWebhookVerifyOwnership(ctx, repo.ID, webhookIdentifier)
 }
 
-func (c *Controller) getWebhookVerifyOwnership(ctx context.Context, repoID int64,
+func (c *Controller) getWebhookVerifyOwnership(
-	webhookUID string) (*types.Webhook, error) {
+	ctx context.Context,
-	// TODO: Remove once webhook UID migration completed
+	repoID int64,
-	webhookID, err := strconv.ParseInt(webhookUID, 10, 64)
+	webhookIdentifier string,
-	if (err == nil && webhookID <= 0) || len(strings.TrimSpace(webhookUID)) == 0 {
+) (*types.Webhook, error) {
-		return nil, usererror.BadRequest("A valid webhook UID must be provided.")
+	// TODO: Remove once webhook identifier migration completed
+	webhookID, err := strconv.ParseInt(webhookIdentifier, 10, 64)
+	if (err == nil && webhookID <= 0) || len(strings.TrimSpace(webhookIdentifier)) == 0 {
+		return nil, usererror.BadRequest("A valid webhook identifier must be provided.")
 	}
 
 	var webhook *types.Webhook
 	if err == nil {
 		webhook, err = c.webhookStore.Find(ctx, webhookID)
 	} else {
-		webhook, err = c.webhookStore.FindByUID(ctx, enum.WebhookParentRepo, repoID, webhookUID)
+		webhook, err = c.webhookStore.FindByIdentifier(ctx, enum.WebhookParentRepo, repoID, webhookIdentifier)
 	}
 	if err != nil {
-		return nil, fmt.Errorf("failed to find webhook with uid %q: %w", webhookUID, err)
+		return nil, fmt.Errorf("failed to find webhook with identifier %q: %w", webhookIdentifier, err)
 	}
 
 	// ensure the webhook actually belongs to the repo

app/api/controller/webhook/find_execution.go

@@ -29,7 +29,7 @@ func (c *Controller) FindExecution(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	webhookUID string,
+	webhookIdentifier string,
 	webhookExecutionID int64,
 ) (*types.WebhookExecution, error) {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
@@ -38,7 +38,7 @@ func (c *Controller) FindExecution(
 	}
 
 	// get the webhook and ensure it belongs to us
-	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookUID)
+	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookIdentifier)
 	if err != nil {
 		return nil, err
 	}

app/api/controller/webhook/list_executions.go

@@ -28,7 +28,7 @@ func (c *Controller) ListExecutions(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	webhookUID string,
+	webhookIdentifier string,
 	filter *types.WebhookExecutionFilter,
 ) ([]*types.WebhookExecution, error) {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoView)
@@ -37,7 +37,7 @@ func (c *Controller) ListExecutions(
 	}
 
 	// get the webhook and ensure it belongs to us
-	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookUID)
+	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookIdentifier)
 	if err != nil {
 		return nil, err
 	}

app/api/controller/webhook/retrigger_execution.go

@@ -30,7 +30,7 @@ func (c *Controller) RetriggerExecution(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	webhookUID string,
+	webhookIdentifier string,
 	webhookExecutionID int64,
 ) (*types.WebhookExecution, error) {
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
@@ -39,7 +39,7 @@ func (c *Controller) RetriggerExecution(
 	}
 
 	// get the webhook and ensure it belongs to us
-	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookUID)
+	webhook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookIdentifier)
 	if err != nil {
 		return nil, err
 	}

app/api/controller/webhook/update.go

@@ -25,8 +25,10 @@ import (
 )
 
 type UpdateInput struct {
-	UID *string `json:"uid"`
+	// TODO [CODE-1363]: remove after identifier migration.
-	// TODO: Remove once UID migration is completed.
+	UID        *string `json:"uid" deprecated:"true"`
+	Identifier *string `json:"identifier"`
+	// TODO [CODE-1364]: Remove once UID/Identifier migration is completed.
 	DisplayName *string               `json:"display_name"`
 	Description *string               `json:"description"`
 	URL         *string               `json:"url"`
@@ -41,17 +43,21 @@ func (c *Controller) Update(
 	ctx context.Context,
 	session *auth.Session,
 	repoRef string,
-	webhookUID string,
+	webhookIdentifier string,
 	in *UpdateInput,
 	allowModifyingInternal bool,
 ) (*types.Webhook, error) {
+	if err := sanitizeUpdateInput(in, c.allowLoopback, c.allowPrivateNetwork); err != nil {
+		return nil, err
+	}
+
 	repo, err := c.getRepoCheckAccess(ctx, session, repoRef, enum.PermissionRepoEdit)
 	if err != nil {
 		return nil, err
 	}
 
 	// get the hook and ensure it belongs to us
-	hook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookUID)
+	hook, err := c.getWebhookVerifyOwnership(ctx, repo.ID, webhookIdentifier)
 	if err != nil {
 		return nil, err
 	}
@@ -59,14 +65,10 @@ func (c *Controller) Update(
 	if !allowModifyingInternal && hook.Internal {
 		return nil, ErrInternalWebhookOperationNotAllowed
 	}
-	// validate input
-	if err = checkUpdateInput(in, c.allowLoopback, c.allowPrivateNetwork); err != nil {
-		return nil, err
-	}
 
