diff --git a/hack/.golint_failures b/hack/.golint_failures
index cf19fa08e5d..40e538bbbe9 100644
--- a/hack/.golint_failures
+++ b/hack/.golint_failures
@@ -223,7 +223,6 @@ plugin/pkg/admission/resourcequota/apis/resourcequota/v1alpha1
 plugin/pkg/admission/resourcequota/apis/resourcequota/v1beta1
 plugin/pkg/auth/authorizer/node
 plugin/pkg/auth/authorizer/rbac
-plugin/pkg/auth/authorizer/rbac/bootstrappolicy
 staging/src/k8s.io/api/admission/v1
 staging/src/k8s.io/api/admission/v1beta1
 staging/src/k8s.io/api/admissionregistration/v1
diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
index 7e17f31dd5e..344db5d183d 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@@ -27,6 +27,8 @@ import (
 	"k8s.io/kubernetes/pkg/features"
 )
 
+// Write and other vars are slices of the allowed verbs.
+// Label and Annotation are default maps of bootstrappolicy.
 var (
 	Write      = []string{"create", "update", "patch", "delete", "deletecollection"}
 	ReadWrite  = []string{"get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"}
@@ -97,6 +99,7 @@ func addClusterRoleBindingLabel(rolebindings []rbacv1.ClusterRoleBinding) {
 	return
 }
 
+// NodeRules returns node policy rules, it is slice of rbacv1.PolicyRule.
 func NodeRules() []rbacv1.PolicyRule {
 	nodePolicyRules := []rbacv1.PolicyRule{
 		// Needed to check API access.  These creates are non-mutating
@@ -539,6 +542,7 @@ func ClusterRoleBindings() []rbacv1.ClusterRoleBinding {
 	return rolebindings
 }
 
+// ClusterRolesToAggregate maps from previous clusterrole name to the new clusterrole name
 func ClusterRolesToAggregate() map[string]string {
 	return map[string]string{
 		"admin": "system:aggregate-to-admin",