How to create entra id associated role?

[tspearconquest]

Terraform Version

N/A - general question affecting all versions

Affected Resource(s)

Please list the resources as a list, for example: postgresql_role

Terraform Configuration Files

N/A

Debug Output

N/A

Panic Output

N/A

Expected Behavior

N/A

Actual Behavior

N/A

Steps to Reproduce

N/A

Important Factoids

N/A

References

N/A

Additional info

Hello! I have created an azure database for postgresql flexible server with password authentication disabled and entra id authentication enabled. I have also created an entra admin user which I can use to login to the server via terraform.

Azure docs indicate that to create another role which is associated with an Entra ID principal, we need to use pg_catalog.pgaadauth_create_principal() however I don't see a mechanism by which to do so in the provider, and the postgresql_role page doesn't indicate whether it does so by default when terraform has used entra id authentication to login to the server, or not.

The page detailing the steps is https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users and I can see that it is possible to additionally perform an association between an existing postgresql role and an entra ID principal by setting a security label on the role. Thus it appears to be possible to use postgresql_role and postgresql_security_label resources together to accomplish the task, but I wanted to confirm if there is any better way. If there is not currently a better way, I'd also ask if you would consider adding the logic in the postgresql_role resource itself to allow users to specify whether the role should be associated to an entra principal with the same name or not.