diff --git a/.github/workflows/unit_tests_with_nightly_puppet_gem.yaml b/.github/workflows/unit_tests_with_nightly_puppet_gem.yaml
@@ -16,7 +16,7 @@ jobs:
         puppet_version: [ 6, 7 ]
         include:
           - puppet_version: 6
-            ruby: 2.5
+            ruby: 2.5.8
           - puppet_version: 7
             ruby: 2.7
 

diff --git a/.github/workflows/unit_tests_with_released_puppet_gem.yaml b/.github/workflows/unit_tests_with_released_puppet_gem.yaml
@@ -16,7 +16,7 @@ jobs:
         puppet_version: [ 6, 7 ]
         include:
           - puppet_version: 6
-            ruby: 2.5
+            ruby: 2.5.8
           - puppet_version: 7
             ruby: 2.7
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,25 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.6.0] - 2021-04-22
+
+### Summary
+Fix PE upgrades for SLES 11 and improve GPG key checks. Remove puppet5 task support. Add `exclude` flag to `puppet facts diff` and add task to remove local filebucket cache.
+
+### Features
+
+- ([MODULES-10987](https://tickets.puppetlabs.com/browse/MODULES-10987)) Add Fedora32 support to puppet_agent module ([#548](https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/548))
+- ([MODULES-11045](https://tickets.puppetlabs.com/browse/MODULES-11045)) add `exclude` parameter to `facts_diff` task ([#552](https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/552))
+- ([MODULES-11048](https://tickets.puppetlabs.com/browse/MODULES-11048)) task to remove local filebucket ([#550](https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/550))
+
+### Bug fixes
+
+- ([MODULES-10996](https://tickets.puppetlabs.com/browse/MODULES-10996)) Fix SLES 11 PE upgrades and improve GPG key check ([#551](https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/551))
+
+### Removals
+
+- ([MODULES-10989](https://tickets.puppetlabs.com/browse/MODULES-10989)) Remove puppet5 collection from puppet_agent::install task ([#549](https://github.com/puppetlabs/puppetlabs-puppet_agent/pull/549))
+
 ## [4.5.0] - 2021-03-23
 
 ### Summary

diff --git a/README.markdown b/README.markdown
@@ -1,8 +1,8 @@
 # puppet_agent
 
-[![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/[Daily]%20Unit%20Tests%20with%nightly%20Puppet%20gem/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions)
-[![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/Static%20Code%20Analysis/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions) 
-[![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/Unit%20Tests%20with%20nightly%20Puppet%20gem/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions) 
+[![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions/workflows/daily_unit_tests_with_nightly_puppet_gem.yaml/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions/workflows/daily_unit_tests_with_nightly_puppet_gem.yaml)
+[![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/Static%20Code%20Analysis/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions)
+[![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/Unit%20Tests%20with%20nightly%20Puppet%20gem/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions)
 [![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/Unit%20Tests%20with%20released%20Puppet%20gem/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions)
 [![Modules Status](https://github.com/puppetlabs/puppetlabs-puppet_agent/workflows/Task%20Acceptance%20Tests/badge.svg?branch=main)](https://github.com/puppetlabs/puppetlabs-puppet_agent/actions)
 
@@ -362,7 +362,7 @@ contents of the run report.
 
 #### `puppet_agent::version`
 
-Checks for the version of puppet-agent package installed. 
+Checks for the version of puppet-agent package installed.
 
 **Return value**
 
@@ -377,14 +377,52 @@ The `puppet_agent::version` task returns a Result on success specifying the vers
 
 #### `puppet_agent::install`
 
-Installs the puppet-agent package.  This task should not be used for upgrading agents particularly windows agents which have requirements other than just installing the puppet-agent msi.    
+Installs the puppet-agent package.  This task should not be used for upgrading agents particularly windows agents which have requirements other than just installing the puppet-agent msi.
 
 > **Note:** The `puppet_agent::install_shell` task requires the `facts::bash` implementation from the [facts](https://forge.puppet.com/puppetlabs/facts) module. Both the `puppet_agent` and `facts` modules are packaged with Bolt. For use outside of Bolt make sure the `facts` module is installed to the same `modules` directory as `puppet_agent`.
 
