That explanation would make sense - it’s possible azure reports the firewall rules as created before they have fully propagated. That would be unfortunate as it would make any infrastructure automation against those resources less reliable - so maybe an issue to report to Azure.
That said - one workaround in Pulumi would be to do some custom work to “delay” until ready in between the DB creation and the Postgres provider connection. Something along the lines of
https://gist.github.com/lukehoban/fd0355ed5b82386bd89c0ffe2a3c916a#file-waitforjob-ts-L20 might work.