List all IAM roles applicable for a specific IAM permission
# any permission listed at https://cloud.google.com/iam/docs/permissions-reference
export expected_permission=<permission>
for role in $(gcloud iam roles list --format='value(NAME)');
do permissions=$(gcloud iam roles describe $role --format='value(includedPermissions)')
if [[ $permissions =~ $expected_permission ]]; then echo "-------------------------------------------------" && echo $role && echo "-------------------------------------------------"; fi
done