 **Return value**
 
 The task returns the output of the installation script.
 
+
+#### `puppet_agent::facts_diff`
+
+Executes `puppet facts diff` action to check if there are differences between Facter 3 and Facter 4 outputs.(*requires Puppet >= 6.21.0*)
+
+**Parameters**
+
+- `exclude`: Regex used to exclude specific facts from diff.(*requires Puppet >= 6.22.0*)
+
+**Return value**
+
+Returns a `ResultSet` object containing the differences.
+
+```
+{
+  "foo": {
+    "new_value": "bar",
+    "old_value": "baz"
+  }
+}
+```
+
+#### `puppet_agent::delete_local_filebucket`
+
+Removes the local filebucket cache. The location of the filebucket is determined using the `clientbucketdir` puppet config.
+
+**Parameters**
+
+- `force`: ignore nonexistent files and errors.
+
+**Return value**
+
+Returns a `ResultSet` object.
+
+```
+{:success=>true}
+```
+
 ## Limitations
 
 Mac OS X/macOS open source packages are not supported in puppet_agent module releases prior to v2.1.0.

diff --git a/acceptance/helpers.rb b/acceptance/helpers.rb
@@ -346,8 +346,10 @@ def wait_for_installation_pid(host)
           return
         end
 
-        step "(Agent) waiting for upgrade pid file to be created..." do
-          retry_on(host, "cat #{upgrade_pidfile}", {:max_retries => 5, :retry_interval => 2})
+        unless host['platform'] =~ /windows/
+          step "(Agent) waiting for upgrade pid file to be created..." do
+            retry_on(host, "cat #{upgrade_pidfile}", {:max_retries => 5, :retry_interval => 2})
+          end
         end
 
         step "(Agent) waiting for upgrade to complete..." do

diff --git a/acceptance/tests/test_upgrade_puppet5_to_puppet6.rb b/acceptance/tests/test_upgrade_puppet5_to_puppet6.rb
@@ -18,7 +18,8 @@ class { puppet_agent:
     apt_source      => 'http://nightlies.puppet.com/apt',
     yum_source      => 'http://nightlies.puppet.com/yum',
     windows_source  => 'http://nightlies.puppet.com/downloads',
-    collection      => 'puppet6-nightly'
+    collection      => 'puppet6-nightly',
+    service_names   => []
   }
 }
     PP
@@ -39,9 +40,15 @@ class { puppet_agent:
 
   step "Upgrade the agents from Puppet 5 to Puppet 6..." do
     agents_only.each do |agent|
-      start_puppet_service_and_wait_for_puppet_run(agent)
+      on(agent, puppet("agent -t --debug"), acceptable_exit_codes: 2)
       wait_for_installation_pid(agent)
       assert_agent_version_on(agent, latest_version.scan(/6\.\d*\.\d*\.\d*/).first)
     end
   end
+
+  step "Run again for idempotency" do
+    agents_only.each do |agent|
+      on(agent, puppet("agent -t --debug"), acceptable_exit_codes: 0)
+    end
+  end
 end
diff --git a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb b/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb
@@ -18,7 +18,8 @@ class { puppet_agent:
     apt_source      => 'http://nightlies.puppet.com/apt',
     yum_source      => 'http://nightlies.puppet.com/yum',
     windows_source  => 'http://nightlies.puppet.com/downloads',
-    collection      => 'puppet7-nightly'
+    collection      => 'puppet7-nightly',
+    service_names   => []
   }
 }
     PP
@@ -39,9 +40,15 @@ class { puppet_agent:
 
