Prevent search on the NotificationTemplate.notification_configuration field

awx/main/models/notifications.py

@@ -17,7 +17,7 @@ from jinja2.exceptions import TemplateSyntaxError, UndefinedError, SecurityError
 
 # AWX
 from awx.api.versioning import reverse
-from awx.main.models.base import CommonModelNameNotUnique, CreatedModifiedModel
+from awx.main.models.base import CommonModelNameNotUnique, CreatedModifiedModel, prevent_search
 from awx.main.utils import encrypt_field, decrypt_field, set_environ
 from awx.main.notifications.email_backend import CustomEmailBackend
 from awx.main.notifications.slack_backend import SlackBackend
@@ -70,7 +70,7 @@ class NotificationTemplate(CommonModelNameNotUnique):
         choices=NOTIFICATION_TYPE_CHOICES,
     )
 
-    notification_configuration = JSONField(blank=False)
+    notification_configuration = prevent_search(JSONField(blank=False))
 
     def default_messages():
         return {'started': None, 'success': None, 'error': None}

awx/main/tests/functional/api/test_notifications.py

@@ -127,3 +127,11 @@ def test_post_wfjt_running_notification(get, post, admin, notification_template,
     response = get(url, admin)
     assert response.status_code == 200
     assert len(response.data['results']) == 1
+
+
+@pytest.mark.django_db
+def test_search_on_notification_configuration_is_prevented(get, admin):
+    url = reverse('api:notification_template_list')
+    response = get(url, {'notification_configuration__regex': 'ABCDEF'}, admin)
+    assert response.status_code == 403
+    assert response.data == {"detail": "Filtering on notification_configuration is not allowed."}