diff --git a/agent/consul/catalog_endpoint.go b/agent/consul/catalog_endpoint.go
index 8869481a1..26eb39417 100644
--- a/agent/consul/catalog_endpoint.go
+++ b/agent/consul/catalog_endpoint.go
@@ -227,7 +227,7 @@ func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error
 // worst let a service update revert a recent node update, so it doesn't open up
 // too much abuse).
 func vetRegisterWithACL(
-	rule acl.Authorizer,
+	authz acl.Authorizer,
 	subj *structs.RegisterRequest,
 	ns *structs.NodeServices,
 ) error {
@@ -239,7 +239,7 @@ func vetRegisterWithACL(
 	// privileges.
 	needsNode := ns == nil || subj.ChangesNode(ns.Node)
 
-	if needsNode && rule.NodeWrite(subj.Node, &authzContext) != acl.Allow {
+	if needsNode && authz.NodeWrite(subj.Node, &authzContext) != acl.Allow {
 		return acl.ErrPermissionDenied
 	}
 
@@ -247,7 +247,7 @@ func vetRegisterWithACL(
 	// the given service, and that we can write to any existing service that
 	// is being modified by id (if any).
 	if subj.Service != nil {
-		if rule.ServiceWrite(subj.Service.Service, &authzContext) != acl.Allow {
+		if authz.ServiceWrite(subj.Service.Service, &authzContext) != acl.Allow {
 			return acl.ErrPermissionDenied
 		}
 
@@ -261,7 +261,7 @@ func vetRegisterWithACL(
 				var secondaryCtx acl.AuthorizerContext
 				other.FillAuthzContext(&secondaryCtx)
 
-				if rule.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
+				if authz.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
 					return acl.ErrPermissionDenied
 				}
 			}
@@ -291,7 +291,7 @@ func vetRegisterWithACL(
 
 		// Node-level check.
 		if check.ServiceID == "" {
-			if rule.NodeWrite(subj.Node, &authzContext) != acl.Allow {
+			if authz.NodeWrite(subj.Node, &authzContext) != acl.Allow {
 				return acl.ErrPermissionDenied
 			}
 			continue
@@ -322,7 +322,7 @@ func vetRegisterWithACL(
 		var secondaryCtx acl.AuthorizerContext
 		other.FillAuthzContext(&secondaryCtx)
 
-		if rule.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
+		if authz.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
 			return acl.ErrPermissionDenied
 		}
 	}
@@ -385,7 +385,7 @@ func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) e
 // endpoint. The NodeService for the referenced service must be supplied, and can
 // be nil; similar for the HealthCheck for the referenced health check.
 func vetDeregisterWithACL(
-	rule acl.Authorizer,
+	authz acl.Authorizer,
 	subj *structs.DeregisterRequest,
 	ns *structs.NodeService,
 	nc *structs.HealthCheck,
@@ -400,7 +400,7 @@ func vetDeregisterWithACL(
 	// Allow service deregistration if the token has write permission for the node.
 	// This accounts for cases where the agent no longer has a token with write permission
 	// on the service to deregister it.
-	if rule.NodeWrite(subj.Node, &authzContext) == acl.Allow {
+	if authz.NodeWrite(subj.Node, &authzContext) == acl.Allow {
 		return nil
 	}
 
@@ -415,7 +415,7 @@ func vetDeregisterWithACL(
 
 		ns.FillAuthzContext(&authzContext)
 
-		if rule.ServiceWrite(ns.Service, &authzContext) != acl.Allow {
+		if authz.ServiceWrite(ns.Service, &authzContext) != acl.Allow {
 			return acl.ErrPermissionDenied
 		}
 	} else if subj.CheckID != "" {
@@ -426,11 +426,11 @@ func vetDeregisterWithACL(
 		nc.FillAuthzContext(&authzContext)
 
 		if nc.ServiceID != "" {
-			if rule.ServiceWrite(nc.ServiceName, &authzContext) != acl.Allow {
+			if authz.ServiceWrite(nc.ServiceName, &authzContext) != acl.Allow {
 				return acl.ErrPermissionDenied
 			}
 		} else {
-			if rule.NodeWrite(subj.Node, &authzContext) != acl.Allow {
+			if authz.NodeWrite(subj.Node, &authzContext) != acl.Allow {
 				return acl.ErrPermissionDenied
 			}
 		}
diff --git a/agent/consul/txn_endpoint.go b/agent/consul/txn_endpoint.go
index f9d15bf73..8c8ab4140 100644
--- a/agent/consul/txn_endpoint.go
+++ b/agent/consul/txn_endpoint.go
@@ -109,29 +109,29 @@ func (t *Txn) preCheck(authorizer acl.Authorizer, ops structs.TxnOps) structs.Tx
 }
 
 // vetNodeTxnOp applies the given ACL policy to a node transaction operation.
-func vetNodeTxnOp(op *structs.TxnNodeOp, rule acl.Authorizer) error {
+func vetNodeTxnOp(op *structs.TxnNodeOp, authz acl.Authorizer) error {
 	var authzContext acl.AuthorizerContext
 	op.FillAuthzContext(&authzContext)
 
-	if rule.NodeWrite(op.Node.Node, &authzContext) != acl.Allow {
+	if authz.NodeWrite(op.Node.Node, &authzContext) != acl.Allow {
 		return acl.ErrPermissionDenied
 	}
 	return nil
 }
 
 // vetCheckTxnOp applies the given ACL policy to a check transaction operation.
-func vetCheckTxnOp(op *structs.TxnCheckOp, rule acl.Authorizer) error {
+func vetCheckTxnOp(op *structs.TxnCheckOp, authz acl.Authorizer) error {
 	var authzContext acl.AuthorizerContext
 	op.FillAuthzContext(&authzContext)
 
 	if op.Check.ServiceID == "" {
 		// Node-level check.
-		if rule.NodeWrite(op.Check.Node, &authzContext) != acl.Allow {
+		if authz.NodeWrite(op.Check.Node, &authzContext) != acl.Allow {
 			return acl.ErrPermissionDenied
 		}
 	} else {
 		// Service-level check.
-		if rule.ServiceWrite(op.Check.ServiceName, &authzContext) != acl.Allow {
+		if authz.ServiceWrite(op.Check.ServiceName, &authzContext) != acl.Allow {
 			return acl.ErrPermissionDenied
 		}
 	}