   step "Upgrade the agents from Puppet 6 to Puppet 7..." do
     agents_only.each do |agent|
-      start_puppet_service_and_wait_for_puppet_run(agent)
+      on(agent, puppet("agent -t --debug"), acceptable_exit_codes: 2)
       wait_for_installation_pid(agent)
       assert_agent_version_on(agent, latest_version.scan(/7\.\d*\.\d*\.\d*/).first)
     end
   end
+
+  step "Run again for idempotency" do
+    agents_only.each do |agent|
+      on(agent, puppet("agent -t --debug"), acceptable_exit_codes: 0)
+    end
+  end
 end
diff --git a/files/rpm_gpg_import_check.sh b/files/rpm_gpg_import_check.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# shellcheck disable=SC2086
+
+ACTION=$1
+GPG_HOMEDIR=$2
+GPG_KEY_PATH=$3
+
+GPG_ARGS="--homedir $GPG_HOMEDIR --with-colons"
+GPG_BIN=$(command -v gpg || command -v gpg2)
+
+if [ -z "${GPG_BIN}" ]; then
+  echo Could not find a suitable gpg command, exiting...
+  exit 1
+fi
+
+GPG_PUBKEY=gpg-pubkey-$("${GPG_BIN}" ${GPG_ARGS} "${GPG_KEY_PATH}" 2>&1 | grep ^pub | cut -d':' -f5 | cut --characters=9-16 | tr '[:upper:]' '[:lower:]')
+
+if [ "${ACTION}" = "check" ]; then
+  # This will return 1 if there are differences between the key imported in the
+  # RPM database and the local keyfile. This means we need to purge the key and
+  # reimport it.
+  diff <(rpm -qi "${GPG_PUBKEY}" | "${GPG_BIN}" ${GPG_ARGS}) <("${GPG_BIN}" ${GPG_ARGS} "${GPG_KEY_PATH}")
+elif [ "${ACTION}" = "import" ]; then
+  (rpm -q "${GPG_PUBKEY}" && rpm -e --allmatches "${GPG_PUBKEY}") || true
+  rpm --import "${GPG_KEY_PATH}"
+fi
diff --git a/manifests/install.pp b/manifests/install.pp
@@ -41,6 +41,15 @@
       }
       contain '::puppet_agent::install::windows'
     }
+  } elsif $::osfamily == 'suse' {
+    # Prevent re-running the batch install
+    if ($puppet_agent::aio_upgrade_required) or ($puppet_agent::aio_downgrade_required){
+      class { 'puppet_agent::install::suse':
+        package_version => $package_version,
+        install_options => $install_options,
+      }
+      contain '::puppet_agent::install::suse'
+    }
   } else {
     if $::operatingsystem == 'AIX' {
       # AIX installations always use RPM directly since no there isn't any default package manager for rpms
@@ -66,23 +75,19 @@
         $_provider = 'apt'
         $_source = undef
       }
-    } else { # RPM platforms: EL and SUSE
+    } else { # RPM platforms: EL
       $_install_options = $install_options
       if $::puppet_agent::absolute_source {
-        # absolute_source means we use rpm on EL/suse based platforms
+        # absolute_source means we use rpm on EL based platforms
         $_package_version = $package_version
         $_provider = 'rpm'
         # The source package should have been downloaded by puppet_agent::prepare::package to the local_packages_dir
         $_source = "${::puppet_agent::params::local_packages_dir}/${::puppet_agent::prepare::package::package_file_name}"
       } else {
-        # any other type of source means we use a package manager (yum or zypper) with no 'source' parameter in the
+        # any other type of source means we use a package manager (yum) with no 'source' parameter in the
         # package resource below
         $_package_version = $package_version
-        if $::osfamily == 'suse' {
-          $_provider = 'zypper'
-        } else {
-          $_provider = 'yum'
-        }
+        $_provider = 'yum'
         $_source = undef
       }
     }

diff --git a/manifests/install/suse.pp b/manifests/install/suse.pp
@@ -0,0 +1,38 @@
+# == Class puppet_agent::install::suse
+#
+# Private class called from puppet_agent class
+#
+# Manage the install process for SUSE OSes specifically
+#
+class puppet_agent::install::suse(
+  $package_version,
+  $install_options = [],
+){
+  assert_private()
+
+  if ($::puppet_agent::absolute_source) or ($::operatingsystemmajrelease == '11' and $::puppet_agent::is_pe) {
+    $_provider = 'rpm'
+    $_source = "${::puppet_agent::params::local_packages_dir}/${::puppet_agent::prepare::package::package_file_name}"
+
+    exec { 'GPG check the RPM file':
+      path      => '/bin:/usr/bin:/sbin:/usr/sbin',
+      command   => "rpm -K ${_source}",
+      require   => File[$_source],
+      logoutput => 'on_failure',
+      notify    => Package[$::puppet_agent::package_name],
+    }
+  } else {
+    $_provider = 'zypper'
+    $_source = undef
+  }
+
+  $_aio_package_version = $package_version.match(/^\d+\.\d+\.\d+(\.\d+)?/)[0]
+  package { $::puppet_agent::package_name:
+    ensure          => $package_version,
+    install_options => $install_options,
+    provider        => $_provider,
+    source          => $_source,
+    notify          => Puppet_agent_end_run[$_aio_package_version],
+  }
+  puppet_agent_end_run { $_aio_package_version : }
+}
diff --git a/manifests/osfamily/redhat.pp b/manifests/osfamily/redhat.pp
@@ -75,17 +75,11 @@
       $_sslclientkey_path = undef
     }
 