 	// update webhook struct (only for values that are provided)
-	if in.UID != nil {
+	if in.Identifier != nil {
-		hook.UID = *in.UID
+		hook.Identifier = *in.Identifier
 	}
 	if in.DisplayName != nil {
 		hook.DisplayName = *in.DisplayName
@@ -101,9 +103,14 @@ func (c *Controller) Update(
 	return hook, nil
 }
 
-func checkUpdateInput(in *UpdateInput, allowLoopback bool, allowPrivateNetwork bool) error {
+func sanitizeUpdateInput(in *UpdateInput, allowLoopback bool, allowPrivateNetwork bool) error {
-	if in.UID != nil {
+	// TODO [CODE-1363]: remove after identifier migration.
-		if err := check.UID(*in.UID); err != nil {
+	if in.Identifier == nil {
+		in.Identifier = in.UID
+	}
+
+	if in.Identifier != nil {
+		if err := check.Identifier(*in.Identifier); err != nil {
 			return err
 		}
 	}

app/api/handler/check/check_recent.go

@@ -22,7 +22,7 @@ import (
 	"github.com/harness/gitness/app/api/request"
 )
 
-// HandleCheckListRecent is an HTTP handler for listing recently executed status check UIDs for a repository.
+// HandleCheckListRecent is an HTTP handler for listing recently executed status check identifiers for a repository.
 func HandleCheckListRecent(checkCtrl *check.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
@@ -40,12 +40,12 @@ func HandleCheckListRecent(checkCtrl *check.Controller) http.HandlerFunc {
 			return
 		}
 
-		checkUIDs, err := checkCtrl.ListRecentChecks(ctx, session, repoRef, opts)
+		checkIdentifiers, err := checkCtrl.ListRecentChecks(ctx, session, repoRef, opts)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 
-		render.JSON(w, http.StatusOK, checkUIDs)
+		render.JSON(w, http.StatusOK, checkIdentifiers)
 	}
 }

app/api/handler/connector/delete.go

@@ -32,13 +32,13 @@ func HandleDelete(connectorCtrl *connector.Controller) http.HandlerFunc {
 			render.TranslatedUserError(w, err)
 			return
 		}
-		spaceRef, connectorUID, err := paths.DisectLeaf(connectorRef)
+		spaceRef, connectorIdentifier, err := paths.DisectLeaf(connectorRef)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 
-		err = connectorCtrl.Delete(ctx, session, spaceRef, connectorUID)
+		err = connectorCtrl.Delete(ctx, session, spaceRef, connectorIdentifier)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/connector/find.go

@@ -33,13 +33,13 @@ func HandleFind(connectorCtrl *connector.Controller) http.HandlerFunc {
 			render.TranslatedUserError(w, err)
 			return
 		}
-		spaceRef, connectorUID, err := paths.DisectLeaf(connectorRef)
+		spaceRef, connectorIdentifier, err := paths.DisectLeaf(connectorRef)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 
-		connector, err := connectorCtrl.Find(ctx, session, spaceRef, connectorUID)
+		connector, err := connectorCtrl.Find(ctx, session, spaceRef, connectorIdentifier)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/connector/update.go

@@ -41,13 +41,13 @@ func HandleUpdate(connectorCtrl *connector.Controller) http.HandlerFunc {
 			render.TranslatedUserError(w, err)
 			return
 		}
-		spaceRef, connectorUID, err := paths.DisectLeaf(connectorRef)
+		spaceRef, connectorIdentifier, err := paths.DisectLeaf(connectorRef)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 
-		connector, err := connectorCtrl.Update(ctx, session, spaceRef, connectorUID, in)
+		connector, err := connectorCtrl.Update(ctx, session, spaceRef, connectorIdentifier, in)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/execution/cancel.go

@@ -26,7 +26,7 @@ func HandleCancel(executionCtrl *execution.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -42,7 +42,7 @@ func HandleCancel(executionCtrl *execution.Controller) http.HandlerFunc {
 			return
 		}
 
-		execution, err := executionCtrl.Cancel(ctx, session, repoRef, pipelineUID, n)
+		execution, err := executionCtrl.Cancel(ctx, session, repoRef, pipelineIdentifier, n)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/execution/create.go

@@ -26,7 +26,7 @@ func HandleCreate(executionCtrl *execution.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -39,7 +39,7 @@ func HandleCreate(executionCtrl *execution.Controller) http.HandlerFunc {
 
 		branch := request.GetBranchFromQuery(r)
 
-		execution, err := executionCtrl.Create(ctx, session, repoRef, pipelineUID, branch)
+		execution, err := executionCtrl.Create(ctx, session, repoRef, pipelineIdentifier, branch)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/execution/delete.go

@@ -26,7 +26,7 @@ func HandleDelete(executionCtrl *execution.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -42,7 +42,7 @@ func HandleDelete(executionCtrl *execution.Controller) http.HandlerFunc {
 			return
 		}
 
