Tag tests that require admin access

We don't run tests that require Administrator access against our
Production environments. This tags those tests with `:requires_admin`
so they can be skipped when run with QA_CAN_TEST_ADMIN_FEATURES set
to `false`.

doc/development/testing_guide/end_to_end/best_practices.md

@@ -85,3 +85,11 @@ after(:all) do
   Page::Main::Menu.perform(&:sign_out)
 end
 ```
+
+## Tag tests that require Administrator access
+
+We don't run tests that require Administrator access against our Production environments.
+
+When you add a new test that requires Administrator access, apply the RSpec metadata `:requires_admin` so that the test will not be included in the test suites executed against Production and other environments on which we don't want to run those tests.
+
+Note: When running tests locally or configuring a pipeline, the environment variable `QA_CAN_TEST_ADMIN_FEATURES` can be set to `false` to skip tests that have the `:requires_admin` tag.

qa/qa/specs/features/browser_ui/2_plan/issue/check_mentions_for_xss_spec.rb

@@ -2,7 +2,7 @@
 
 module QA
   context 'Plan' do
-    describe 'check xss occurence in @mentions in issues' do
+    describe 'check xss occurence in @mentions in issues', :requires_admin do
       it 'user mentions a user in comment' do
         QA::Runtime::Env.personal_access_token = QA::Runtime::Env.admin_personal_access_token
 

qa/qa/specs/features/browser_ui/non_devops/performance_bar_spec.rb

@@ -2,7 +2,7 @@
 
 module QA
   context 'Performance bar' do
-    context 'when logged in as an admin user' do
+    context 'when logged in as an admin user', :requires_admin do
       before do
         Runtime::Browser.visit(:gitlab, Page::Main::Login)
         Page::Main::Login.perform(&:sign_in_using_admin_credentials)

qa/qa/specs/features/ee/browser_ui/1_manage/group/group_audit_logs_1_spec.rb

@@ -37,7 +37,7 @@ module QA
         it_behaves_like 'group audit event logs', ["Add group"]
       end
 
-      context 'Change repository size limit' do
+      context 'Change repository size limit', :requires_admin do
         before do
           sign_in(as_admin: true)
           @group.visit!

qa/qa/specs/features/ee/browser_ui/1_manage/group/group_file_template_spec.rb

@@ -2,7 +2,7 @@
 
 module QA
   context 'Manage' do
-    describe 'Group file templates' do
+    describe 'Group file templates', :requires_admin do
       include Support::Api
 
       templates = [

qa/qa/specs/features/ee/browser_ui/1_manage/group/group_ldap_sync_spec.rb

 # frozen_string_literal: true
 
 module QA
-  context 'Manage', :orchestrated, :ldap_tls, :ldap_no_tls do
+  context 'Manage', :orchestrated, :ldap_tls, :ldap_no_tls, :requires_admin do
     describe 'LDAP Group sync' do
       include Support::Api
 

qa/qa/specs/features/ee/browser_ui/1_manage/instance/instance_audit_logs_spec.rb

@@ -17,7 +17,7 @@ module QA
       end
     end
 
-    describe 'Instance audit logs' do
+    describe 'Instance audit logs', :requires_admin do
       context 'Failed sign in' do
         before do
           Runtime::Browser.visit(:gitlab, Page::Main::Login)

qa/qa/specs/features/ee/browser_ui/1_manage/project/project_templates_spec.rb

@@ -37,7 +37,7 @@ module QA
         Page::Main::Menu.perform(&:sign_out_if_signed_in)
       end
 
-      context 'built-in' do
+      context 'built-in', :requires_admin do
         before do
           Runtime::Browser.visit(:gitlab, Page::Main::Login)
           Page::Main::Login.perform(&:sign_in_using_admin_credentials)
@@ -68,7 +68,7 @@ module QA
       end
 
       # Failure issue: https://gitlab.com/gitlab-org/quality/staging/issues/61
-      context 'instance level', :quarantine do
+      context 'instance level', :quarantine, :requires_admin do
         before do
           Runtime::Browser.visit(:gitlab, Page::Main::Login)
           Page::Main::Login.perform(&:sign_in_using_admin_credentials)

qa/qa/specs/features/ee/browser_ui/2_plan/custom_email/custom_email_spec.rb

@@ -4,7 +4,7 @@ require 'securerandom'
 
 module QA
   context 'Plan' do
-    describe 'Custom email' do
+    describe 'Custom email', :requires_admin do
       before do
         Runtime::Browser.visit(:gitlab, Page::Main::Login)
         Page::Main::Login.perform(&:sign_in_using_admin_credentials)

qa/qa/specs/features/ee/browser_ui/3_create/jenkins/jenkins_build_status_spec.rb

@@ -3,7 +3,7 @@ require 'securerandom'
 
 module QA
   # Issue: https://gitlab.com/gitlab-org/gitlab/issues/35370
-  context 'Create', :docker, :quarantine do
+  context 'Create', :docker, :quarantine, :requires_admin do
     describe 'Jenkins integration' do
       let(:project_name) { "project_with_jenkins_#{SecureRandom.hex(4)}" }