-    # Fedora doesn't ship with a gpg binary, only gpg2
-    if $::operatingsystem == 'Fedora' {
-      $gpg_cmd = 'gpg2'
-    } else {
-      $gpg_cmd = 'gpg'
-    }
-
     $legacy_keyname = 'GPG-KEY-puppet'
     $legacy_gpg_path = "/etc/pki/rpm-gpg/RPM-${legacy_keyname}"
     $keyname = 'GPG-KEY-puppet-20250406'
     $gpg_path = "/etc/pki/rpm-gpg/RPM-${keyname}"
+    $gpg_homedir = '/root/.gnupg'
     $gpg_keys = "file://${legacy_gpg_path}
   file://${gpg_path}"
 
@@ -103,17 +97,6 @@
       source => "puppet:///modules/puppet_agent/${legacy_keyname}",
     }
 
-    # Given the path to a key, see if it is imported, if not, import it
-    $legacy_gpg_pubkey = "gpg-pubkey-$(echo $(${gpg_cmd} --with-colons ${legacy_gpg_path} 2>&1 | grep ^pub | awk -F ':' '{print \$5}' | cut --characters=9-16 | tr '[:upper:]' '[:lower:]'))"
-
-    exec {  "import-${legacy_keyname}":
-      path      => '/bin:/usr/bin:/sbin:/usr/sbin',
-      command   => "rpm --import ${legacy_gpg_path}",
-      unless    => "rpm -q ${legacy_gpg_pubkey}",
-      require   => File[$legacy_gpg_path],
-      logoutput => 'on_failure',
-    }
-
     file { $gpg_path:
       ensure => present,
       owner  => 0,
@@ -122,12 +105,22 @@
       source => "puppet:///modules/puppet_agent/${keyname}",
     }
 
-    # Given the path to a key, see if it is imported, if not, import it
-    $gpg_pubkey = "gpg-pubkey-$(echo $(${gpg_cmd} --with-colons ${gpg_path} 2>&1 | grep ^pub | awk -F ':' '{print \$5}' | cut --characters=9-16 | tr '[:upper:]' '[:lower:]'))"
-    exec {  "import-${keyname}":
+    file { "${::env_temp_variable}/rpm_gpg_import_check.sh":
+      ensure => file,
+      source => 'puppet:///modules/puppet_agent/rpm_gpg_import_check.sh',
+      mode   => '0755',
+    }
+    -> exec { "import-${legacy_keyname}":
+      path      => '/bin:/usr/bin:/sbin:/usr/sbin',
+      command   => "${::env_temp_variable}/rpm_gpg_import_check.sh import ${gpg_homedir} ${legacy_gpg_path}",
+      unless    => "${::env_temp_variable}/rpm_gpg_import_check.sh check ${gpg_homedir} ${legacy_gpg_path}",
+      require   => File[$legacy_gpg_path],
+      logoutput => 'on_failure',
+    }
+    -> exec { "import-${keyname}":
       path      => '/bin:/usr/bin:/sbin:/usr/sbin',
-      command   => "rpm --import ${gpg_path}",
-      unless    => "rpm -q ${gpg_pubkey}",
+      command   => "${::env_temp_variable}/rpm_gpg_import_check.sh import ${gpg_homedir} ${gpg_path}",
+      unless    => "${::env_temp_variable}/rpm_gpg_import_check.sh check ${gpg_homedir} ${gpg_path}",
       require   => File[$gpg_path],
       logoutput => 'on_failure',
     }