-		err = executionCtrl.Delete(ctx, session, repoRef, pipelineUID, n)
+		err = executionCtrl.Delete(ctx, session, repoRef, pipelineIdentifier, n)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/execution/find.go

@@ -26,7 +26,7 @@ func HandleFind(executionCtrl *execution.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -42,7 +42,7 @@ func HandleFind(executionCtrl *execution.Controller) http.HandlerFunc {
 			return
 		}
 
-		execution, err := executionCtrl.Find(ctx, session, repoRef, pipelineUID, n)
+		execution, err := executionCtrl.Find(ctx, session, repoRef, pipelineIdentifier, n)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/execution/list.go

@@ -26,7 +26,7 @@ func HandleList(executionCtrl *execution.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -39,7 +39,7 @@ func HandleList(executionCtrl *execution.Controller) http.HandlerFunc {
 
 		pagination := request.ParsePaginationFromRequest(r)
 
-		repos, totalCount, err := executionCtrl.List(ctx, session, repoRef, pipelineUID, pagination)
+		repos, totalCount, err := executionCtrl.List(ctx, session, repoRef, pipelineIdentifier, pagination)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/logs/find.go

@@ -32,7 +32,7 @@ func HandleFind(logCtrl *logs.Controller) http.HandlerFunc {
 			render.TranslatedUserError(w, err)
 			return
 		}
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -53,7 +53,7 @@ func HandleFind(logCtrl *logs.Controller) http.HandlerFunc {
 			return
 		}
 		lines, err := logCtrl.Find(
-			ctx, session, repoRef, pipelineUID,
+			ctx, session, repoRef, pipelineIdentifier,
 			executionNum, int(stageNum), int(stepNum))
 		if err != nil {
 			render.TranslatedUserError(w, err)

app/api/handler/logs/tail.go

@@ -41,7 +41,7 @@ func HandleTail(logCtrl *logs.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -85,7 +85,7 @@ func HandleTail(logCtrl *logs.Controller) http.HandlerFunc {
 		f.Flush()
 
 		linec, errc, err := logCtrl.Tail(
-			ctx, session, repoRef, pipelineUID,
+			ctx, session, repoRef, pipelineIdentifier,
 			executionNum, int(stageNum), int(stepNum))
 		if err != nil {
 			render.TranslatedUserError(w, err)

app/api/handler/pipeline/delete.go

@@ -26,7 +26,7 @@ func HandleDelete(pipelineCtrl *pipeline.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -37,7 +37,7 @@ func HandleDelete(pipelineCtrl *pipeline.Controller) http.HandlerFunc {
 			return
 		}
 
-		err = pipelineCtrl.Delete(ctx, session, repoRef, pipelineUID)
+		err = pipelineCtrl.Delete(ctx, session, repoRef, pipelineIdentifier)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/pipeline/find.go

@@ -26,7 +26,7 @@ func HandleFind(pipelineCtrl *pipeline.Controller) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		session, _ := request.AuthSessionFrom(ctx)
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -37,7 +37,7 @@ func HandleFind(pipelineCtrl *pipeline.Controller) http.HandlerFunc {
 			return
 		}
 
-		pipeline, err := pipelineCtrl.Find(ctx, session, repoRef, pipelineUID)
+		pipeline, err := pipelineCtrl.Find(ctx, session, repoRef, pipelineIdentifier)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/pipeline/update.go

@@ -35,7 +35,7 @@ func HandleUpdate(pipelineCtrl *pipeline.Controller) http.HandlerFunc {
 			return
 		}
 
-		pipelineUID, err := request.GetPipelineUIDFromPath(r)
+		pipelineIdentifier, err := request.GetPipelineIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
@@ -46,7 +46,7 @@ func HandleUpdate(pipelineCtrl *pipeline.Controller) http.HandlerFunc {
 			return
 		}
 
-		pipeline, err := pipelineCtrl.Update(ctx, session, repoRef, pipelineUID, in)
+		pipeline, err := pipelineCtrl.Update(ctx, session, repoRef, pipelineIdentifier, in)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/repo/rule_delete.go

@@ -34,13 +34,13 @@ func HandleRuleDelete(repoCtrl *repo.Controller) http.HandlerFunc {
 			return
 		}
 
-		ruleUID, err := request.GetRuleUIDFromPath(r)
+		ruleIdentifier, err := request.GetRuleIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 
-		err = repoCtrl.RuleDelete(ctx, session, repoRef, ruleUID)
+		err = repoCtrl.RuleDelete(ctx, session, repoRef, ruleIdentifier)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return

app/api/handler/repo/rule_find.go

@@ -34,13 +34,13 @@ func HandleRuleFind(repoCtrl *repo.Controller) http.HandlerFunc {
 			return
 		}
 
-		ruleUID, err := request.GetRuleUIDFromPath(r)
+		ruleIdentifier, err := request.GetRuleIdentifierFromPath(r)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return
 		}
 
-		rule, err := repoCtrl.RuleFind(ctx, session, repoRef, ruleUID)
+		rule, err := repoCtrl.RuleFind(ctx, session, repoRef, ruleIdentifier)
 		if err != nil {
 			render.TranslatedUserError(w, err)
 			return